Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/34352e38392e3136342e302f32322d3232203d3e203438313132.roa
File:                     34352e38392e3136342e302f32322d3232203d3e203438313132.roa (raw, json)
Hash identifier:          8C/u8p7mAX/w+y5RZv6caR1poFfXzaGHtmlzpWICegw=
Subject key identifier:   41:ED:C1:DF:5F:70:BA:87:1F:C4:E2:BE:8B:5B:02:E5:9D:D6:30:72
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       7FE364C6D65A8FDD3E138D1C52A741455A811272
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/34352e38392e3136342e302f32322d3232203d3e203438313132.roa
Signing time:             Wed 27 Sep 2023 11:50:59 +0000
ROA not before:           Wed 27 Sep 2023 11:45:59 +0000
ROA not after:            Wed 25 Sep 2024 11:50:59 +0000
asID:                     48112
IP address blocks:        45.89.164.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:e3:64:c6:d6:5a:8f:dd:3e:13:8d:1c:52:a7:41:45:5a:81:12:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Sep 27 11:45:59 2023 GMT
            Not After : Sep 25 11:50:59 2024 GMT
        Subject: CN=41EDC1DF5F70BA871FC4E2BE8B5B02E59DD63072
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:03:f9:c1:b5:1d:0f:bd:4a:ed:c3:18:de:dd:
                    ca:25:76:cb:71:a9:1d:6c:16:38:a8:e7:71:38:50:
                    0b:e9:cc:bf:b7:38:46:0c:cd:5d:f1:8a:d8:99:db:
                    6c:2d:27:33:a6:c7:f6:a2:a5:1f:34:5f:ee:5b:f6:
                    84:dd:50:4e:5d:95:2e:d2:42:24:a6:24:64:27:09:
                    c1:dd:31:09:e5:ab:db:55:a5:56:b4:8f:9a:a9:0b:
                    40:b7:63:9c:0b:2a:fc:fb:62:0b:d8:4b:ca:7b:08:
                    63:bb:15:56:66:03:93:ac:6f:a9:66:80:b0:9e:5d:
                    17:0f:a5:05:8c:57:c7:c6:d2:a8:73:76:b7:bf:36:
                    01:cd:6f:98:f3:3c:3b:ae:a0:8d:bc:19:1b:ad:38:
                    69:3e:41:5d:1a:fd:b4:1a:01:5d:a3:c8:fe:21:83:
                    0e:ff:0d:87:3c:c0:2a:aa:07:52:88:02:ef:26:3a:
                    d6:e0:52:2f:3d:fe:ed:ee:82:46:30:bf:88:9c:ca:
                    d3:3f:43:22:68:7c:1a:d9:db:43:60:77:5d:1c:1a:
                    24:40:4d:9c:c0:cb:78:cb:e4:63:ce:9b:57:28:e4:
                    de:ab:0d:3c:ba:eb:c4:30:fe:6b:98:b3:a9:a5:02:
                    a6:e2:ac:e4:42:71:e4:5b:c1:05:d4:64:af:e5:c0:
                    ca:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:ED:C1:DF:5F:70:BA:87:1F:C4:E2:BE:8B:5B:02:E5:9D:D6:30:72
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/34352e38392e3136342e302f32322d3232203d3e203438313132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         42:fd:61:a6:45:1f:b7:13:f3:7c:c5:8d:ce:99:d0:9f:a4:0d:
         19:00:c7:ee:ad:50:aa:92:6c:38:f5:58:68:86:84:15:8b:a9:
         f8:95:aa:0b:65:d2:f6:6a:7a:46:5e:61:70:d1:30:35:0e:5e:
         33:a8:29:7e:67:0b:f5:b2:8f:70:1e:03:ba:e6:e2:94:09:c8:
         15:fc:63:f8:c0:85:c4:84:90:ae:f2:cf:72:2c:35:48:40:4e:
         b1:91:bf:42:7d:1b:b5:38:84:c2:09:59:33:bf:69:20:3e:82:
         8b:4f:aa:bd:e4:b4:a1:51:16:4d:21:35:b2:b2:3c:36:fb:25:
         88:59:1b:5b:46:23:1f:f5:18:34:ba:09:6c:3d:42:db:47:15:
         9a:da:c4:3e:29:b1:a6:b4:a4:3b:14:37:08:cd:49:77:9d:eb:
         3b:85:70:8d:0b:f9:1d:2f:a9:f9:75:5a:dd:b2:51:04:11:19:
         7f:24:cd:50:20:a5:ad:fb:b9:6d:a6:c8:83:6c:e0:95:65:b0:
         be:f5:d5:40:56:d3:04:6c:9e:14:b2:3f:52:a3:27:30:e4:8b:
         43:b3:77:c5:a6:f2:6d:80:ef:97:0d:bf:3f:28:44:6c:0f:53:
         54:d1:15:1f:dd:e9:31:97:b8:12:9f:f9:62:fd:e0:cb:80:45:
         21:26:72:c2
-----BEGIN CERTIFICATE-----
MIIExjCCA66gAwIBAgIUf+NkxtZaj90+E40cUqdBRVqBEnIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yMzA5MjcxMTQ1NTlaFw0yNDA5MjUxMTUwNTlaMDMxMTAvBgNV
BAMTKDQxRURDMURGNUY3MEJBODcxRkM0RTJCRThCNUIwMkU1OURENjMwNzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDsA/nBtR0PvUrtwxje3coldstx
qR1sFjio53E4UAvpzL+3OEYMzV3xitiZ22wtJzOmx/aipR80X+5b9oTdUE5dlS7S
QiSmJGQnCcHdMQnlq9tVpVa0j5qpC0C3Y5wLKvz7YgvYS8p7CGO7FVZmA5Osb6lm
gLCeXRcPpQWMV8fG0qhzdre/NgHNb5jzPDuuoI28GRutOGk+QV0a/bQaAV2jyP4h
gw7/DYc8wCqqB1KIAu8mOtbgUi89/u3ugkYwv4icytM/QyJofBrZ20Ngd10cGiRA
TZzAy3jL5GPOm1co5N6rDTy668Qw/muYs6mlAqbirORCceRbwQXUZK/lwMr/AgMB
AAGjggHQMIIBzDAdBgNVHQ4EFgQUQe3B319wuocfxOK+i1sC5Z3WMHIwHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIwdwYIKwYBBQUHAQsEazBpMGcGCCsGAQUFBzALhltyc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzM0MzUyZTM4MzkyZTMxMzYzNDJlMzAyZjMyMzIy
ZDMyMzIyMDNkM2UyMDM0MzgzMTMxMzIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAItWaQwDQYJKoZIhvcN
AQELBQADggEBAEL9YaZFH7cT83zFjc6Z0J+kDRkAx+6tUKqSbDj1WGiGhBWLqfiV
qgtl0vZqekZeYXDRMDUOXjOoKX5nC/Wyj3AeA7rm4pQJyBX8Y/jAhcSEkK7yz3Is
NUhATrGRv0J9G7U4hMIJWTO/aSA+gotPqr3ktKFRFk0hNbKyPDb7JYhZG1tGIx/1
GDS6CWw9QttHFZraxD4psaa0pDsUNwjNSXed6zuFcI0L+R0vqfl1Wt2yUQQRGX8k
zVAgpa37uW2myINs4JVlsL711UBW0wRsnhSyP1KjJzDki0Ozd8Wm8m2A75cNvz8o
RGwPU1TRFR/d6TGXuBKf+WL94MuARSEmcsI=
-----END CERTIFICATE-----