Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/39312e3230372e3132302e302f32342d3234203d3e203537393834.roa
File:                     39312e3230372e3132302e302f32342d3234203d3e203537393834.roa (raw, json)
Hash identifier:          zXxEPlLfnpKqQtuwjkfDhQUfZACOdk3GUxGA9Tw62xU=
Subject key identifier:   13:34:5A:8B:A3:61:AD:9B:B5:5F:5B:10:E6:7A:3D:C7:A0:87:A4:7C
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       33EE370EDBCCAB3D433B99BE6099EB48B55CD963
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/39312e3230372e3132302e302f32342d3234203d3e203537393834.roa
Signing time:             Wed 28 Aug 2024 12:01:16 +0000
ROA not before:           Wed 28 Aug 2024 11:56:16 +0000
ROA not after:            Wed 27 Aug 2025 12:01:16 +0000
asID:                     57984
IP address blocks:        91.207.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Jul 2025 02:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:ee:37:0e:db:cc:ab:3d:43:3b:99:be:60:99:eb:48:b5:5c:d9:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Aug 28 11:56:16 2024 GMT
            Not After : Aug 27 12:01:16 2025 GMT
        Subject: CN=13345A8BA361AD9BB55F5B10E67A3DC7A087A47C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:e3:b1:f3:05:d0:4a:7f:08:68:4c:92:11:7d:
                    48:68:36:e5:ce:44:06:df:fa:7f:67:45:77:30:ef:
                    96:b0:f8:99:78:54:f9:a2:4a:46:f8:ed:98:22:f6:
                    f0:af:4e:8f:4d:28:7f:36:5c:3f:33:66:00:03:36:
                    96:9d:55:44:89:93:59:42:d2:28:4f:4a:b8:2d:f4:
                    c7:01:4f:eb:9d:d7:ff:89:45:32:23:22:8c:c1:5b:
                    8e:14:43:56:bc:1a:78:bc:fa:29:a1:cf:ba:24:71:
                    68:e9:26:61:8c:d1:71:86:0e:55:7e:12:9e:dc:24:
                    16:75:13:39:49:54:1d:69:85:98:ff:ec:65:a9:f9:
                    4a:6d:4f:28:bc:d8:f0:05:03:88:9a:35:fe:11:2c:
                    02:db:00:52:6d:07:77:a5:56:91:9e:33:b8:e6:c5:
                    40:3b:c7:bd:2c:6d:7b:5d:0e:ff:6c:33:c8:32:d6:
                    6a:ec:1e:73:2c:a2:e3:d5:8e:32:22:10:e1:6d:cf:
                    80:b2:fb:05:26:6a:53:4a:d1:7f:c3:bd:2f:c7:d9:
                    e3:d8:89:2f:8a:ec:93:f2:1c:dc:ee:58:15:ef:eb:
                    9c:4d:12:b8:f0:86:d5:01:84:cc:0a:b0:d6:ac:63:
                    2e:41:d9:cb:36:4e:4c:89:88:e7:54:63:17:91:80:
                    d4:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:34:5A:8B:A3:61:AD:9B:B5:5F:5B:10:E6:7A:3D:C7:A0:87:A4:7C
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/39312e3230372e3132302e302f32342d3234203d3e203537393834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:c8:c4:63:cf:d1:66:ab:18:a9:29:b6:56:9b:14:7f:c3:f9:
         36:9b:ec:db:4e:a4:dd:05:8a:8a:58:45:51:8f:81:15:99:da:
         e0:fc:0e:ae:79:9f:fd:ee:cf:cd:42:5e:ba:db:9e:08:a6:d8:
         1c:ff:d0:3e:5f:de:93:ee:59:10:1d:52:dd:8a:5e:02:46:53:
         68:b4:d0:14:aa:c1:dd:a8:41:50:67:cf:b7:78:80:d0:95:a7:
         d7:1a:17:97:ad:12:ad:85:06:98:d3:14:9f:fb:dd:63:96:7e:
         1c:db:96:b7:2f:a2:0c:dd:da:2f:b9:4e:a1:c6:3e:53:db:15:
         a6:ed:b3:cc:c8:a1:fc:58:22:fc:94:b7:8f:7d:22:a7:f0:17:
         85:a0:42:f8:c3:1c:c9:4b:05:80:79:e2:3b:fa:f4:3f:aa:57:
         6f:2c:e5:f5:57:ee:1a:04:38:fe:17:99:0f:23:49:ce:65:06:
         35:1b:6f:88:fc:a8:40:e3:8c:06:0b:db:ca:39:a6:aa:4c:9f:
         d7:0f:df:da:96:92:d0:22:81:28:06:f7:47:47:35:52:88:0c:
         e2:bc:4e:3b:1a:bf:35:e8:ab:e1:f4:2f:ce:36:e8:27:9c:b1:
         ad:ac:1a:0e:95:09:ba:0b:f4:ac:3c:8d:26:a8:17:b5:73:47:
         7f:94:cb:ce
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUM+43DtvMqz1DO5m+YJnrSLVc2WMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yNDA4MjgxMTU2MTZaFw0yNTA4MjcxMjAxMTZaMDMxMTAvBgNV
BAMTKDEzMzQ1QThCQTM2MUFEOUJCNTVGNUIxMEU2N0EzREM3QTA4N0E0N0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCe47HzBdBKfwhoTJIRfUhoNuXO
RAbf+n9nRXcw75aw+Jl4VPmiSkb47Zgi9vCvTo9NKH82XD8zZgADNpadVUSJk1lC
0ihPSrgt9McBT+ud1/+JRTIjIozBW44UQ1a8Gni8+imhz7okcWjpJmGM0XGGDlV+
Ep7cJBZ1EzlJVB1phZj/7GWp+UptTyi82PAFA4iaNf4RLALbAFJtB3elVpGeM7jm
xUA7x70sbXtdDv9sM8gy1mrsHnMsouPVjjIiEOFtz4Cy+wUmalNK0X/DvS/H2ePY
iS+K7JPyHNzuWBXv65xNErjwhtUBhMwKsNasYy5B2cs2TkyJiOdUYxeRgNSbAgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQUEzRai6NhrZu1X1sQ5no9x6CHpHwwHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzM5MzEyZTMyMzAzNzJlMzEzMjMwMmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzUzNzM5MzgzNC5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvPeDANBgkqhkiG
9w0BAQsFAAOCAQEAqsjEY8/RZqsYqSm2VpsUf8P5Npvs206k3QWKilhFUY+BFZna
4PwOrnmf/e7PzUJeutueCKbYHP/QPl/ek+5ZEB1S3YpeAkZTaLTQFKrB3ahBUGfP
t3iA0JWn1xoXl60SrYUGmNMUn/vdY5Z+HNuWty+iDN3aL7lOocY+U9sVpu2zzMih
/Fgi/JS3j30ip/AXhaBC+MMcyUsFgHniO/r0P6pXbyzl9VfuGgQ4/heZDyNJzmUG
NRtviPyoQOOMBgvbyjmmqkyf1w/f2paS0CKBKAb3R0c1UogM4rxOOxq/Neir4fQv
zjboJ5yxrawaDpUJugv0rDyNJqgXtXNHf5TLzg==
-----END CERTIFICATE-----