Route Origin Authorization

$ rpki-client -vvf rpki.pudu.be/repo/pudu/0/39312e3139332e3131342e302f32342d3234203d3e203437363839.roa
File:                     39312e3139332e3131342e302f32342d3234203d3e203437363839.roa (raw, json)
Hash identifier:          dzgaEtqZ+S4stpMQpzzAAthdtjHp5sbC+D4XlJrdMsk=
Subject key identifier:   07:98:6D:6C:43:7F:6F:F3:94:63:69:1B:83:94:66:1D:52:DB:DB:15
Certificate issuer:       /CN=73a83c810157e3e8511eebe39cfcad16fa329700
Certificate serial:       34C0B9D3A862CAE0AFCCE09CFE480AF7789965C5
Authority key identifier: 73:A8:3C:81:01:57:E3:E8:51:1E:EB:E3:9C:FC:AD:16:FA:32:97:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c6g8gQFX4-hRHuvjnPytFvoylwA.cer
Subject info access:      rsync://rpki.pudu.be/repo/pudu/0/39312e3139332e3131342e302f32342d3234203d3e203437363839.roa
Signing time:             Sun 11 Feb 2024 06:23:08 +0000
ROA not before:           Sun 11 Feb 2024 06:18:08 +0000
ROA not after:            Sun 09 Feb 2025 06:23:08 +0000
asID:                     47689
IP address blocks:        91.193.114.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.pudu.be/repo/pudu/0/73A83C810157E3E8511EEBE39CFCAD16FA329700.crl
                          rsync://rpki.pudu.be/repo/pudu/0/73A83C810157E3E8511EEBE39CFCAD16FA329700.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c6g8gQFX4-hRHuvjnPytFvoylwA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Nov 2024 15:27:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:c0:b9:d3:a8:62:ca:e0:af:cc:e0:9c:fe:48:0a:f7:78:99:65:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73a83c810157e3e8511eebe39cfcad16fa329700
        Validity
            Not Before: Feb 11 06:18:08 2024 GMT
            Not After : Feb  9 06:23:08 2025 GMT
        Subject: CN=07986D6C437F6FF39463691B8394661D52DBDB15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:aa:a2:1c:94:69:9b:fa:28:69:f6:57:cb:29:
                    32:ad:50:64:d5:33:3c:cf:3e:e7:58:6f:8c:01:50:
                    09:0e:bf:bf:75:fb:60:cb:62:9f:f0:5b:c8:88:4d:
                    4b:bc:71:53:c6:99:03:0d:fd:40:4e:f0:fc:a7:87:
                    7b:ba:c2:15:41:09:cb:f0:1f:9b:0c:89:18:80:5c:
                    73:ea:1c:10:90:36:4c:7b:5a:af:12:b0:b6:eb:fe:
                    ec:13:36:26:6f:26:54:f4:1c:bb:24:36:65:81:6c:
                    e4:a8:ff:bf:9c:ea:97:0f:a8:32:7f:b0:9f:d2:cd:
                    ab:9a:73:02:38:88:bb:79:93:a6:bb:af:a5:b6:4e:
                    e6:36:c0:e6:76:52:c3:6a:4c:a4:b2:35:fc:d7:70:
                    10:cc:0b:e6:21:25:92:2a:51:6c:c0:ca:45:5f:ce:
                    b2:7d:90:c7:10:3b:b0:34:52:33:68:6a:39:a9:a8:
                    57:a6:cb:e9:25:c9:fd:d9:8d:dc:f3:01:65:fe:14:
                    6b:d3:4e:de:b1:71:f4:39:ed:2f:c1:2b:dd:e9:07:
                    6c:9d:24:69:9d:f4:64:64:59:c8:90:9c:50:80:fd:
                    d9:27:ea:2b:3b:28:d9:6e:1e:0e:21:98:5f:86:bb:
                    77:89:37:cc:be:40:a3:33:59:ee:16:84:0a:41:fc:
                    02:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:98:6D:6C:43:7F:6F:F3:94:63:69:1B:83:94:66:1D:52:DB:DB:15
            X509v3 Authority Key Identifier:
