Route Origin Authorization

$ rpki-client -vvf rpki.pudu.be/repo/pudu/1/323030313a3637633a6238633a3a2f34382d3438203d3e203536373632.roa
File:                     323030313a3637633a6238633a3a2f34382d3438203d3e203536373632.roa (raw, json)
Hash identifier:          Yl+GN4QWw05ndZHwiG+92lHH0GQv71yfNDcfS6QVJPE=
Subject key identifier:   52:86:72:CF:85:FE:03:E5:19:FF:23:CF:15:DF:82:03:A1:B2:95:AF
Certificate issuer:       /CN=cf7dc5a4f702d3dc9d56ea35b9ee202ec549647e
Certificate serial:       0DF7CDCD65CCDC7C81C3EE0ED5F3BE563836FE04
Authority key identifier: CF:7D:C5:A4:F7:02:D3:DC:9D:56:EA:35:B9:EE:20:2E:C5:49:64:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z33FpPcC09ydVuo1ue4gLsVJZH4.cer
Subject info access:      rsync://rpki.pudu.be/repo/pudu/1/323030313a3637633a6238633a3a2f34382d3438203d3e203536373632.roa
Signing time:             Sun 11 Feb 2024 06:25:40 +0000
ROA not before:           Sun 11 Feb 2024 06:20:40 +0000
ROA not after:            Sun 09 Feb 2025 06:25:40 +0000
asID:                     56762
IP address blocks:        2001:67c:b8c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.pudu.be/repo/pudu/1/CF7DC5A4F702D3DC9D56EA35B9EE202EC549647E.crl
                          rsync://rpki.pudu.be/repo/pudu/1/CF7DC5A4F702D3DC9D56EA35B9EE202EC549647E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z33FpPcC09ydVuo1ue4gLsVJZH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:f7:cd:cd:65:cc:dc:7c:81:c3:ee:0e:d5:f3:be:56:38:36:fe:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf7dc5a4f702d3dc9d56ea35b9ee202ec549647e
        Validity
            Not Before: Feb 11 06:20:40 2024 GMT
            Not After : Feb  9 06:25:40 2025 GMT
        Subject: CN=528672CF85FE03E519FF23CF15DF8203A1B295AF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f9:a7:e5:ee:ce:d3:a1:1c:ec:41:be:b1:52:
                    80:85:1c:61:35:89:c4:6d:a7:0a:cb:fe:8f:2b:94:
                    7c:79:7d:d0:76:be:97:fa:0f:0e:30:7d:23:56:32:
                    51:5c:f2:15:32:f9:20:64:7d:7b:c8:e3:89:81:8a:
                    a1:fc:1c:cd:50:c2:83:ef:00:a5:c3:ef:06:e1:c3:
                    84:5f:9c:ec:9e:7d:ec:45:8d:cb:4c:02:e4:de:d7:
                    95:bf:92:d2:9d:69:a1:da:49:a8:a4:31:8c:54:93:
                    8f:10:1d:7f:c3:ce:71:6d:80:0e:b8:01:a7:65:bb:
                    8a:07:5e:58:01:e4:44:81:ec:b6:9c:88:77:7b:36:
                    02:c3:d2:6d:fb:68:9f:7e:44:aa:2b:c4:c9:29:24:
                    d8:81:63:a9:37:ca:63:13:ff:36:dd:f8:39:70:f8:
                    25:2c:ff:f3:24:3c:1d:4f:78:c6:6f:4f:08:e1:d0:
                    7e:dd:b5:a7:92:56:3e:c0:3c:63:bf:ce:e2:f9:49:
                    e4:8e:da:9c:f8:43:9c:65:25:ac:6f:a0:3a:2d:49:
                    79:fa:c0:c5:b0:60:a2:65:b6:00:8a:e9:14:c4:4f:
                    8f:72:82:4b:e5:f6:81:36:9e:c9:f8:03:23:83:21:
                    64:c7:24:7c:41:a2:75:72:1d:ef:ac:19:4f:85:f4:
                    a2:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:86:72:CF:85:FE:03:E5:19:FF:23:CF:15:DF:82:03:A1:B2:95:AF
            X509v3 Authority Key Identifier:
