Route Origin Authorization

$ rpki-client -vvf rpki.pudu.be/repo/pudu/0/326130363a613334303a3a2f32392d3438203d3e203437363839.roa
File:                     326130363a613334303a3a2f32392d3438203d3e203437363839.roa (raw, json)
Hash identifier:          PZOrAVpUnSOEX61rRUYMF0Fqh0M8SUNuaasyj0vaIO8=
Subject key identifier:   03:BC:A4:CD:40:74:F5:56:39:4D:93:D3:45:53:EF:65:DD:D1:39:D9
Certificate issuer:       /CN=73a83c810157e3e8511eebe39cfcad16fa329700
Certificate serial:       4ED5A0A44A3D9FC5F27D2EB146B77041CBF89119
Authority key identifier: 73:A8:3C:81:01:57:E3:E8:51:1E:EB:E3:9C:FC:AD:16:FA:32:97:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c6g8gQFX4-hRHuvjnPytFvoylwA.cer
Subject info access:      rsync://rpki.pudu.be/repo/pudu/0/326130363a613334303a3a2f32392d3438203d3e203437363839.roa
Signing time:             Thu 16 Jan 2025 20:12:30 +0000
ROA not before:           Thu 16 Jan 2025 20:07:30 +0000
ROA not after:            Thu 15 Jan 2026 20:12:30 +0000
asID:                     47689
IP address blocks:        2a06:a340::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.pudu.be/repo/pudu/0/73A83C810157E3E8511EEBE39CFCAD16FA329700.crl
                          rsync://rpki.pudu.be/repo/pudu/0/73A83C810157E3E8511EEBE39CFCAD16FA329700.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c6g8gQFX4-hRHuvjnPytFvoylwA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Apr 2025 14:03:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:d5:a0:a4:4a:3d:9f:c5:f2:7d:2e:b1:46:b7:70:41:cb:f8:91:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73a83c810157e3e8511eebe39cfcad16fa329700
        Validity
            Not Before: Jan 16 20:07:30 2025 GMT
            Not After : Jan 15 20:12:30 2026 GMT
        Subject: CN=03BCA4CD4074F556394D93D34553EF65DDD139D9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:63:2e:8f:9e:e1:42:05:c3:06:e4:db:6e:36:
                    f5:40:30:27:24:68:21:82:f6:9e:a5:1a:e2:d6:15:
                    94:a8:a8:d3:77:33:6f:e7:46:67:b7:64:18:d6:b2:
                    f0:9b:2a:f7:14:8f:13:a9:28:f2:1b:46:e8:e3:32:
                    03:46:d2:69:33:45:6e:6d:f8:8b:2e:d7:3d:53:52:
                    f1:07:09:26:1e:e9:ac:0a:f1:a0:1e:6c:92:a2:43:
                    25:f0:54:23:e7:48:c3:41:dd:04:b0:84:87:d1:19:
                    79:8c:60:30:4f:cc:9e:28:81:1f:0e:82:67:75:84:
                    97:5c:08:77:95:8d:05:35:93:e7:26:5d:5e:49:45:
                    49:d0:7e:05:41:d5:0e:48:e7:df:e6:bc:9d:ed:ef:
                    62:93:4e:d1:2b:ae:7d:a7:92:dd:9b:55:b9:6f:72:
                    23:6b:be:4d:10:e4:6f:a8:73:37:88:13:ed:ac:2c:
                    68:31:c4:1e:01:eb:30:60:2c:ac:b5:f8:a1:59:f8:
                    e0:30:b6:5f:c4:fb:c0:e9:20:74:36:af:0c:59:db:
                    c7:78:df:11:63:9b:e7:18:de:d2:a2:fd:a2:3f:a5:
                    9c:30:3e:66:a6:b0:eb:1e:fa:a8:88:57:fc:f1:3b:
                    41:48:ef:e7:25:2c:72:90:33:82:56:cf:b3:6a:df:
                    10:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:BC:A4:CD:40:74:F5:56:39:4D:93:D3:45:53:EF:65:DD:D1:39:D9
            X509v3 Authority Key Identifier:
                keyid:73:A8:3C:81:01:57:E3:E8:51:1E:EB:E3:9C:FC:AD:16:FA:32:97:00

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.pudu.be/repo/pudu/0/73A83C810157E3E8511EEBE39CFCAD16FA329700.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6g8gQFX4-hRHuvjnPytFvoylwA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.pudu.be/repo/pudu/0/326130363a613334303a3a2f32392d3438203d3e203437363839.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a340::/29

