Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/39312e3230372e3132302e302f32332d3233203d3e203438313132.roa
File:                     39312e3230372e3132302e302f32332d3233203d3e203438313132.roa (raw, json)
Hash identifier:          /ULtm+bpPrX3t1lCi06uQOq99MI5UPbzc1P4qY7sS+o=
Subject key identifier:   08:38:FD:4E:4C:5C:AE:96:62:F6:BB:1A:A6:D7:49:A8:C6:34:DD:8F
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       263BE04F171592798ED93B96C218A3A3ED25F90F
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/39312e3230372e3132302e302f32332d3233203d3e203438313132.roa
Signing time:             Wed 30 Jul 2025 12:37:46 +0000
ROA not before:           Wed 30 Jul 2025 12:32:46 +0000
ROA not after:            Wed 29 Jul 2026 12:37:46 +0000
asID:                     48112
IP address blocks:        91.207.120.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 31 Jul 2025 12:59:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:3b:e0:4f:17:15:92:79:8e:d9:3b:96:c2:18:a3:a3:ed:25:f9:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Jul 30 12:32:46 2025 GMT
            Not After : Jul 29 12:37:46 2026 GMT
        Subject: CN=0838FD4E4C5CAE9662F6BB1AA6D749A8C634DD8F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:da:2a:eb:58:c6:b8:a6:01:78:44:79:b9:ee:
                    64:67:28:4a:5d:5b:f6:b8:cb:d1:2c:11:1d:ce:65:
                    af:d0:21:b3:c9:64:b1:41:55:1f:5a:ea:2b:e5:c9:
                    c2:b7:88:43:18:83:f3:c8:d4:ba:d5:9a:18:3b:ee:
                    2c:88:26:de:c6:df:ee:67:3d:48:40:ec:21:24:fa:
                    a2:94:ab:cf:01:c2:6e:d5:c4:f9:c2:b4:54:39:71:
                    70:ed:80:b0:d3:66:39:50:50:37:c7:17:4d:25:6a:
                    d7:6a:0c:97:72:fc:41:5e:31:b1:c6:ad:73:94:23:
                    25:2c:b6:a9:16:2d:d0:9a:e8:61:50:8a:c4:f0:c9:
                    b3:b1:ec:99:7c:4c:ba:a7:41:31:cd:81:c4:50:38:
                    bf:1d:b2:c5:3c:3d:f5:de:28:3c:28:33:f3:7e:92:
                    45:04:68:05:f6:db:3a:68:43:5a:ca:1c:13:e8:aa:
                    ea:39:b6:e1:68:b9:b3:ac:6f:8d:d2:80:b1:54:ef:
                    83:c6:dd:75:28:1a:02:11:fb:0e:ac:70:b0:f9:35:
                    80:f4:b3:03:2e:7d:aa:2e:26:67:73:a4:80:11:21:
                    8d:0b:20:10:c2:a6:7a:ac:17:22:ed:7f:17:e3:ae:
                    8d:e2:9f:72:85:fb:42:b9:1b:c9:c5:b3:e7:63:89:
                    ec:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:38:FD:4E:4C:5C:AE:96:62:F6:BB:1A:A6:D7:49:A8:C6:34:DD:8F
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/39312e3230372e3132302e302f32332d3233203d3e203438313132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.120.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b2:45:16:58:00:1f:42:8e:78:97:45:6a:8b:4b:67:f4:5e:2c:
         07:db:d1:a4:36:1a:89:79:ca:b8:19:78:15:10:45:64:d7:f4:
         40:3b:bd:e0:81:c5:10:18:66:73:81:d2:2e:7b:6d:55:a2:7f:
         cf:ab:4a:8c:a3:2e:67:33:a4:7b:06:e9:bb:9d:fe:2c:40:a5:
         37:08:5a:1a:49:06:ab:0d:c5:02:21:6a:45:6d:7f:5f:a6:75:
         fb:5b:b3:c3:a4:fc:af:c8:68:e5:4f:81:5b:f8:0a:b3:dd:d3:
         24:b8:18:4e:1b:af:7c:08:fc:c7:5b:e7:ca:ea:e6:2e:cf:cd:
         e9:e2:99:dd:0b:fb:7a:bf:17:ad:f6:9a:a3:80:df:3d:35:e2:
         e7:9d:e4:f7:58:c5:0c:55:11:53:a6:f3:8e:60:f4:ba:ca:30:
         88:71:e2:6d:e4:a1:df:a0:73:ca:60:cb:39:c6:5f:c8:60:13:
         b8:4c:17:7f:13:2d:1b:ab:a5:b6:d9:b6:68:04:22:2e:78:92:
         a2:35:05:a7:bd:81:1c:9c:38:a7:8f:18:84:83:6a:c7:f9:30:
         6e:09:da:26:b0:e3:24:7a:71:93:56:17:27:16:6c:08:97:dd:
         84:4d:ed:db:2d:9d:c1:9a:a3:9a:a7:fc:b6:87:47:b2:37:2e:
         05:b8:af:f1
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUJjvgTxcVknmO2TuWwhijo+0l+Q8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yNTA3MzAxMjMyNDZaFw0yNjA3MjkxMjM3NDZaMDMxMTAvBgNV
BAMTKDA4MzhGRDRFNEM1Q0FFOTY2MkY2QkIxQUE2RDc0OUE4QzYzNEREOEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC92irrWMa4pgF4RHm57mRnKEpd
W/a4y9EsER3OZa/QIbPJZLFBVR9a6ivlycK3iEMYg/PI1LrVmhg77iyIJt7G3+5n
PUhA7CEk+qKUq88Bwm7VxPnCtFQ5cXDtgLDTZjlQUDfHF00latdqDJdy/EFeMbHG
rXOUIyUstqkWLdCa6GFQisTwybOx7Jl8TLqnQTHNgcRQOL8dssU8PfXeKDwoM/N+
kkUEaAX22zpoQ1rKHBPoquo5tuFoubOsb43SgLFU74PG3XUoGgIR+w6scLD5NYD0
swMufaouJmdzpIARIY0LIBDCpnqsFyLtfxfjro3in3KF+0K5G8nFs+djiewDAgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQUCDj9TkxcrpZi9rsaptdJqMY03Y8wHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzM5MzEyZTMyMzAzNzJlMzEzMjMwMmUzMDJmMzIz
MzJkMzIzMzIwM2QzZTIwMzQzODMxMzEzMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAVvPeDANBgkqhkiG
9w0BAQsFAAOCAQEAskUWWAAfQo54l0Vqi0tn9F4sB9vRpDYaiXnKuBl4FRBFZNf0
QDu94IHFEBhmc4HSLnttVaJ/z6tKjKMuZzOkewbpu53+LEClNwhaGkkGqw3FAiFq
RW1/X6Z1+1uzw6T8r8ho5U+BW/gKs93TJLgYThuvfAj8x1vnyurmLs/N6eKZ3Qv7
er8Xrfaao4DfPTXi553k91jFDFURU6bzjmD0usowiHHibeSh36BzymDLOcZfyGAT
uEwXfxMtG6ulttm2aAQiLniSojUFp72BHJw4p48YhINqx/kwbgnaJrDjJHpxk1YX
JxZsCJfdhE3t2y2dwZqjmqf8todHsjcuBbiv8Q==
-----END CERTIFICATE-----