Route Origin Authorization

$ rpki-client -vvf rpki.pudu.be/repo/pudu/1/323030313a3637633a6238383a3a2f34382d3438203d3e203536373632.roa
File:                     323030313a3637633a6238383a3a2f34382d3438203d3e203536373632.roa (raw, json)
Hash identifier:          zYzJPuGPFstVSD2hm0i4MaCQSWoM5NZ4u9+bJKzcdv8=
Subject key identifier:   34:26:72:B4:8F:B5:09:7A:DD:53:C2:FE:5A:05:06:71:30:5C:04:D3
Certificate issuer:       /CN=cf7dc5a4f702d3dc9d56ea35b9ee202ec549647e
Certificate serial:       048AB88A43F27B51086E0316D59E2270CC758D50
Authority key identifier: CF:7D:C5:A4:F7:02:D3:DC:9D:56:EA:35:B9:EE:20:2E:C5:49:64:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z33FpPcC09ydVuo1ue4gLsVJZH4.cer
Subject info access:      rsync://rpki.pudu.be/repo/pudu/1/323030313a3637633a6238383a3a2f34382d3438203d3e203536373632.roa
Signing time:             Tue 21 May 2024 06:35:45 +0000
ROA not before:           Tue 21 May 2024 06:30:45 +0000
ROA not after:            Tue 20 May 2025 06:35:45 +0000
asID:                     56762
IP address blocks:        2001:67c:b88::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.pudu.be/repo/pudu/1/CF7DC5A4F702D3DC9D56EA35B9EE202EC549647E.crl
                          rsync://rpki.pudu.be/repo/pudu/1/CF7DC5A4F702D3DC9D56EA35B9EE202EC549647E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z33FpPcC09ydVuo1ue4gLsVJZH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jul 2024 05:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:8a:b8:8a:43:f2:7b:51:08:6e:03:16:d5:9e:22:70:cc:75:8d:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf7dc5a4f702d3dc9d56ea35b9ee202ec549647e
        Validity
            Not Before: May 21 06:30:45 2024 GMT
            Not After : May 20 06:35:45 2025 GMT
        Subject: CN=342672B48FB5097ADD53C2FE5A050671305C04D3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fe:07:91:a5:08:9f:f1:12:bf:68:61:cb:f3:df:
                    05:bc:ba:4f:42:4f:c9:65:0f:5c:ad:7c:72:68:20:
                    d7:de:ea:95:10:47:18:8b:c5:c8:7d:c5:19:b9:84:
                    5b:41:4c:0b:fc:08:4e:14:16:21:89:6a:95:b4:3e:
                    e5:91:95:8c:84:56:d2:51:7d:08:5c:93:96:20:dc:
                    d8:96:3a:89:36:10:f8:e1:ce:27:66:78:4d:b2:7d:
                    10:9f:0b:fb:d3:44:8d:9a:4f:2b:d9:f8:41:f1:66:
                    85:d5:29:22:cd:69:66:17:c0:e8:69:e3:a8:ff:ea:
                    70:04:bb:f0:74:da:a4:56:cb:00:68:2a:44:cf:2b:
                    a4:07:aa:6a:0e:b1:92:b4:5b:7f:cb:62:83:d0:3f:
                    0f:35:03:6c:c6:b4:7b:ec:1e:74:09:8f:8e:7e:d4:
                    df:e3:0a:54:85:17:d3:94:01:0d:68:ad:1d:38:a2:
                    d7:be:06:1a:8b:a3:98:c7:82:02:54:00:2f:7a:98:
                    1d:8c:3f:00:70:65:ec:a7:0a:13:29:24:f0:b3:34:
                    d5:e4:09:de:5c:24:94:f5:af:89:0d:f9:34:36:1e:
                    88:fe:34:d1:e7:6d:88:eb:8c:13:d2:29:fa:72:7d:
                    ca:2b:62:7a:76:64:92:ac:c4:cb:10:41:7d:b5:96:
                    7f:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:26:72:B4:8F:B5:09:7A:DD:53:C2:FE:5A:05:06:71:30:5C:04:D3
            X509v3 Authority Key Identifier:
