Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/326130633a343230303a3a2f32392d3239203d3e203438313132.roa
File:                     326130633a343230303a3a2f32392d3239203d3e203438313132.roa (raw, json)
Hash identifier:          hZ+HWTt2nCm6KPjVX4X6alwir4pwXHOmIZ6h/6hNgDc=
Subject key identifier:   E2:0B:E4:A5:F1:88:7D:1B:C2:53:A1:08:32:33:20:EB:F6:E7:CB:38
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       7F6DBC2AA82C05EDF9399799E8DEA22226F8F6FC
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/326130633a343230303a3a2f32392d3239203d3e203438313132.roa
Signing time:             Wed 30 Jul 2025 12:37:45 +0000
ROA not before:           Wed 30 Jul 2025 12:32:45 +0000
ROA not after:            Wed 29 Jul 2026 12:37:45 +0000
asID:                     48112
IP address blocks:        2a0c:4200::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 31 Jul 2025 12:59:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:6d:bc:2a:a8:2c:05:ed:f9:39:97:99:e8:de:a2:22:26:f8:f6:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Jul 30 12:32:45 2025 GMT
            Not After : Jul 29 12:37:45 2026 GMT
        Subject: CN=E20BE4A5F1887D1BC253A108323320EBF6E7CB38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:d6:15:97:cd:20:73:b0:10:74:06:1f:86:4a:
                    98:f7:73:28:9f:4f:8c:fb:d6:11:02:5f:2a:b5:f7:
                    0d:b6:27:73:e0:8d:6d:3a:00:c2:af:73:6c:64:a2:
                    f9:06:10:51:61:f8:37:dc:3a:bc:60:72:23:08:b7:
                    01:13:ab:79:0a:f2:70:73:45:f8:4e:92:33:8d:ca:
                    0d:dc:9c:c6:3c:b1:83:5d:e2:41:33:af:cd:49:d7:
                    4b:0d:21:9d:6c:e5:c4:f1:a4:49:e9:e5:23:98:c0:
                    c3:69:aa:42:a7:d0:8a:b4:e7:a6:33:c2:99:6f:e9:
                    5e:f2:2b:1e:41:43:cf:72:7d:8f:0e:9c:97:1f:6a:
                    42:6f:c8:9a:c7:07:29:46:1a:e6:9f:66:d9:04:bd:
                    87:fa:b7:23:a0:ee:8f:92:48:d2:73:24:ba:7b:bd:
                    91:6b:0f:be:29:73:f8:ec:35:25:85:f1:33:26:1c:
                    5b:f0:68:94:20:ab:e1:fb:c1:b2:3c:b3:99:f8:81:
                    c8:5a:18:c3:ed:67:a4:b1:62:89:06:3f:89:1b:75:
                    d3:b7:3a:8c:8a:3d:24:d1:80:cd:d0:fc:6c:15:e8:
                    e0:03:8a:e3:9b:a0:a0:fa:0e:d8:8d:71:a5:9a:8b:
                    16:da:2b:a9:90:89:a5:68:c7:f4:d9:ca:95:9d:66:
                    22:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:0B:E4:A5:F1:88:7D:1B:C2:53:A1:08:32:33:20:EB:F6:E7:CB:38
