Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/326130633a343230303a3a2f32392d3239203d3e203438313132.roa
File:                     326130633a343230303a3a2f32392d3239203d3e203438313132.roa (raw, json)
Hash identifier:          vmwjzotJHc0iNMmBvnIWhWmps0AgjLkmxffKKpsX8MU=
Subject key identifier:   41:8E:2D:E5:70:F1:70:09:B7:94:A1:2D:4F:F9:46:41:A7:03:D8:61
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       2A84B10B892ECA36F4D9F5D9EE234FC73A7E77C0
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/326130633a343230303a3a2f32392d3239203d3e203438313132.roa
Signing time:             Wed 27 Sep 2023 11:50:58 +0000
ROA not before:           Wed 27 Sep 2023 11:45:58 +0000
ROA not after:            Wed 25 Sep 2024 11:50:58 +0000
asID:                     48112
IP address blocks:        2a0c:4200::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 16:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:84:b1:0b:89:2e:ca:36:f4:d9:f5:d9:ee:23:4f:c7:3a:7e:77:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Sep 27 11:45:58 2023 GMT
            Not After : Sep 25 11:50:58 2024 GMT
        Subject: CN=418E2DE570F17009B794A12D4FF94641A703D861
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:57:ca:8c:de:22:ab:e7:ff:1d:77:af:6d:7e:
                    b7:b0:cc:77:14:65:ac:d9:8c:22:88:2e:a3:97:d3:
                    12:10:58:ff:1c:9f:18:e6:56:89:d3:f4:1b:2d:ee:
                    81:93:6b:fd:19:22:34:29:8a:e6:6a:05:88:67:51:
                    54:77:3b:8b:88:cb:8e:77:e5:c1:41:13:78:55:9b:
                    91:9b:80:9f:36:8d:c5:25:32:26:9b:8e:13:65:b0:
                    cb:8b:4c:7e:84:7d:02:66:03:25:ba:a2:a0:f7:b4:
                    02:84:ce:3c:2f:72:94:8b:13:e1:1a:a9:67:d6:d7:
                    2d:ad:52:74:50:17:51:b2:f3:0a:af:7b:33:07:43:
                    7c:db:86:38:0c:e5:05:6f:bf:27:67:94:a0:10:8d:
                    52:34:99:9a:6d:6c:f2:36:d2:f5:25:0f:e2:b0:28:
                    c8:de:d8:d3:10:59:eb:fa:0a:8e:bb:b4:4b:2d:a4:
                    0c:59:3f:f5:66:47:32:82:0e:de:ec:56:1f:fe:bb:
                    ef:29:f1:4d:20:43:a1:cd:41:c8:a0:aa:6c:4b:ec:
                    42:05:ef:df:a5:46:d0:b9:64:8a:27:08:6c:64:42:
                    ab:2f:bf:4a:0d:4f:36:fe:9d:4e:40:67:d1:ba:5a:
                    9e:26:24:a9:25:7f:1e:c7:18:6e:bb:86:c9:be:6a:
                    d2:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:8E:2D:E5:70:F1:70:09:B7:94:A1:2D:4F:F9:46:41:A7:03:D8:61
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/326130633a343230303a3a2f32392d3239203d3e203438313132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:4200::/29

    Signature Algorithm: sha256WithRSAEncryption
         74:8d:cc:08:27:b9:68:a7:72:32:cb:04:47:f0:a4:d5:dc:7e:
         7f:d6:9f:28:73:a8:80:25:97:9e:d4:9f:66:f0:55:c0:b1:19:
         73:85:e9:79:84:3f:24:da:3b:9b:cb:c4:db:d4:d8:17:2e:29:
         b9:0d:72:52:90:4f:25:27:4b:c5:0c:01:f8:69:f4:19:76:68:
         fd:85:e0:74:c6:8d:41:bd:95:fe:57:76:30:c4:cf:be:2d:06:
         4a:03:45:db:14:fa:d8:e5:d9:89:15:1c:ce:42:9d:87:af:16:
         78:01:01:d6:6a:c8:05:63:cf:9b:a5:fa:13:ed:73:59:0e:da:
         03:b8:30:88:d4:09:b1:d1:d2:ab:b2:c2:0f:41:53:6c:f8:bd:
         8e:11:aa:3d:fc:f9:72:36:0d:7b:af:26:9f:83:72:89:ad:1c:
         66:96:29:d1:cc:f9:02:56:46:61:93:5d:bb:fb:bf:f4:23:3a:
         c4:58:1f:92:27:ca:89:c9:c5:b5:3a:43:2d:15:ac:50:10:dd:
         87:c7:b9:7e:46:a5:94:86:58:fb:30:36:61:98:aa:b7:08:72:
         43:4f:5d:82:ba:11:d5:1a:2a:8c:d2:bd:fd:6b:21:e7:9f:04:
         f9:d6:17:e1:8a:11:cf:c3:86:6e:f1:ce:ea:62:05:3e:4a:59:
         b7:83:04:5b
-----BEGIN CERTIFICATE-----
MIIExzCCA6+gAwIBAgIUKoSxC4kuyjb02fXZ7iNPxzp+d8AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yMzA5MjcxMTQ1NThaFw0yNDA5MjUxMTUwNThaMDMxMTAvBgNV
BAMTKDQxOEUyREU1NzBGMTcwMDlCNzk0QTEyRDRGRjk0NjQxQTcwM0Q4NjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvV8qM3iKr5/8dd69tfrewzHcU
ZazZjCKILqOX0xIQWP8cnxjmVonT9Bst7oGTa/0ZIjQpiuZqBYhnUVR3O4uIy453
5cFBE3hVm5GbgJ82jcUlMiabjhNlsMuLTH6EfQJmAyW6oqD3tAKEzjwvcpSLE+Ea
qWfW1y2tUnRQF1Gy8wqvezMHQ3zbhjgM5QVvvydnlKAQjVI0mZptbPI20vUlD+Kw
KMje2NMQWev6Co67tEstpAxZP/VmRzKCDt7sVh/+u+8p8U0gQ6HNQcigqmxL7EIF
79+lRtC5ZIonCGxkQqsvv0oNTzb+nU5AZ9G6Wp4mJKklfx7HGG67hsm+atIDAgMB
AAGjggHRMIIBzTAdBgNVHQ4EFgQUQY4t5XDxcAm3lKEtT/lGQacD2GEwHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIwdwYIKwYBBQUHAQsEazBpMGcGCCsGAQUFBzALhltyc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzMyNjEzMDYzM2EzNDMyMzAzMDNhM2EyZjMyMzky
ZDMyMzkyMDNkM2UyMDM0MzgzMTMxMzIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQMqDEIAMA0GCSqGSIb3
DQEBCwUAA4IBAQB0jcwIJ7lop3IyywRH8KTV3H5/1p8oc6iAJZee1J9m8FXAsRlz
hel5hD8k2juby8Tb1NgXLim5DXJSkE8lJ0vFDAH4afQZdmj9heB0xo1BvZX+V3Yw
xM++LQZKA0XbFPrY5dmJFRzOQp2HrxZ4AQHWasgFY8+bpfoT7XNZDtoDuDCI1Amx
0dKrssIPQVNs+L2OEao9/PlyNg17ryafg3KJrRxmlinRzPkCVkZhk127+7/0IzrE
WB+SJ8qJycW1OkMtFaxQEN2Hx7l+RqWUhlj7MDZhmKq3CHJDT12CuhHVGiqM0r39
ayHnnwT51hfhihHPw4Zu8c7qYgU+Slm3gwRb
-----END CERTIFICATE-----