Route Origin Authorization

$ rpki-client -vvf rpki.xindi.eu/repo/XINDI/0/39312e3230382e3137392e302f32342d3234203d3e203339303032.roa
File:                     39312e3230382e3137392e302f32342d3234203d3e203339303032.roa (raw, json)
Hash identifier:          bBJgISpRO/oImsDOtigyBTHpor7uliYtj0Lnhdh6ClY=
Subject key identifier:   CB:73:75:6E:50:75:4F:7E:97:0B:17:E6:7A:C5:30:56:24:37:C2:75
Certificate issuer:       /CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
Certificate serial:       071FDBA566B8EF8CDA64C36D8617B97D1500631A
Authority key identifier: 60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
Subject info access:      rsync://rpki.xindi.eu/repo/XINDI/0/39312e3230382e3137392e302f32342d3234203d3e203339303032.roa
Signing time:             Wed 10 Jun 2026 14:23:56 +0000
ROA not before:           Wed 10 Jun 2026 14:18:56 +0000
ROA not after:            Wed 09 Jun 2027 14:23:56 +0000
asID:                     39002
IP address blocks:        91.208.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl
                          rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 21:39:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:1f:db:a5:66:b8:ef:8c:da:64:c3:6d:86:17:b9:7d:15:00:63:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60183287eb08ece0c65fa49a3f45621c612ddbd1
        Validity
            Not Before: Jun 10 14:18:56 2026 GMT
            Not After : Jun  9 14:23:56 2027 GMT
        Subject: CN=CB73756E50754F7E970B17E67AC530562437C275
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:81:df:c4:c3:5f:ac:f3:7a:07:dd:68:fe:ad:
                    fe:7e:22:4e:d6:09:71:c6:87:49:41:91:1e:be:eb:
                    1d:9c:0b:0c:59:4d:0a:be:58:ad:08:cc:90:fb:1d:
                    27:2a:41:a3:0a:17:0a:94:0d:72:91:8d:19:02:aa:
                    a6:be:71:92:2f:69:a2:b8:38:45:1c:87:df:80:b2:
                    c2:42:4d:59:85:64:16:eb:69:c2:07:50:76:af:e9:
                    98:ae:9e:c4:0c:7b:f2:9c:e3:f8:24:89:69:7c:3a:
                    a9:2c:80:26:d8:a6:75:e2:5d:8f:b5:df:3b:c5:32:
                    71:f1:55:a4:8b:ec:6a:8b:ba:2e:98:a4:01:9f:6e:
                    ec:a3:72:0d:03:35:82:87:e5:35:36:34:34:13:4a:
                    f1:0c:ab:e9:6f:2f:e0:74:49:b0:ed:a1:bd:4c:7a:
                    d7:3a:cd:9d:69:91:59:0d:66:29:31:dc:cf:ca:52:
                    f5:22:fb:e1:6e:37:cc:01:e7:0a:ec:f1:e3:08:53:
                    b7:02:4d:a3:5f:8e:6d:e4:0a:9f:b1:d5:80:48:a4:
                    ea:f8:17:e9:4f:f4:0c:ee:06:c2:54:e7:59:9a:bd:
                    ec:0e:c8:74:be:2e:e8:b3:b5:d0:5e:bb:df:0e:62:
                    46:36:1d:58:e7:5f:17:32:17:be:c7:eb:49:df:80:
                    7a:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:73:75:6E:50:75:4F:7E:97:0B:17:E6:7A:C5:30:56:24:37:C2:75
            X509v3 Authority Key Identifier:
