Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/39312e3230372e3132302e302f32342d3234203d3e203537393834.roa
File:                     39312e3230372e3132302e302f32342d3234203d3e203537393834.roa (raw, json)
Hash identifier:          T7cnU6dIHnE9Qt1SeZ7aYPvLFEvwoqKgfqXZr/6X0Nc=
Subject key identifier:   E8:52:5D:E5:60:9D:A5:11:25:09:DD:21:F3:60:84:82:8C:47:61:60
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       4011726A64D309D94BA17F2DD64065B84F55E897
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/39312e3230372e3132302e302f32342d3234203d3e203537393834.roa
Signing time:             Wed 27 Sep 2023 11:50:57 +0000
ROA not before:           Wed 27 Sep 2023 11:45:57 +0000
ROA not after:            Wed 25 Sep 2024 11:50:57 +0000
asID:                     57984
IP address blocks:        91.207.120.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:11:72:6a:64:d3:09:d9:4b:a1:7f:2d:d6:40:65:b8:4f:55:e8:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Sep 27 11:45:57 2023 GMT
            Not After : Sep 25 11:50:57 2024 GMT
        Subject: CN=E8525DE5609DA5112509DD21F36084828C476160
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:39:69:50:cb:18:1e:eb:b9:77:22:a7:92:60:
                    34:63:4b:48:33:ae:9f:52:81:d1:cf:f8:fe:6d:42:
                    45:64:e0:32:2c:02:40:65:16:e2:e9:ff:e8:20:ca:
                    8a:f2:bc:3a:11:1f:68:3b:52:e9:25:42:23:a6:a4:
                    56:96:a1:e5:bc:6f:66:ca:fb:a1:e9:65:f8:15:27:
                    54:52:9d:37:29:9d:5a:68:71:06:ab:cb:3d:0b:57:
                    ba:60:f2:fe:10:75:a6:3c:dd:d5:50:47:ab:77:b6:
                    27:1b:a1:e0:35:e8:d9:91:35:cc:2a:a8:c7:13:8e:
                    2c:77:f4:f9:9b:29:81:bd:17:62:27:c3:32:53:67:
                    b5:fd:0d:08:04:66:68:ba:35:82:a0:29:57:c0:3d:
                    c7:28:49:ed:27:02:26:41:ba:ff:d7:1a:d4:a4:97:
                    75:50:1b:bf:c8:72:d6:c7:21:04:4d:fd:16:83:c2:
                    5d:09:c6:13:f2:7d:01:eb:52:c4:42:fd:43:ed:96:
                    1a:c6:10:86:f8:95:bd:ed:2a:5a:13:96:37:23:b2:
                    c1:d6:df:fc:06:eb:6b:8c:cf:fd:2d:3e:18:be:8b:
                    4a:db:aa:7d:9e:d0:2d:98:ce:bc:24:56:63:8b:38:
                    ce:d2:24:1f:2d:26:77:f7:fd:f3:46:e4:ac:eb:48:
                    fe:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:52:5D:E5:60:9D:A5:11:25:09:DD:21:F3:60:84:82:8C:47:61:60
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/39312e3230372e3132302e302f32342d3234203d3e203537393834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:59:ac:19:bc:df:67:f7:a4:4a:bb:97:3b:cd:99:bd:10:16:
         78:c8:2b:f3:ef:1e:59:81:76:d9:95:5b:08:6b:71:0a:de:84:
         23:05:a4:fc:e4:bd:c2:1e:25:87:3e:ba:43:cc:58:e8:f9:9a:
         ea:93:ff:b5:74:ed:d6:ad:e2:96:1c:fe:f9:ad:98:16:b4:d7:
         a6:97:59:e7:bb:e8:b9:34:e7:91:6c:3f:73:a5:c9:f5:05:1f:
         b0:a0:cd:66:60:21:c2:23:ca:89:c2:4d:f9:41:5e:8f:d0:ab:
         11:3b:64:f6:15:b2:b2:c5:17:71:25:32:1d:f3:28:a8:ba:92:
         e1:75:61:82:62:03:9a:30:4f:b6:e5:90:49:d6:52:72:ea:75:
         2f:d7:41:a8:dc:ec:f2:1d:f7:52:25:db:44:b9:09:9d:6a:9e:
         4f:7d:e5:d3:76:76:5b:00:59:a0:c8:58:0f:33:57:31:db:bd:
         98:9e:82:7b:db:9d:c9:6f:79:52:0a:1a:e8:98:a3:5a:5a:8d:
         66:d0:51:d2:30:56:04:fa:2a:cd:d0:e6:b5:b9:0f:6d:8b:be:
         b0:14:a5:f5:0f:5b:d4:4a:91:e5:dd:3a:ae:e6:72:01:07:c1:
         3d:26:68:32:45:e2:f7:58:4a:ee:13:b0:50:c4:8e:c6:7b:bb:
         0b:70:2d:d1
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUQBFyamTTCdlLoX8t1kBluE9V6JcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yMzA5MjcxMTQ1NTdaFw0yNDA5MjUxMTUwNTdaMDMxMTAvBgNV
BAMTKEU4NTI1REU1NjA5REE1MTEyNTA5REQyMUYzNjA4NDgyOEM0NzYxNjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXOWlQyxge67l3IqeSYDRjS0gz
rp9SgdHP+P5tQkVk4DIsAkBlFuLp/+ggyoryvDoRH2g7UuklQiOmpFaWoeW8b2bK
+6HpZfgVJ1RSnTcpnVpocQaryz0LV7pg8v4QdaY83dVQR6t3ticboeA16NmRNcwq
qMcTjix39PmbKYG9F2InwzJTZ7X9DQgEZmi6NYKgKVfAPccoSe0nAiZBuv/XGtSk
l3VQG7/IctbHIQRN/RaDwl0JxhPyfQHrUsRC/UPtlhrGEIb4lb3tKloTljcjssHW
3/wG62uMz/0tPhi+i0rbqn2e0C2YzrwkVmOLOM7SJB8tJnf3/fNG5KzrSP7xAgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQU6FJd5WCdpRElCd0h82CEgoxHYWAwHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzM5MzEyZTMyMzAzNzJlMzEzMjMwMmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzUzNzM5MzgzNC5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvPeDANBgkqhkiG
9w0BAQsFAAOCAQEAKlmsGbzfZ/ekSruXO82ZvRAWeMgr8+8eWYF22ZVbCGtxCt6E
IwWk/OS9wh4lhz66Q8xY6Pma6pP/tXTt1q3ilhz++a2YFrTXppdZ57vouTTnkWw/
c6XJ9QUfsKDNZmAhwiPKicJN+UFej9CrETtk9hWyssUXcSUyHfMoqLqS4XVhgmID
mjBPtuWQSdZScup1L9dBqNzs8h33UiXbRLkJnWqeT33l03Z2WwBZoMhYDzNXMdu9
mJ6Ce9udyW95Ugoa6JijWlqNZtBR0jBWBPoqzdDmtbkPbYu+sBSl9Q9b1EqR5d06
ruZyAQfBPSZoMkXi91hK7hOwUMSOxnu7C3At0Q==
-----END CERTIFICATE-----