                keyid:CF:7D:C5:A4:F7:02:D3:DC:9D:56:EA:35:B9:EE:20:2E:C5:49:64:7E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.pudu.be/repo/pudu/1/CF7DC5A4F702D3DC9D56EA35B9EE202EC549647E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z33FpPcC09ydVuo1ue4gLsVJZH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.pudu.be/repo/pudu/1/323030313a3637633a6238383a3a2f34382d3438203d3e203536373632.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:b88::/48

    Signature Algorithm: sha256WithRSAEncryption
         71:34:cb:5d:67:41:16:2d:ad:74:c4:15:d3:7a:b5:74:d6:32:
         77:b6:14:79:a3:a3:80:ee:af:13:c0:3e:58:c5:6f:c7:ac:f4:
         47:56:d0:27:9f:e2:8c:8f:bc:54:65:b0:bb:7c:37:84:6a:76:
         e2:c3:f6:d4:cd:4a:e1:b3:32:36:72:c8:68:57:dc:ad:d8:4c:
         4d:57:7d:6c:f4:f5:45:64:59:b8:44:08:09:7f:aa:ec:e4:7f:
         ab:ef:f5:ff:37:b7:50:89:b9:4c:7e:18:3a:30:65:28:31:02:
         ed:b6:f2:07:4e:d7:ac:25:45:4f:e6:44:aa:c0:c7:d3:4d:c4:
         7e:2e:ca:cb:13:9d:ed:5d:39:37:4b:0b:4a:32:d1:cc:11:ed:
         78:59:8e:4b:c9:38:46:91:9c:ea:f3:f4:ec:64:ed:6a:d8:30:
         0d:9c:8d:da:c4:77:c1:45:26:95:ab:0e:24:70:7e:27:de:ed:
         b8:8c:4d:13:ca:5b:98:99:25:02:ee:e0:b5:37:7b:0c:b3:2b:
         ce:47:da:cc:09:ba:99:d7:60:0a:a3:79:0d:13:e2:a1:02:4b:
         91:cd:8a:3b:d6:c5:e2:dc:91:b2:54:51:fe:61:79:36:46:62:
         3a:f5:b4:ca:76:ca:96:b9:14:bb:37:81:0d:3d:95:83:12:42:
         5e:f8:29:97
-----BEGIN CERTIFICATE-----
MIIEyzCCA7OgAwIBAgIUBIq4ikPye1EIbgMW1Z4icMx1jVAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2Y3ZGM1YTRmNzAyZDNkYzlkNTZlYTM1YjllZTIwMmVj
NTQ5NjQ3ZTAeFw0yNDA1MjEwNjMwNDVaFw0yNTA1MjAwNjM1NDVaMDMxMTAvBgNV
BAMTKDM0MjY3MkI0OEZCNTA5N0FERDUzQzJGRTVBMDUwNjcxMzA1QzA0RDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD+B5GlCJ/xEr9oYcvz3wW8uk9C
T8llD1ytfHJoINfe6pUQRxiLxch9xRm5hFtBTAv8CE4UFiGJapW0PuWRlYyEVtJR
fQhck5Yg3NiWOok2EPjhzidmeE2yfRCfC/vTRI2aTyvZ+EHxZoXVKSLNaWYXwOhp
46j/6nAEu/B02qRWywBoKkTPK6QHqmoOsZK0W3/LYoPQPw81A2zGtHvsHnQJj45+
1N/jClSFF9OUAQ1orR04ote+BhqLo5jHggJUAC96mB2MPwBwZeynChMpJPCzNNXk
Cd5cJJT1r4kN+TQ2Hoj+NNHnbYjrjBPSKfpyfcorYnp2ZJKsxMsQQX21ln/VAgMB
AAGjggHVMIIB0TAdBgNVHQ4EFgQUNCZytI+1CXrdU8L+WgUGcTBcBNMwHwYDVR0j
BBgwFoAUz33FpPcC09ydVuo1ue4gLsVJZH4wDgYDVR0PAQH/BAQDAgeAMF4GA1Ud
HwRXMFUwU6BRoE+GTXJzeW5jOi8vcnBraS5wdWR1LmJlL3JlcG8vcHVkdS8xL0NG
N0RDNUE0RjcwMkQzREM5RDU2RUEzNUI5RUUyMDJFQzU0OTY0N0UuY3JsMGQGCCsG
AQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3Jl
cG9zaXRvcnkvREVGQVVMVC96MzNGcFBjQzA5eWRWdW8xdWU0Z0xzVkpaSDQuY2Vy
MHsGCCsGAQUFBwELBG8wbTBrBggrBgEFBQcwC4ZfcnN5bmM6Ly9ycGtpLnB1ZHUu
YmUvcmVwby9wdWR1LzEvMzIzMDMwMzEzYTM2Mzc2MzNhNjIzODM4M2EzYTJmMzQz
ODJkMzQzODIwM2QzZTIwMzUzNjM3MzYzMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABBnwLiDANBgkq
hkiG9w0BAQsFAAOCAQEAcTTLXWdBFi2tdMQV03q1dNYyd7YUeaOjgO6vE8A+WMVv
x6z0R1bQJ5/ijI+8VGWwu3w3hGp24sP21M1K4bMyNnLIaFfcrdhMTVd9bPT1RWRZ
uEQICX+q7OR/q+/1/ze3UIm5TH4YOjBlKDEC7bbyB07XrCVFT+ZEqsDH003Efi7K
yxOd7V05N0sLSjLRzBHteFmOS8k4RpGc6vP07GTtatgwDZyN2sR3wUUmlasOJHB+
J97tuIxNE8pbmJklAu7gtTd7DLMrzkfazAm6mddgCqN5DRPioQJLkc2KO9bF4tyR
slRR/mF5NkZiOvW0ynbKlrkUuzeBDT2VgxJCXvgplw==
-----END CERTIFICATE-----