    Signature Algorithm: sha256WithRSAEncryption
         46:46:f1:b4:49:8d:84:65:b8:06:8b:1a:41:c9:30:47:a2:f1:
         1a:f4:9a:d5:04:cb:8c:75:4e:50:08:8f:c5:be:f9:d5:db:19:
         b7:b6:f3:a9:71:c8:e7:f7:f5:02:10:b7:4f:f9:66:5c:1e:cd:
         75:40:51:88:e5:44:6d:69:b2:a1:d6:51:96:f5:52:f9:15:ac:
         f0:06:c6:ee:90:e1:d5:98:22:43:ab:19:58:c1:5b:3a:ca:4b:
         a3:eb:6d:48:26:1f:7b:d4:22:9f:a6:5a:36:fc:bb:df:8d:c9:
         e6:b6:53:6d:3f:70:c2:dc:4c:e6:31:e8:67:16:a0:fe:7f:3c:
         84:e9:2d:a9:df:20:a0:e5:b4:a9:05:de:cd:1c:b6:da:7a:66:
         e2:87:64:5c:ea:c2:fd:9b:bf:cd:79:7b:ba:9d:e5:a9:c1:d1:
         1e:27:56:cc:fc:0d:89:12:0a:38:f0:31:96:44:15:7f:8b:c9:
         29:12:7b:bc:3c:82:0b:ce:79:7e:6b:0b:46:65:fa:72:30:f5:
         a9:55:36:7e:f5:54:30:e9:a3:61:3c:ac:a6:88:8a:f2:a7:cd:
         2c:10:eb:2b:97:d8:bc:cb:6f:4f:3a:58:b4:b0:9d:31:02:6b:
         d3:3c:26:03:8e:50:24:d8:61:e7:b2:51:1c:54:47:67:89:02:
         f8:e4:ac:a1
-----BEGIN CERTIFICATE-----
MIIEwzCCA6ugAwIBAgIUTtWgpEo9n8XyfS6xRrdwQcv4kRkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzNhODNjODEwMTU3ZTNlODUxMWVlYmUzOWNmY2FkMTZm
YTMyOTcwMDAeFw0yNTAxMTYyMDA3MzBaFw0yNjAxMTUyMDEyMzBaMDMxMTAvBgNV
BAMTKDAzQkNBNENENDA3NEY1NTYzOTREOTNEMzQ1NTNFRjY1REREMTM5RDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5Yy6PnuFCBcMG5NtuNvVAMCck
aCGC9p6lGuLWFZSoqNN3M2/nRme3ZBjWsvCbKvcUjxOpKPIbRujjMgNG0mkzRW5t
+Isu1z1TUvEHCSYe6awK8aAebJKiQyXwVCPnSMNB3QSwhIfRGXmMYDBPzJ4ogR8O
gmd1hJdcCHeVjQU1k+cmXV5JRUnQfgVB1Q5I59/mvJ3t72KTTtErrn2nkt2bVblv
ciNrvk0Q5G+oczeIE+2sLGgxxB4B6zBgLKy1+KFZ+OAwtl/E+8DpIHQ2rwxZ28d4
3xFjm+cY3tKi/aI/pZwwPmamsOse+qiIV/zxO0FI7+clLHKQM4JWz7Nq3xDXAgMB
AAGjggHNMIIByTAdBgNVHQ4EFgQUA7ykzUB09VY5TZPTRVPvZd3ROdkwHwYDVR0j
BBgwFoAUc6g8gQFX4+hRHuvjnPytFvoylwAwDgYDVR0PAQH/BAQDAgeAMF4GA1Ud
HwRXMFUwU6BRoE+GTXJzeW5jOi8vcnBraS5wdWR1LmJlL3JlcG8vcHVkdS8wLzcz
QTgzQzgxMDE1N0UzRTg1MTFFRUJFMzlDRkNBRDE2RkEzMjk3MDAuY3JsMGQGCCsG
AQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3Jl
cG9zaXRvcnkvREVGQVVMVC9jNmc4Z1FGWDQtaFJIdXZqblB5dEZ2b3lsd0EuY2Vy
MHUGCCsGAQUFBwELBGkwZzBlBggrBgEFBQcwC4ZZcnN5bmM6Ly9ycGtpLnB1ZHUu
YmUvcmVwby9wdWR1LzAvMzI2MTMwMzYzYTYxMzMzNDMwM2EzYTJmMzIzOTJkMzQz
ODIwM2QzZTIwMzQzNzM2MzgzOS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcO
AjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFAyoGo0AwDQYJKoZIhvcNAQEL
BQADggEBAEZG8bRJjYRluAaLGkHJMEei8Rr0mtUEy4x1TlAIj8W++dXbGbe286lx
yOf39QIQt0/5ZlwezXVAUYjlRG1psqHWUZb1UvkVrPAGxu6Q4dWYIkOrGVjBWzrK
S6PrbUgmH3vUIp+mWjb8u9+Nyea2U20/cMLcTOYx6GcWoP5/PITpLanfIKDltKkF
3s0cttp6ZuKHZFzqwv2bv815e7qd5anB0R4nVsz8DYkSCjjwMZZEFX+LySkSe7w8
ggvOeX5rC0Zl+nIw9alVNn71VDDpo2E8rKaIivKnzSwQ6yuX2LzLb086WLSwnTEC
a9M8JgOOUCTYYeeyURxUR2eJAvjkrKE=
-----END CERTIFICATE-----