                keyid:60:18:32:87:EB:08:EC:E0:C6:5F:A4:9A:3F:45:62:1C:61:2D:DB:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.xindi.eu/repo/XINDI/0/60183287EB08ECE0C65FA49A3F45621C612DDBD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBgyh-sI7ODGX6SaP0ViHGEt29E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.xindi.eu/repo/XINDI/0/39312e3230382e3137392e302f32342d3234203d3e203339303032.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:0b:f0:94:e3:4d:8c:d1:b7:68:60:d0:a9:7f:69:20:05:71:
         42:26:98:66:97:38:11:58:c9:0c:1e:e2:c6:df:5e:8c:ea:eb:
         f7:a6:92:12:1d:2a:46:f8:41:fb:f6:44:fe:68:11:28:e4:cc:
         de:31:6d:34:57:d7:a2:bb:16:b5:fa:e5:7b:6f:4f:10:99:a5:
         a8:03:4e:4b:2b:b4:83:05:65:d0:1e:48:bc:45:b5:ce:c5:b7:
         cb:2c:94:d6:c4:07:d2:20:7c:94:5b:fe:ea:d6:3e:00:86:27:
         07:6c:a4:5f:03:cf:9b:28:d3:82:ac:79:2d:20:cf:b6:67:d8:
         18:9e:55:28:82:43:2d:8a:82:af:ca:87:20:87:db:09:cc:3e:
         30:3c:ea:ee:23:07:07:e7:be:e3:09:1e:1d:6a:ab:b5:9f:9b:
         61:5a:02:e1:7a:d6:5a:d2:40:a1:70:27:c6:5a:3f:ad:c5:14:
         a9:15:1c:b8:27:dd:9e:50:ee:6c:a1:79:1c:00:c0:42:c9:bd:
         9e:4e:c9:1c:bc:6e:b9:40:38:4d:32:25:66:f9:76:e8:ed:36:
         c7:b5:19:f0:c6:68:45:2a:50:67:63:56:9c:46:e1:2a:4a:33:
         f3:96:8f:8d:33:9e:ca:af:1f:6f:07:f8:1e:1a:6b:91:df:48:
         6c:f6:c4:a8
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUBx/bpWa474zaZMNthhe5fRUAYxowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjAxODMyODdlYjA4ZWNlMGM2NWZhNDlhM2Y0NTYyMWM2
MTJkZGJkMTAeFw0yNjA2MTAxNDE4NTZaFw0yNzA2MDkxNDIzNTZaMDMxMTAvBgNV
BAMTKENCNzM3NTZFNTA3NTRGN0U5NzBCMTdFNjdBQzUzMDU2MjQzN0MyNzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrgd/Ew1+s83oH3Wj+rf5+Ik7W
CXHGh0lBkR6+6x2cCwxZTQq+WK0IzJD7HScqQaMKFwqUDXKRjRkCqqa+cZIvaaK4
OEUch9+AssJCTVmFZBbracIHUHav6ZiunsQMe/Kc4/gkiWl8OqksgCbYpnXiXY+1
3zvFMnHxVaSL7GqLui6YpAGfbuyjcg0DNYKH5TU2NDQTSvEMq+lvL+B0SbDtob1M
etc6zZ1pkVkNZikx3M/KUvUi++FuN8wB5wrs8eMIU7cCTaNfjm3kCp+x1YBIpOr4
F+lP9AzuBsJU51mavewOyHS+LuiztdBeu98OYkY2HVjnXxcyF77H60nfgHoLAgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQUy3N1blB1T36XCxfmesUwViQ3wnUwHwYDVR0j
BBgwFoAUYBgyh+sI7ODGX6SaP0ViHGEt29EwDgYDVR0PAQH/BAQDAgeAMGAGA1Ud
HwRZMFcwVaBToFGGT3JzeW5jOi8vcnBraS54aW5kaS5ldS9yZXBvL1hJTkRJLzAv
NjAxODMyODdFQjA4RUNFMEM2NUZBNDlBM0Y0NTYyMUM2MTJEREJEMS5jcmwwZAYI
KwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9ERUZBVUxUL1lCZ3loLXNJN09ER1g2U2FQMFZpSEdFdDI5RS5j
ZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jwa2kueGlu
ZGkuZXUvcmVwby9YSU5ESS8wLzM5MzEyZTMyMzAzODJlMzEzNzM5MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzMzOTMwMzAzMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvQszANBgkqhkiG
9w0BAQsFAAOCAQEArgvwlONNjNG3aGDQqX9pIAVxQiaYZpc4EVjJDB7ixt9ejOrr
96aSEh0qRvhB+/ZE/mgRKOTM3jFtNFfXorsWtfrle29PEJmlqANOSyu0gwVl0B5I
vEW1zsW3yyyU1sQH0iB8lFv+6tY+AIYnB2ykXwPPmyjTgqx5LSDPtmfYGJ5VKIJD
LYqCr8qHIIfbCcw+MDzq7iMHB+e+4wkeHWqrtZ+bYVoC4XrWWtJAoXAnxlo/rcUU
qRUcuCfdnlDubKF5HADAQsm9nk7JHLxuuUA4TTIlZvl26O02x7UZ8MZoRSpQZ2NW
nEbhKkoz85aPjTOeyq8fbwf4Hhprkd9IbPbEqA==
-----END CERTIFICATE-----