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/326130633a343230303a3a2f32392d3239203d3e203438313132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:4200::/29

    Signature Algorithm: sha256WithRSAEncryption
         1f:9c:ca:2f:46:fb:5c:52:0b:29:41:85:4d:d1:1d:a5:6d:44:
         f0:a6:fa:83:f2:71:88:4b:eb:02:65:9a:f1:dc:c9:a6:cc:47:
         b0:6f:d1:33:28:0c:01:c4:d2:68:a5:30:da:5c:2c:79:64:75:
         e4:f2:05:e0:ab:e6:f9:8c:ef:47:de:ad:ae:d7:91:59:5a:e4:
         9d:cd:ac:16:3b:70:8c:24:68:87:c4:f3:2b:e9:80:8a:6d:50:
         8f:91:05:89:2f:ef:b0:15:27:3b:53:e7:64:c5:d6:55:cc:d1:
         a9:73:59:76:2b:65:2c:5b:72:77:e3:41:ce:65:5c:35:fb:9e:
         23:2b:09:29:51:97:7d:5f:ac:35:7a:0d:f6:f3:d4:70:6b:bd:
         2c:0b:ef:d7:2a:6a:c8:58:b6:48:74:b6:e7:53:c7:03:24:40:
         c0:fa:c2:22:bf:40:b1:97:13:70:65:a1:31:30:92:37:14:fc:
         09:f9:e6:bd:e9:fe:ca:4d:76:c8:1c:02:8f:96:9a:8e:01:aa:
         2e:7b:07:f3:54:bb:97:52:4f:65:4d:29:7c:ef:ee:9e:75:3f:
         92:00:ef:33:04:17:89:3b:49:f0:c8:36:45:c5:b6:81:21:48:
         eb:97:d1:04:98:ee:59:06:57:fa:c7:3a:80:5a:70:4d:7e:63:
         56:c7:d2:2a
-----BEGIN CERTIFICATE-----
MIIExzCCA6+gAwIBAgIUf228KqgsBe35OZeZ6N6iIib49vwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yNTA3MzAxMjMyNDVaFw0yNjA3MjkxMjM3NDVaMDMxMTAvBgNV
BAMTKEUyMEJFNEE1RjE4ODdEMUJDMjUzQTEwODMyMzMyMEVCRjZFN0NCMzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDf1hWXzSBzsBB0Bh+GSpj3cyif
T4z71hECXyq19w22J3PgjW06AMKvc2xkovkGEFFh+DfcOrxgciMItwETq3kK8nBz
RfhOkjONyg3cnMY8sYNd4kEzr81J10sNIZ1s5cTxpEnp5SOYwMNpqkKn0Iq056Yz
wplv6V7yKx5BQ89yfY8OnJcfakJvyJrHBylGGuafZtkEvYf6tyOg7o+SSNJzJLp7
vZFrD74pc/jsNSWF8TMmHFvwaJQgq+H7wbI8s5n4gchaGMPtZ6SxYokGP4kbddO3
OoyKPSTRgM3Q/GwV6OADiuOboKD6DtiNcaWaixbaK6mQiaVox/TZypWdZiKhAgMB
AAGjggHRMIIBzTAdBgNVHQ4EFgQU4gvkpfGIfRvCU6EIMjMg6/bnyzgwHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIwdwYIKwYBBQUHAQsEazBpMGcGCCsGAQUFBzALhltyc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzMyNjEzMDYzM2EzNDMyMzAzMDNhM2EyZjMyMzky
ZDMyMzkyMDNkM2UyMDM0MzgzMTMxMzIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQMqDEIAMA0GCSqGSIb3
DQEBCwUAA4IBAQAfnMovRvtcUgspQYVN0R2lbUTwpvqD8nGIS+sCZZrx3MmmzEew
b9EzKAwBxNJopTDaXCx5ZHXk8gXgq+b5jO9H3q2u15FZWuSdzawWO3CMJGiHxPMr
6YCKbVCPkQWJL++wFSc7U+dkxdZVzNGpc1l2K2UsW3J340HOZVw1+54jKwkpUZd9
X6w1eg3289Rwa70sC+/XKmrIWLZIdLbnU8cDJEDA+sIiv0CxlxNwZaExMJI3FPwJ
+ea96f7KTXbIHAKPlpqOAaouewfzVLuXUk9lTSl87+6edT+SAO8zBBeJO0nwyDZF
xbaBIUjrl9EEmO5ZBlf6xzqAWnBNfmNWx9Iq
-----END CERTIFICATE-----