Route Origin Authorization

$ rpki-client -vvf rpki.pudu.be/repo/pudu/0/36342e3138372e3230392e302f32342d3332203d3e203536373632.roa
File:                     36342e3138372e3230392e302f32342d3332203d3e203536373632.roa (raw, json)
Hash identifier:          DiR9jUMRPjczZJNSX99gIumNgSHkPAy6pj6GibxBJN8=
Subject key identifier:   2E:6A:5A:53:2B:36:D7:FF:82:11:BF:63:DA:27:49:A5:34:E1:E7:85
Certificate issuer:       /CN=73a83c810157e3e8511eebe39cfcad16fa329700
Certificate serial:       5D8BABD607AACF8F648E5F0C2C3614E5E4EC8D31
Authority key identifier: 73:A8:3C:81:01:57:E3:E8:51:1E:EB:E3:9C:FC:AD:16:FA:32:97:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c6g8gQFX4-hRHuvjnPytFvoylwA.cer
Subject info access:      rsync://rpki.pudu.be/repo/pudu/0/36342e3138372e3230392e302f32342d3332203d3e203536373632.roa
Signing time:             Sun 12 May 2024 18:49:25 +0000
ROA not before:           Sun 12 May 2024 18:44:25 +0000
ROA not after:            Sun 11 May 2025 18:49:25 +0000
asID:                     56762
IP address blocks:        64.187.209.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.pudu.be/repo/pudu/0/73A83C810157E3E8511EEBE39CFCAD16FA329700.crl
                          rsync://rpki.pudu.be/repo/pudu/0/73A83C810157E3E8511EEBE39CFCAD16FA329700.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c6g8gQFX4-hRHuvjnPytFvoylwA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:8b:ab:d6:07:aa:cf:8f:64:8e:5f:0c:2c:36:14:e5:e4:ec:8d:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73a83c810157e3e8511eebe39cfcad16fa329700
        Validity
            Not Before: May 12 18:44:25 2024 GMT
            Not After : May 11 18:49:25 2025 GMT
        Subject: CN=2E6A5A532B36D7FF8211BF63DA2749A534E1E785
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:d1:9e:66:fd:8f:34:d9:bf:43:96:e1:40:25:
                    45:e1:89:09:24:be:4d:49:f9:13:03:da:ca:52:68:
                    fa:ac:e4:8d:93:07:9f:fe:66:ae:30:0c:83:cb:8c:
                    6f:66:b5:ed:65:ee:42:14:c6:d9:ff:ef:d0:b0:95:
                    09:1b:e9:b6:30:99:c2:89:3f:b6:87:b0:39:83:6e:
                    fb:08:cd:fb:7d:cf:1f:9d:34:10:15:5f:23:45:16:
                    00:62:9e:ee:82:79:10:53:13:d1:d9:de:b3:92:c3:
                    f6:7d:71:48:9a:88:2b:64:5b:15:ef:79:01:e0:29:
                    08:a2:3e:17:fd:17:ba:2f:fa:ff:f8:fa:eb:e6:a0:
                    36:a7:d9:c6:ff:64:3b:80:9d:5d:84:6a:73:83:af:
                    1a:95:19:e1:47:40:34:11:86:e0:66:8c:ab:35:f4:
                    7e:e3:26:10:48:f5:02:47:b7:dd:d5:20:06:d2:53:
                    3b:de:63:64:3f:32:e4:43:d0:56:c0:4e:82:12:89:
                    98:70:3a:c4:0f:60:c0:4f:19:72:19:52:81:c3:5f:
                    46:f7:57:45:72:a3:04:34:73:ac:9d:43:bf:7d:96:
                    72:e6:27:1f:e3:a1:1e:cb:2d:c9:28:b6:57:59:6a:
                    88:af:01:1b:28:e0:04:2f:4a:e1:b0:c1:c9:39:ec:
                    a9:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:6A:5A:53:2B:36:D7:FF:82:11:BF:63:DA:27:49:A5:34:E1:E7:85
            X509v3 Authority Key Identifier:
