Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/39312e3230382e3137392e302f32342d3234203d3e203438313132.roa
File:                     39312e3230382e3137392e302f32342d3234203d3e203438313132.roa (raw, json)
Hash identifier:          QWFc5480xuiX2B7iah8qYuNsztcVExs4709s2eR0koA=
Subject key identifier:   F6:1B:D6:D0:E8:6B:55:72:C9:40:A8:69:F2:1A:99:65:D2:32:3E:C1
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       0A1B2DE6B0B343B6545610E586824E34738FBECD
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/39312e3230382e3137392e302f32342d3234203d3e203438313132.roa
Signing time:             Thu 08 Aug 2024 06:23:37 +0000
ROA not before:           Thu 08 Aug 2024 06:18:37 +0000
ROA not after:            Thu 07 Aug 2025 06:23:37 +0000
asID:                     48112
IP address blocks:        91.208.179.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 21:56:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:1b:2d:e6:b0:b3:43:b6:54:56:10:e5:86:82:4e:34:73:8f:be:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Aug  8 06:18:37 2024 GMT
            Not After : Aug  7 06:23:37 2025 GMT
        Subject: CN=F61BD6D0E86B5572C940A869F21A9965D2323EC1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:a9:11:c3:87:5d:b3:81:88:f0:12:32:dd:c5:
                    0f:3b:ab:13:6b:47:78:a2:96:1e:a8:b1:24:f0:c0:
                    6e:87:1c:06:c7:93:75:9c:d7:a1:ff:99:4b:7b:6f:
                    52:be:ae:4a:a2:a7:c3:77:39:97:99:7e:91:5a:54:
                    27:d9:9d:cb:24:fa:42:8a:36:58:23:00:89:06:e0:
                    4d:d9:20:e8:41:4d:02:a9:ba:bd:2c:58:c4:ac:cb:
                    0d:f2:fb:aa:81:cb:ae:d9:8c:ec:fe:34:ab:62:3f:
                    a5:4f:d5:0d:e2:3a:e0:d7:4a:54:d2:24:18:1d:9e:
                    b1:73:5e:c4:ea:68:60:85:ab:41:84:cd:6d:77:42:
                    23:84:c0:07:33:8d:e3:35:55:63:45:a7:11:95:e5:
                    46:f1:83:42:71:77:1d:97:53:79:5c:1a:b1:fc:0a:
                    d2:37:f3:e6:ee:1d:42:cc:ed:ae:5a:c6:c8:5c:7e:
                    88:91:aa:fc:07:44:48:91:ee:fe:7b:b7:ac:51:de:
                    af:cd:34:db:74:f3:66:69:28:37:4f:c4:1c:c3:99:
                    bd:43:d0:cb:de:16:aa:b0:7a:6d:e8:65:37:5c:cb:
                    8b:37:79:5d:45:ed:84:6e:64:2a:69:bf:7e:96:54:
                    3d:2a:1d:4e:79:40:27:c0:03:94:cb:ea:ae:8a:04:
                    61:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:1B:D6:D0:E8:6B:55:72:C9:40:A8:69:F2:1A:99:65:D2:32:3E:C1
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/39312e3230382e3137392e302f32342d3234203d3e203438313132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:9a:4f:06:ba:8b:c6:e0:e7:e6:2b:8a:8d:cf:56:49:79:15:
         db:9b:51:f2:cc:9b:d6:19:0f:29:de:14:a1:44:e2:ba:68:13:
         1d:8d:7d:fc:b7:df:ef:9b:06:ce:58:4e:f8:81:9f:9b:70:b3:
         7e:d3:a1:69:93:7d:20:5b:24:66:3d:bb:92:86:74:e8:7c:3b:
         ed:7a:17:19:fc:ba:1b:56:23:ea:f1:59:82:0b:fc:9a:96:27:
         2f:85:a3:7d:c2:30:c3:14:e9:e7:68:a2:23:a9:d3:a3:f9:c5:
         04:dc:43:d1:55:0e:a3:96:38:1b:0b:0a:4c:a5:29:89:09:72:
         1a:67:85:4e:82:2f:69:0c:f6:b9:ac:b3:42:c2:d1:ef:d1:e5:
         be:7f:ca:ae:9f:82:a5:81:5a:39:b8:a2:aa:06:a6:2d:5f:e6:
         57:2e:f8:72:13:08:8f:f1:05:e0:39:de:18:9c:df:c5:8f:37:
         3b:ee:2f:a0:1e:0b:af:d9:b2:70:95:98:f0:66:48:cd:32:6c:
         af:99:cc:fa:98:1e:4b:ce:cf:3e:75:c4:ba:6f:fd:61:6c:8e:
         14:02:97:90:77:b1:16:1e:38:e9:ba:83:c1:28:0f:4b:6a:85:
         ee:81:d2:63:33:75:b8:24:8e:2b:0c:a7:98:40:07:ce:ae:86:
         c6:d9:ef:c7
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUChst5rCzQ7ZUVhDlhoJONHOPvs0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yNDA4MDgwNjE4MzdaFw0yNTA4MDcwNjIzMzdaMDMxMTAvBgNV
BAMTKEY2MUJENkQwRTg2QjU1NzJDOTQwQTg2OUYyMUE5OTY1RDIzMjNFQzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuqRHDh12zgYjwEjLdxQ87qxNr
R3iilh6osSTwwG6HHAbHk3Wc16H/mUt7b1K+rkqip8N3OZeZfpFaVCfZncsk+kKK
NlgjAIkG4E3ZIOhBTQKpur0sWMSsyw3y+6qBy67ZjOz+NKtiP6VP1Q3iOuDXSlTS
JBgdnrFzXsTqaGCFq0GEzW13QiOEwAczjeM1VWNFpxGV5Ubxg0Jxdx2XU3lcGrH8
CtI38+buHULM7a5axshcfoiRqvwHREiR7v57t6xR3q/NNNt082ZpKDdPxBzDmb1D
0MveFqqwem3oZTdcy4s3eV1F7YRuZCppv36WVD0qHU55QCfAA5TL6q6KBGE5AgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQU9hvW0OhrVXLJQKhp8hqZZdIyPsEwHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzM5MzEyZTMyMzAzODJlMzEzNzM5MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzQzODMxMzEzMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvQszANBgkqhkiG
9w0BAQsFAAOCAQEAvZpPBrqLxuDn5iuKjc9WSXkV25tR8syb1hkPKd4UoUTiumgT
HY19/Lff75sGzlhO+IGfm3CzftOhaZN9IFskZj27koZ06Hw77XoXGfy6G1Yj6vFZ
ggv8mpYnL4WjfcIwwxTp52iiI6nTo/nFBNxD0VUOo5Y4GwsKTKUpiQlyGmeFToIv
aQz2uayzQsLR79Hlvn/Krp+CpYFaObiiqgamLV/mVy74chMIj/EF4DneGJzfxY83
O+4voB4Lr9mycJWY8GZIzTJsr5nM+pgeS87PPnXEum/9YWyOFAKXkHexFh446bqD
wSgPS2qF7oHSYzN1uCSOKwynmEAHzq6Gxtnvxw==
-----END CERTIFICATE-----