Route Origin Authorization

$ rpki-client -vvf rpki.pudu.be/repo/pudu/1/323030313a3637633a6238383a3a2f34382d3438203d3e20323130373631.roa
File:                     323030313a3637633a6238383a3a2f34382d3438203d3e20323130373631.roa (raw, json)
Hash identifier:          LzuP++mgYkZwmksdGU0g2mGR36rsi9yjIGjWhw5RbmE=
Subject key identifier:   26:EC:52:97:12:20:5E:32:9C:2A:DE:9A:3C:57:B7:8D:BF:61:A2:4C
Certificate issuer:       /CN=cf7dc5a4f702d3dc9d56ea35b9ee202ec549647e
Certificate serial:       010E88DE24BEBFCF6ED21AD16057120A501BE2A0
Authority key identifier: CF:7D:C5:A4:F7:02:D3:DC:9D:56:EA:35:B9:EE:20:2E:C5:49:64:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z33FpPcC09ydVuo1ue4gLsVJZH4.cer
Subject info access:      rsync://rpki.pudu.be/repo/pudu/1/323030313a3637633a6238383a3a2f34382d3438203d3e20323130373631.roa
Signing time:             Sun 11 Feb 2024 06:25:40 +0000
ROA not before:           Sun 11 Feb 2024 06:20:40 +0000
ROA not after:            Sun 09 Feb 2025 06:25:40 +0000
asID:                     210761
IP address blocks:        2001:67c:b88::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.pudu.be/repo/pudu/1/CF7DC5A4F702D3DC9D56EA35B9EE202EC549647E.crl
                          rsync://rpki.pudu.be/repo/pudu/1/CF7DC5A4F702D3DC9D56EA35B9EE202EC549647E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z33FpPcC09ydVuo1ue4gLsVJZH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0e:88:de:24:be:bf:cf:6e:d2:1a:d1:60:57:12:0a:50:1b:e2:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf7dc5a4f702d3dc9d56ea35b9ee202ec549647e
        Validity
            Not Before: Feb 11 06:20:40 2024 GMT
            Not After : Feb  9 06:25:40 2025 GMT
        Subject: CN=26EC529712205E329C2ADE9A3C57B78DBF61A24C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:6d:5d:7b:f8:69:8a:3f:9b:d0:56:28:cf:24:
                    5c:ff:8e:38:c3:aa:a5:90:0f:29:b7:5f:c0:ef:ca:
                    11:1e:2d:c1:92:2f:39:6f:17:e7:20:ae:9e:30:58:
                    03:cb:ba:11:1a:be:d9:f6:55:c7:d2:5e:25:e7:01:
                    be:da:a2:2c:67:50:53:da:03:33:4a:4a:f4:80:28:
                    f1:e4:9a:a8:88:b8:2d:70:01:91:f3:fd:cc:f2:1d:
                    4b:72:c9:ed:42:bb:aa:9d:d6:60:95:27:44:e9:25:
                    f1:fc:24:4f:cc:c5:3f:81:06:8c:b0:24:23:50:8b:
                    59:3f:68:70:d3:c6:ef:14:a7:da:03:55:b6:a8:50:
                    7a:5c:af:56:63:5f:f4:48:cd:33:7e:45:74:58:7b:
                    ce:89:11:c7:3c:a8:f4:e8:b2:28:d3:11:eb:92:50:
                    07:10:dc:0d:1e:6f:8d:5f:c4:5d:1f:19:61:dc:23:
                    e6:29:80:13:d3:3a:08:f7:01:8c:7d:9c:a4:59:33:
                    2b:70:c0:c4:34:7b:7c:d7:a3:59:83:e3:f4:c6:f9:
                    a9:5f:5e:65:bf:8d:f6:df:65:c7:60:64:5e:43:39:
                    db:0f:01:b3:3f:24:f3:8d:09:7f:5d:18:d3:8a:b2:
                    76:0d:c6:94:e2:92:e0:44:2a:e4:5e:14:d4:87:33:
                    ec:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:EC:52:97:12:20:5E:32:9C:2A:DE:9A:3C:57:B7:8D:BF:61:A2:4C
            X509v3 Authority Key Identifier:
