Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/39312e3230382e3137392e302f32342d3234203d3e203438313132.roa
File:                     39312e3230382e3137392e302f32342d3234203d3e203438313132.roa (raw, json)
Hash identifier:          BCeuObZiDiGBrtYaI2huwa5+75SeWWxObS24jFwYlZQ=
Subject key identifier:   15:D0:3A:A3:7D:C1:DA:36:A1:DC:D2:98:24:E8:67:1F:2C:7A:46:79
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       42B8DD07C77C722CAADA627E3975B0245AC689A8
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/39312e3230382e3137392e302f32342d3234203d3e203438313132.roa
Signing time:             Thu 10 Jul 2025 06:37:44 +0000
ROA not before:           Thu 10 Jul 2025 06:32:44 +0000
ROA not after:            Thu 09 Jul 2026 06:37:44 +0000
asID:                     48112
IP address blocks:        91.208.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 31 Jul 2025 12:59:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:b8:dd:07:c7:7c:72:2c:aa:da:62:7e:39:75:b0:24:5a:c6:89:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Jul 10 06:32:44 2025 GMT
            Not After : Jul  9 06:37:44 2026 GMT
        Subject: CN=15D03AA37DC1DA36A1DCD29824E8671F2C7A4679
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:29:74:b4:74:82:63:8d:fd:a0:b9:9c:16:7e:
                    83:c0:d7:1f:53:7b:e9:dd:f6:76:ee:cd:17:14:58:
                    83:20:ad:d4:a4:0f:23:d1:a0:61:71:15:26:95:18:
                    0e:5d:88:61:0b:a8:de:be:38:d7:d0:6d:dc:e9:0d:
                    1b:b3:75:6a:c3:49:fe:b6:f6:1e:05:41:e9:a3:ac:
                    45:71:5e:d9:d6:1b:31:e5:da:ee:3c:20:26:90:27:
                    95:70:75:8a:a8:a7:3a:f8:56:39:bc:7d:68:ab:2b:
                    c5:58:4b:79:68:26:be:61:2f:1c:49:44:c2:0c:b1:
                    8c:09:3b:59:06:3a:3b:3f:9c:dc:08:e7:a9:bf:27:
                    de:8f:89:09:56:63:cb:63:0e:91:8f:73:9a:72:7f:
                    de:e3:ca:50:ab:32:8e:3c:4f:00:51:82:a2:23:21:
                    fd:1d:3f:ce:e5:74:e9:ec:aa:99:d1:78:67:e2:8c:
                    4e:23:44:42:07:9d:bd:5f:4c:73:c6:a4:e9:f5:7e:
                    ed:77:fe:f4:ad:66:d1:fe:0d:2b:28:43:4f:8b:15:
                    34:b3:67:4e:d4:72:2e:76:80:08:de:57:34:5b:fb:
                    22:f1:78:05:c0:5d:d2:c9:8f:98:5f:ce:2b:32:29:
                    28:f6:90:2b:6e:79:a6:d9:e4:a8:b7:f0:79:4f:01:
                    c3:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:D0:3A:A3:7D:C1:DA:36:A1:DC:D2:98:24:E8:67:1F:2C:7A:46:79
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/39312e3230382e3137392e302f32342d3234203d3e203438313132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:a4:68:df:e9:ae:85:2c:1a:d3:39:2c:c4:e6:6c:41:53:a6:
         81:68:19:85:5f:3f:ce:b4:4d:ee:0b:03:e4:b9:e0:bc:a2:e1:
         d6:b6:41:eb:74:63:83:60:50:07:1d:df:aa:4a:63:a8:fb:47:
         cf:af:7f:ba:ea:a2:0b:60:f3:ef:fd:15:55:eb:b8:6b:4e:5d:
         36:06:8a:14:b6:ee:58:fc:8c:5a:14:52:64:e4:74:72:c6:28:
         94:6a:ee:70:01:9e:83:2b:b8:64:b0:9d:51:94:79:25:a2:46:
         67:e2:b5:f3:e1:74:19:84:66:1c:fa:15:73:b4:4f:77:15:d5:
         d1:54:74:e8:fc:34:04:d0:b1:04:12:f5:43:9a:a2:4c:8f:17:
         17:1e:06:54:6e:5e:52:e1:53:4d:3b:ba:ed:1b:5c:43:b7:84:
         bd:51:38:8d:d3:e1:5f:24:cf:b5:44:1a:34:a7:05:14:56:c0:
         27:77:45:c9:69:dd:a8:30:ca:f3:b9:16:14:76:80:56:03:86:
         3e:f3:e4:f3:84:00:ec:f3:90:26:76:ed:f2:50:af:56:10:6d:
         b7:df:9f:a8:d5:c7:97:1f:ac:58:45:62:a6:80:af:97:ad:ed:
         ba:0c:19:f7:46:90:1c:a0:5e:33:06:17:da:3a:e8:39:ac:f3:
         37:04:b9:90
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUQrjdB8d8ciyq2mJ+OXWwJFrGiagwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yNTA3MTAwNjMyNDRaFw0yNjA3MDkwNjM3NDRaMDMxMTAvBgNV
BAMTKDE1RDAzQUEzN0RDMURBMzZBMURDRDI5ODI0RTg2NzFGMkM3QTQ2NzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6KXS0dIJjjf2guZwWfoPA1x9T
e+nd9nbuzRcUWIMgrdSkDyPRoGFxFSaVGA5diGELqN6+ONfQbdzpDRuzdWrDSf62
9h4FQemjrEVxXtnWGzHl2u48ICaQJ5VwdYqopzr4Vjm8fWirK8VYS3loJr5hLxxJ
RMIMsYwJO1kGOjs/nNwI56m/J96PiQlWY8tjDpGPc5pyf97jylCrMo48TwBRgqIj
If0dP87ldOnsqpnReGfijE4jREIHnb1fTHPGpOn1fu13/vStZtH+DSsoQ0+LFTSz
Z07Uci52gAjeVzRb+yLxeAXAXdLJj5hfzisyKSj2kCtueabZ5Ki38HlPAcNhAgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQUFdA6o33B2jah3NKYJOhnHyx6RnkwHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzM5MzEyZTMyMzAzODJlMzEzNzM5MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzQzODMxMzEzMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvQszANBgkqhkiG
9w0BAQsFAAOCAQEAGqRo3+muhSwa0zksxOZsQVOmgWgZhV8/zrRN7gsD5LngvKLh
1rZB63Rjg2BQBx3fqkpjqPtHz69/uuqiC2Dz7/0VVeu4a05dNgaKFLbuWPyMWhRS
ZOR0csYolGrucAGegyu4ZLCdUZR5JaJGZ+K18+F0GYRmHPoVc7RPdxXV0VR06Pw0
BNCxBBL1Q5qiTI8XFx4GVG5eUuFTTTu67RtcQ7eEvVE4jdPhXyTPtUQaNKcFFFbA
J3dFyWndqDDK87kWFHaAVgOGPvPk84QA7POQJnbt8lCvVhBtt9+fqNXHlx+sWEVi
poCvl63tugwZ90aQHKBeMwYX2jroOazzNwS5kA==
-----END CERTIFICATE-----