                keyid:73:A8:3C:81:01:57:E3:E8:51:1E:EB:E3:9C:FC:AD:16:FA:32:97:00

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.pudu.be/repo/pudu/0/73A83C810157E3E8511EEBE39CFCAD16FA329700.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6g8gQFX4-hRHuvjnPytFvoylwA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.pudu.be/repo/pudu/0/39312e3139332e3131342e302f32342d3234203d3e203437363839.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.193.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:80:c7:65:e1:91:79:81:8f:15:5e:58:08:d3:9d:40:c2:cf:
         cf:66:df:46:ab:c1:65:21:3c:eb:c9:44:cc:0e:ac:09:bd:49:
         fc:a7:2b:b2:c2:47:3d:4b:12:0c:6e:57:ea:50:3f:d9:5b:c6:
         2f:00:7b:d8:c2:e6:a6:d0:df:39:0c:37:bb:80:52:49:c9:9f:
         ba:52:da:28:47:0e:37:57:fa:c2:9a:95:8e:6f:03:30:cd:8f:
         d0:eb:90:9d:a5:c6:78:0b:b6:b6:41:5e:b0:4a:4b:b9:d5:1c:
         87:07:70:ed:01:75:71:40:3a:cd:ed:ea:1a:ef:19:3a:9f:46:
         1e:d8:a8:d0:7b:1a:fb:9b:4c:6c:58:16:85:bd:c7:3b:6f:03:
         70:a0:be:49:23:f4:6c:ea:95:25:58:e5:f2:81:0e:c6:8d:26:
         7b:e1:44:13:6f:c4:5f:5d:d5:da:f3:97:b4:ec:0f:94:e5:77:
         c0:e1:a6:6d:b6:c3:65:5a:21:06:14:a0:7d:b5:a8:93:34:b7:
         08:85:4a:69:5d:35:60:0c:aa:01:ba:45:b0:76:7d:ae:78:84:
         c6:eb:fb:61:1e:fe:e1:a8:c1:62:7c:df:e5:57:11:67:c6:57:
         05:67:fa:ca:9d:5b:fb:65:04:70:2a:6b:73:dc:af:ce:53:77:
         59:cd:65:4e
-----BEGIN CERTIFICATE-----
MIIExDCCA6ygAwIBAgIUNMC506hiyuCvzOCc/kgK93iZZcUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzNhODNjODEwMTU3ZTNlODUxMWVlYmUzOWNmY2FkMTZm
YTMyOTcwMDAeFw0yNDAyMTEwNjE4MDhaFw0yNTAyMDkwNjIzMDhaMDMxMTAvBgNV
BAMTKDA3OTg2RDZDNDM3RjZGRjM5NDYzNjkxQjgzOTQ2NjFENTJEQkRCMTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1qqIclGmb+ihp9lfLKTKtUGTV
MzzPPudYb4wBUAkOv791+2DLYp/wW8iITUu8cVPGmQMN/UBO8Pynh3u6whVBCcvw
H5sMiRiAXHPqHBCQNkx7Wq8SsLbr/uwTNiZvJlT0HLskNmWBbOSo/7+c6pcPqDJ/
sJ/SzauacwI4iLt5k6a7r6W2TuY2wOZ2UsNqTKSyNfzXcBDMC+YhJZIqUWzAykVf
zrJ9kMcQO7A0UjNoajmpqFemy+klyf3ZjdzzAWX+FGvTTt6xcfQ57S/BK93pB2yd
JGmd9GRkWciQnFCA/dkn6is7KNluHg4hmF+Gu3eJN8y+QKMzWe4WhApB/AJLAgMB
AAGjggHOMIIByjAdBgNVHQ4EFgQUB5htbEN/b/OUY2kbg5RmHVLb2xUwHwYDVR0j
BBgwFoAUc6g8gQFX4+hRHuvjnPytFvoylwAwDgYDVR0PAQH/BAQDAgeAMF4GA1Ud
HwRXMFUwU6BRoE+GTXJzeW5jOi8vcnBraS5wdWR1LmJlL3JlcG8vcHVkdS8wLzcz
QTgzQzgxMDE1N0UzRTg1MTFFRUJFMzlDRkNBRDE2RkEzMjk3MDAuY3JsMGQGCCsG
AQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3Jl
cG9zaXRvcnkvREVGQVVMVC9jNmc4Z1FGWDQtaFJIdXZqblB5dEZ2b3lsd0EuY2Vy
MHcGCCsGAQUFBwELBGswaTBnBggrBgEFBQcwC4ZbcnN5bmM6Ly9ycGtpLnB1ZHUu
YmUvcmVwby9wdWR1LzAvMzkzMTJlMzEzOTMzMmUzMTMxMzQyZTMwMmYzMjM0MmQz
MjM0MjAzZDNlMjAzNDM3MzYzODM5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8FyMA0GCSqGSIb3DQEB
CwUAA4IBAQA9gMdl4ZF5gY8VXlgI051Aws/PZt9Gq8FlITzryUTMDqwJvUn8pyuy
wkc9SxIMblfqUD/ZW8YvAHvYwuam0N85DDe7gFJJyZ+6UtooRw43V/rCmpWObwMw
zY/Q65CdpcZ4C7a2QV6wSku51RyHB3DtAXVxQDrN7eoa7xk6n0Ye2KjQexr7m0xs
WBaFvcc7bwNwoL5JI/Rs6pUlWOXygQ7GjSZ74UQTb8RfXdXa85e07A+U5XfA4aZt
tsNlWiEGFKB9taiTNLcIhUppXTVgDKoBukWwdn2ueITG6/thHv7hqMFifN/lVxFn
xlcFZ/rKnVv7ZQRwKmtz3K/OU3dZzWVO
-----END CERTIFICATE-----