                keyid:CF:7D:C5:A4:F7:02:D3:DC:9D:56:EA:35:B9:EE:20:2E:C5:49:64:7E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.pudu.be/repo/pudu/1/CF7DC5A4F702D3DC9D56EA35B9EE202EC549647E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z33FpPcC09ydVuo1ue4gLsVJZH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.pudu.be/repo/pudu/1/323030313a3637633a6238633a3a2f34382d3438203d3e203536373632.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:b8c::/48

    Signature Algorithm: sha256WithRSAEncryption
         ae:c0:3c:18:a4:a7:b9:9e:3b:c7:bc:3c:5e:24:a7:86:26:94:
         e0:29:d3:d5:76:16:4d:93:0d:a5:67:e4:66:28:b6:4a:5b:d0:
         b4:75:a5:9f:4e:bf:5a:d7:56:24:32:24:b6:e1:e8:be:73:77:
         60:6d:61:d0:e5:8c:3a:11:32:e1:dd:46:1d:8a:cb:a1:94:38:
         56:a6:ab:53:25:01:f2:c4:e2:97:ee:9e:2e:37:52:0a:7e:21:
         09:0d:f0:30:12:5d:a7:bc:77:36:95:26:c3:55:f0:de:eb:3d:
         5a:5a:17:39:79:3e:01:3d:0b:29:79:8d:2a:38:72:f2:a6:9e:
         22:73:0f:51:78:fc:1b:a4:5b:17:83:bf:0c:67:e6:80:91:bc:
         ed:2a:20:e0:80:de:03:9c:c2:d4:8b:25:9f:07:71:46:0e:c0:
         ec:f7:ff:0c:73:03:90:12:58:d6:0d:22:2e:60:0a:84:12:e8:
         32:38:b7:21:b8:75:da:9b:54:37:15:90:e2:66:c7:3a:7e:2c:
         08:4e:57:8f:ef:ef:c1:b8:d7:4d:71:3d:74:dd:84:db:29:33:
         40:b8:83:be:42:74:36:c0:9b:27:e3:2a:bb:57:3b:13:2e:29:
         6b:78:bb:8e:7c:df:fc:84:94:ae:83:33:3a:ff:af:84:e3:70:
         ce:ac:03:f1
-----BEGIN CERTIFICATE-----
MIIEyzCCA7OgAwIBAgIUDffNzWXM3HyBw+4O1fO+Vjg2/gQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2Y3ZGM1YTRmNzAyZDNkYzlkNTZlYTM1YjllZTIwMmVj
NTQ5NjQ3ZTAeFw0yNDAyMTEwNjIwNDBaFw0yNTAyMDkwNjI1NDBaMDMxMTAvBgNV
BAMTKDUyODY3MkNGODVGRTAzRTUxOUZGMjNDRjE1REY4MjAzQTFCMjk1QUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1+afl7s7ToRzsQb6xUoCFHGE1
icRtpwrL/o8rlHx5fdB2vpf6Dw4wfSNWMlFc8hUy+SBkfXvI44mBiqH8HM1QwoPv
AKXD7wbhw4RfnOyefexFjctMAuTe15W/ktKdaaHaSaikMYxUk48QHX/DznFtgA64
Aadlu4oHXlgB5ESB7LaciHd7NgLD0m37aJ9+RKorxMkpJNiBY6k3ymMT/zbd+Dlw
+CUs//MkPB1PeMZvTwjh0H7dtaeSVj7APGO/zuL5SeSO2pz4Q5xlJaxvoDotSXn6
wMWwYKJltgCK6RTET49ygkvl9oE2nsn4AyODIWTHJHxBonVyHe+sGU+F9KKrAgMB
AAGjggHVMIIB0TAdBgNVHQ4EFgQUUoZyz4X+A+UZ/yPPFd+CA6Gyla8wHwYDVR0j
BBgwFoAUz33FpPcC09ydVuo1ue4gLsVJZH4wDgYDVR0PAQH/BAQDAgeAMF4GA1Ud
HwRXMFUwU6BRoE+GTXJzeW5jOi8vcnBraS5wdWR1LmJlL3JlcG8vcHVkdS8xL0NG
N0RDNUE0RjcwMkQzREM5RDU2RUEzNUI5RUUyMDJFQzU0OTY0N0UuY3JsMGQGCCsG
AQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3Jl
cG9zaXRvcnkvREVGQVVMVC96MzNGcFBjQzA5eWRWdW8xdWU0Z0xzVkpaSDQuY2Vy
MHsGCCsGAQUFBwELBG8wbTBrBggrBgEFBQcwC4ZfcnN5bmM6Ly9ycGtpLnB1ZHUu
YmUvcmVwby9wdWR1LzEvMzIzMDMwMzEzYTM2Mzc2MzNhNjIzODYzM2EzYTJmMzQz
ODJkMzQzODIwM2QzZTIwMzUzNjM3MzYzMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABBnwLjDANBgkq
hkiG9w0BAQsFAAOCAQEArsA8GKSnuZ47x7w8XiSnhiaU4CnT1XYWTZMNpWfkZii2
SlvQtHWln06/WtdWJDIktuHovnN3YG1h0OWMOhEy4d1GHYrLoZQ4VqarUyUB8sTi
l+6eLjdSCn4hCQ3wMBJdp7x3NpUmw1Xw3us9WloXOXk+AT0LKXmNKjhy8qaeInMP
UXj8G6RbF4O/DGfmgJG87Sog4IDeA5zC1IslnwdxRg7A7Pf/DHMDkBJY1g0iLmAK
hBLoMji3Ibh12ptUNxWQ4mbHOn4sCE5Xj+/vwbjXTXE9dN2E2ykzQLiDvkJ0NsCb
J+Mqu1c7Ey4pa3i7jnzf/ISUroMzOv+vhONwzqwD8Q==
-----END CERTIFICATE-----