                keyid:73:A8:3C:81:01:57:E3:E8:51:1E:EB:E3:9C:FC:AD:16:FA:32:97:00

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.pudu.be/repo/pudu/0/73A83C810157E3E8511EEBE39CFCAD16FA329700.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6g8gQFX4-hRHuvjnPytFvoylwA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.pudu.be/repo/pudu/0/36342e3138372e3230392e302f32342d3332203d3e203536373632.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.187.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:ac:5e:14:6c:21:5b:6a:59:8d:3c:03:01:eb:36:f2:c8:8b:
         ca:61:7e:7a:ed:40:ae:44:42:46:87:72:b5:ba:d3:28:85:d9:
         57:20:a1:4d:70:d0:bc:cc:9c:41:ff:22:ad:95:0e:75:14:f6:
         c4:75:c6:76:b5:39:ca:f2:59:ab:74:0b:6b:e1:b1:af:4b:7b:
         dd:52:14:ec:b9:f1:66:9d:30:1c:c1:22:15:fe:1c:cd:de:73:
         37:3d:7c:f2:59:8a:09:f6:d2:33:d9:84:5c:f7:ec:74:4a:89:
         58:83:b4:2c:05:3b:73:39:12:47:5c:fb:42:ac:43:1c:c5:4e:
         67:91:3c:c5:77:f8:9f:c9:72:38:96:bd:8a:ac:3b:42:a7:56:
         d2:fc:50:80:3d:59:2c:af:7f:95:66:28:1a:f8:be:5c:1d:9d:
         f2:1f:d0:50:2b:a4:34:65:e8:fc:b6:22:a3:c7:6a:1e:a5:38:
         79:97:7a:48:16:ad:5b:65:9a:c9:cb:8b:6f:d4:c8:9b:6f:2f:
         59:3a:ff:e2:68:69:cf:c6:38:fc:2d:da:c0:f3:8c:f9:35:9e:
         11:29:83:2d:de:29:d4:54:c3:b6:dd:a8:2d:f3:9d:fc:e7:20:
         44:5c:94:5a:7e:b8:34:df:56:62:73:8e:0e:45:a3:d5:e9:8a:
         1f:ba:9b:8d
-----BEGIN CERTIFICATE-----
MIIExDCCA6ygAwIBAgIUXYur1geqz49kjl8MLDYU5eTsjTEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzNhODNjODEwMTU3ZTNlODUxMWVlYmUzOWNmY2FkMTZm
YTMyOTcwMDAeFw0yNDA1MTIxODQ0MjVaFw0yNTA1MTExODQ5MjVaMDMxMTAvBgNV
BAMTKDJFNkE1QTUzMkIzNkQ3RkY4MjExQkY2M0RBMjc0OUE1MzRFMUU3ODUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDE0Z5m/Y802b9DluFAJUXhiQkk
vk1J+RMD2spSaPqs5I2TB5/+Zq4wDIPLjG9mte1l7kIUxtn/79CwlQkb6bYwmcKJ
P7aHsDmDbvsIzft9zx+dNBAVXyNFFgBinu6CeRBTE9HZ3rOSw/Z9cUiaiCtkWxXv
eQHgKQiiPhf9F7ov+v/4+uvmoDan2cb/ZDuAnV2EanODrxqVGeFHQDQRhuBmjKs1
9H7jJhBI9QJHt93VIAbSUzveY2Q/MuRD0FbAToISiZhwOsQPYMBPGXIZUoHDX0b3
V0VyowQ0c6ydQ799lnLmJx/joR7LLckotldZaoivARso4AQvSuGwwck57KlTAgMB
AAGjggHOMIIByjAdBgNVHQ4EFgQULmpaUys21/+CEb9j2idJpTTh54UwHwYDVR0j
BBgwFoAUc6g8gQFX4+hRHuvjnPytFvoylwAwDgYDVR0PAQH/BAQDAgeAMF4GA1Ud
HwRXMFUwU6BRoE+GTXJzeW5jOi8vcnBraS5wdWR1LmJlL3JlcG8vcHVkdS8wLzcz
QTgzQzgxMDE1N0UzRTg1MTFFRUJFMzlDRkNBRDE2RkEzMjk3MDAuY3JsMGQGCCsG
AQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3Jl
cG9zaXRvcnkvREVGQVVMVC9jNmc4Z1FGWDQtaFJIdXZqblB5dEZ2b3lsd0EuY2Vy
MHcGCCsGAQUFBwELBGswaTBnBggrBgEFBQcwC4ZbcnN5bmM6Ly9ycGtpLnB1ZHUu
YmUvcmVwby9wdWR1LzAvMzYzNDJlMzEzODM3MmUzMjMwMzkyZTMwMmYzMjM0MmQz
MzMyMjAzZDNlMjAzNTM2MzczNjMyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAQLvRMA0GCSqGSIb3DQEB
CwUAA4IBAQAHrF4UbCFbalmNPAMB6zbyyIvKYX567UCuREJGh3K1utMohdlXIKFN
cNC8zJxB/yKtlQ51FPbEdcZ2tTnK8lmrdAtr4bGvS3vdUhTsufFmnTAcwSIV/hzN
3nM3PXzyWYoJ9tIz2YRc9+x0SolYg7QsBTtzORJHXPtCrEMcxU5nkTzFd/ifyXI4
lr2KrDtCp1bS/FCAPVksr3+VZiga+L5cHZ3yH9BQK6Q0Zej8tiKjx2oepTh5l3pI
Fq1bZZrJy4tv1Mibby9ZOv/iaGnPxjj8LdrA84z5NZ4RKYMt3inUVMO23agt8538
5yBEXJRafrg031Zic44ORaPV6YofupuN
-----END CERTIFICATE-----