Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/34352e38392e3136342e302f32322d3232203d3e203438313132.roa
File:                     34352e38392e3136342e302f32322d3232203d3e203438313132.roa (raw, json)
Hash identifier:          k/LWfEDgYDZTBmIto7PYvCVb2ihFOtgM4OFXtqUqogI=
Subject key identifier:   58:EB:47:A7:90:09:05:F1:4C:EB:83:80:8C:75:22:A7:51:E8:96:D1
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       09B59D3249CD72ECBE6245A6BBFE53867F2A74C7
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/34352e38392e3136342e302f32322d3232203d3e203438313132.roa
Signing time:             Wed 30 Jul 2025 12:37:46 +0000
ROA not before:           Wed 30 Jul 2025 12:32:46 +0000
ROA not after:            Wed 29 Jul 2026 12:37:46 +0000
asID:                     48112
IP address blocks:        45.89.164.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 31 Jul 2025 12:59:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:b5:9d:32:49:cd:72:ec:be:62:45:a6:bb:fe:53:86:7f:2a:74:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Jul 30 12:32:46 2025 GMT
            Not After : Jul 29 12:37:46 2026 GMT
        Subject: CN=58EB47A7900905F14CEB83808C7522A751E896D1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:cc:ea:02:62:39:9c:69:64:b8:90:ae:05:91:
                    7e:32:12:29:e0:78:b8:6b:df:e0:22:67:ae:45:ff:
                    6b:9d:a1:ce:ee:db:fd:f7:c4:8f:0e:85:c9:ad:5b:
                    45:7b:1a:87:af:21:76:b0:fb:bc:29:08:61:37:f3:
                    b8:64:b5:b6:c0:29:be:5d:de:43:c2:b3:fd:3e:50:
                    bc:ef:fb:9d:3f:10:6c:1a:f1:c8:7c:5e:93:83:6a:
                    44:06:37:49:1b:3e:02:8e:5f:b6:97:47:59:3b:e7:
                    21:a2:db:ba:22:b8:c0:92:74:06:29:94:2c:27:9f:
                    84:91:dc:6b:2c:13:80:9e:ae:1d:2b:98:ee:a5:2d:
                    a9:6c:15:73:a7:5a:3a:eb:a3:92:f0:0a:18:bb:a5:
                    ff:f5:a4:ae:3b:0f:4f:35:28:a7:a0:7e:f2:ea:dd:
                    8b:41:1f:91:e6:61:73:1f:d4:3a:30:2e:55:20:c4:
                    33:31:6a:0f:00:b9:92:e0:36:40:8e:92:87:e9:2c:
                    af:04:47:72:f5:2c:88:9b:05:34:4f:f1:cd:e1:5b:
                    2b:4f:84:66:e0:a4:17:a2:9d:7a:21:13:8c:38:36:
                    8a:2c:1c:5b:48:4c:47:25:95:c9:b4:e3:53:d7:db:
                    5d:5c:8c:26:b3:d9:9e:cc:d8:95:c8:d6:7b:e6:ac:
                    c1:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:EB:47:A7:90:09:05:F1:4C:EB:83:80:8C:75:22:A7:51:E8:96:D1
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/34352e38392e3136342e302f32322d3232203d3e203438313132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bc:50:37:99:41:d5:bf:d8:5f:55:31:bd:f1:b1:2b:44:8b:d2:
         8c:2b:68:65:56:6a:88:d8:23:47:cb:24:da:24:87:47:32:95:
         ad:d9:ee:65:c6:3e:ee:bf:3e:3c:30:65:af:e9:7f:fe:92:91:
         8d:e3:dd:89:e3:47:55:33:83:71:cb:2c:f4:07:9a:2e:9b:1b:
         2a:df:52:28:95:4c:09:f2:6b:18:df:cc:2d:44:87:c0:36:4f:
         ea:e8:ec:dd:c2:88:54:58:9f:21:ba:c5:2e:3f:d7:53:f4:b4:
         e2:a7:25:90:98:ef:ea:83:4a:fa:63:a0:02:69:9a:f7:c2:48:
         ca:cd:b9:fe:8f:0e:3c:57:fc:76:69:bd:37:c9:62:a5:58:22:
         94:f5:f3:b9:db:22:48:94:43:fd:d0:e4:3f:e1:97:97:ac:c0:
         5d:44:89:8b:1e:55:be:52:c0:cc:54:99:8f:bb:ec:6e:c8:53:
         18:6f:40:68:ca:f2:43:08:4c:95:5f:e1:14:46:5e:a2:5e:84:
         4c:9b:37:c0:75:44:42:b0:92:8e:db:dc:19:9e:2e:f1:34:2e:
         4b:ca:83:12:1b:d0:78:27:c7:cb:f0:5a:5d:85:ef:65:c5:26:
         24:e0:7b:8d:97:83:a0:d3:b6:85:bc:30:cf:f0:d2:de:90:4a:
         46:bf:be:64
-----BEGIN CERTIFICATE-----
MIIExjCCA66gAwIBAgIUCbWdMknNcuy+YkWmu/5Thn8qdMcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yNTA3MzAxMjMyNDZaFw0yNjA3MjkxMjM3NDZaMDMxMTAvBgNV
BAMTKDU4RUI0N0E3OTAwOTA1RjE0Q0VCODM4MDhDNzUyMkE3NTFFODk2RDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDezOoCYjmcaWS4kK4FkX4yEing
eLhr3+AiZ65F/2udoc7u2/33xI8OhcmtW0V7GoevIXaw+7wpCGE387hktbbAKb5d
3kPCs/0+ULzv+50/EGwa8ch8XpODakQGN0kbPgKOX7aXR1k75yGi27oiuMCSdAYp
lCwnn4SR3GssE4Cerh0rmO6lLalsFXOnWjrro5LwChi7pf/1pK47D081KKegfvLq
3YtBH5HmYXMf1DowLlUgxDMxag8AuZLgNkCOkofpLK8ER3L1LIibBTRP8c3hWytP
hGbgpBeinXohE4w4NoosHFtITEcllcm041PX211cjCaz2Z7M2JXI1nvmrME9AgMB
AAGjggHQMIIBzDAdBgNVHQ4EFgQUWOtHp5AJBfFM64OAjHUip1HoltEwHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIwdwYIKwYBBQUHAQsEazBpMGcGCCsGAQUFBzALhltyc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzM0MzUyZTM4MzkyZTMxMzYzNDJlMzAyZjMyMzIy
ZDMyMzIyMDNkM2UyMDM0MzgzMTMxMzIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAItWaQwDQYJKoZIhvcN
AQELBQADggEBALxQN5lB1b/YX1UxvfGxK0SL0owraGVWaojYI0fLJNokh0cyla3Z
7mXGPu6/PjwwZa/pf/6SkY3j3YnjR1Uzg3HLLPQHmi6bGyrfUiiVTAnyaxjfzC1E
h8A2T+ro7N3CiFRYnyG6xS4/11P0tOKnJZCY7+qDSvpjoAJpmvfCSMrNuf6PDjxX
/HZpvTfJYqVYIpT187nbIkiUQ/3Q5D/hl5eswF1EiYseVb5SwMxUmY+77G7IUxhv
QGjK8kMITJVf4RRGXqJehEybN8B1REKwko7b3BmeLvE0LkvKgxIb0Hgnx8vwWl2F
72XFJiTge42Xg6DTtoW8MM/w0t6QSka/vmQ=
-----END CERTIFICATE-----