                keyid:CF:7D:C5:A4:F7:02:D3:DC:9D:56:EA:35:B9:EE:20:2E:C5:49:64:7E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.pudu.be/repo/pudu/1/CF7DC5A4F702D3DC9D56EA35B9EE202EC549647E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z33FpPcC09ydVuo1ue4gLsVJZH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.pudu.be/repo/pudu/1/323030313a3637633a6238383a3a2f34382d3438203d3e20323130373631.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:b88::/48

    Signature Algorithm: sha256WithRSAEncryption
         0e:3a:cb:1c:0e:50:58:05:d2:0c:e7:88:79:35:e2:fb:37:47:
         d5:de:df:17:2b:dd:05:80:c6:d4:b8:65:fb:a1:08:4c:2c:71:
         2a:8b:23:8c:2a:2f:ea:3e:8f:29:46:92:c1:c3:77:2c:fa:82:
         d6:42:f1:23:d7:99:0e:a8:fb:e6:02:31:b3:52:aa:d4:2c:8e:
         f5:87:e7:82:19:87:28:51:86:c2:44:c0:87:28:4c:99:61:df:
         1c:0d:f9:a9:1b:5e:73:0a:67:54:c6:4f:0c:c1:e8:ba:4e:67:
         f5:6d:37:68:5b:8c:bc:fc:ee:a1:7c:73:1b:d2:d7:2c:3c:9f:
         d1:47:ec:2a:a5:ff:36:09:90:92:bb:4e:ad:0e:92:89:20:cc:
         07:ba:5d:90:f4:9b:67:b0:90:ae:1e:9a:7f:37:f6:28:05:24:
         8b:0e:28:0c:d8:9b:f7:7a:d7:92:58:3f:09:38:5c:63:ca:e8:
         87:c2:8b:e8:16:49:1b:1c:10:b2:8d:4e:66:4f:bc:fb:cc:ca:
         3f:ad:de:4d:20:7c:e3:38:a5:8a:ef:09:ad:6a:6e:35:73:98:
         50:79:fe:71:e6:b1:dd:2e:c7:47:78:79:c9:d7:f5:7d:a9:00:
         09:ea:e4:c8:74:86:3c:52:51:c1:cc:0b:d6:5f:80:42:89:c5:
         d0:a6:1d:8b
-----BEGIN CERTIFICATE-----
MIIEzTCCA7WgAwIBAgIUAQ6I3iS+v89u0hrRYFcSClAb4qAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2Y3ZGM1YTRmNzAyZDNkYzlkNTZlYTM1YjllZTIwMmVj
NTQ5NjQ3ZTAeFw0yNDAyMTEwNjIwNDBaFw0yNTAyMDkwNjI1NDBaMDMxMTAvBgNV
BAMTKDI2RUM1Mjk3MTIyMDVFMzI5QzJBREU5QTNDNTdCNzhEQkY2MUEyNEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkbV17+GmKP5vQVijPJFz/jjjD
qqWQDym3X8DvyhEeLcGSLzlvF+cgrp4wWAPLuhEavtn2VcfSXiXnAb7aoixnUFPa
AzNKSvSAKPHkmqiIuC1wAZHz/czyHUtyye1Cu6qd1mCVJ0TpJfH8JE/MxT+BBoyw
JCNQi1k/aHDTxu8Up9oDVbaoUHpcr1ZjX/RIzTN+RXRYe86JEcc8qPTosijTEeuS
UAcQ3A0eb41fxF0fGWHcI+YpgBPTOgj3AYx9nKRZMytwwMQ0e3zXo1mD4/TG+alf
XmW/jfbfZcdgZF5DOdsPAbM/JPONCX9dGNOKsnYNxpTikuBEKuReFNSHM+wPAgMB
AAGjggHXMIIB0zAdBgNVHQ4EFgQUJuxSlxIgXjKcKt6aPFe3jb9hokwwHwYDVR0j
BBgwFoAUz33FpPcC09ydVuo1ue4gLsVJZH4wDgYDVR0PAQH/BAQDAgeAMF4GA1Ud
HwRXMFUwU6BRoE+GTXJzeW5jOi8vcnBraS5wdWR1LmJlL3JlcG8vcHVkdS8xL0NG
N0RDNUE0RjcwMkQzREM5RDU2RUEzNUI5RUUyMDJFQzU0OTY0N0UuY3JsMGQGCCsG
AQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3Jl
cG9zaXRvcnkvREVGQVVMVC96MzNGcFBjQzA5eWRWdW8xdWU0Z0xzVkpaSDQuY2Vy
MH0GCCsGAQUFBwELBHEwbzBtBggrBgEFBQcwC4ZhcnN5bmM6Ly9ycGtpLnB1ZHUu
YmUvcmVwby9wdWR1LzEvMzIzMDMwMzEzYTM2Mzc2MzNhNjIzODM4M2EzYTJmMzQz
ODJkMzQzODIwM2QzZTIwMzIzMTMwMzczNjMxLnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAuIMA0G
CSqGSIb3DQEBCwUAA4IBAQAOOsscDlBYBdIM54h5NeL7N0fV3t8XK90FgMbUuGX7
oQhMLHEqiyOMKi/qPo8pRpLBw3cs+oLWQvEj15kOqPvmAjGzUqrULI71h+eCGYco
UYbCRMCHKEyZYd8cDfmpG15zCmdUxk8Mwei6Tmf1bTdoW4y8/O6hfHMb0tcsPJ/R
R+wqpf82CZCSu06tDpKJIMwHul2Q9JtnsJCuHpp/N/YoBSSLDigM2Jv3eteSWD8J
OFxjyuiHwovoFkkbHBCyjU5mT7z7zMo/rd5NIHzjOKWK7wmtam41c5hQef5x5rHd
LsdHeHnJ1/V9qQAJ6uTIdIY8UlHBzAvWX4BCicXQph2L
-----END CERTIFICATE-----