Route Origin Authorization

$ rpki-client -vvf rpki.pudu.be/repo/pudu/1/323030313a3637633a6238633a3a2f34382d3438203d3e203536373632.roa
File:                     323030313a3637633a6238633a3a2f34382d3438203d3e203536373632.roa (raw, json)
Hash identifier:          HDxF7hNoMhDooYDhqYU0gRysAV3DSlAetCZCA2P/OrM=
Subject key identifier:   77:E9:22:6D:BA:A4:EA:02:57:B2:1F:D4:54:80:67:EA:F0:11:CE:D6
Certificate issuer:       /CN=cf7dc5a4f702d3dc9d56ea35b9ee202ec549647e
Certificate serial:       2021BCBA8BBA32F8916653133E96CE1B157C240D
Authority key identifier: CF:7D:C5:A4:F7:02:D3:DC:9D:56:EA:35:B9:EE:20:2E:C5:49:64:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z33FpPcC09ydVuo1ue4gLsVJZH4.cer
Subject info access:      rsync://rpki.pudu.be/repo/pudu/1/323030313a3637633a6238633a3a2f34382d3438203d3e203536373632.roa
Signing time:             Sun 12 Jan 2025 07:12:28 +0000
ROA not before:           Sun 12 Jan 2025 07:07:28 +0000
ROA not after:            Sun 11 Jan 2026 07:12:28 +0000
asID:                     56762
IP address blocks:        2001:67c:b8c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.pudu.be/repo/pudu/1/CF7DC5A4F702D3DC9D56EA35B9EE202EC549647E.crl
                          rsync://rpki.pudu.be/repo/pudu/1/CF7DC5A4F702D3DC9D56EA35B9EE202EC549647E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z33FpPcC09ydVuo1ue4gLsVJZH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Apr 2025 19:24:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:21:bc:ba:8b:ba:32:f8:91:66:53:13:3e:96:ce:1b:15:7c:24:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf7dc5a4f702d3dc9d56ea35b9ee202ec549647e
        Validity
            Not Before: Jan 12 07:07:28 2025 GMT
            Not After : Jan 11 07:12:28 2026 GMT
        Subject: CN=77E9226DBAA4EA0257B21FD4548067EAF011CED6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:3f:f3:fb:07:a8:90:39:2c:50:bc:be:d0:ff:
                    cd:30:2d:6f:44:03:99:a9:bc:7b:d5:33:a5:38:5b:
                    fe:97:bd:d4:35:0d:d3:ed:8b:68:7d:ef:45:1b:ae:
                    72:53:f1:be:7b:0f:c5:71:c3:bb:8e:a5:12:fe:ec:
                    05:b7:ac:d3:f5:d3:3c:ef:fb:86:17:03:97:f4:d6:
                    78:7d:ae:ed:c5:81:cb:ec:cc:91:a7:ad:7c:a6:62:
                    45:2c:b9:52:03:ba:e5:ec:f4:ee:09:8f:7c:35:67:
                    d8:3f:e2:72:e3:96:35:28:ee:86:3d:cd:f7:b4:54:
                    6f:87:c1:fa:d5:2f:31:73:eb:e2:0a:60:9b:11:08:
                    84:ba:b2:7d:61:72:cb:38:37:5a:08:a6:f5:1f:99:
                    21:8f:25:fd:5f:2a:e0:37:68:79:af:d9:ad:66:8a:
                    55:75:0c:bd:f5:29:ad:70:93:8b:c8:62:54:0f:b3:
                    4f:42:ad:4a:49:11:5a:ee:22:1c:a7:80:dc:a2:a5:
                    c3:fa:b4:c1:38:77:da:c2:31:24:f0:ff:53:a6:90:
                    9b:08:6c:7d:42:17:67:3f:16:c8:d3:03:a3:bc:13:
                    ba:80:f1:ee:26:9a:6f:8c:8f:16:b0:8b:30:5a:26:
                    2b:4f:e0:07:81:66:f4:36:60:f5:91:2c:8f:b4:2b:
                    0e:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:E9:22:6D:BA:A4:EA:02:57:B2:1F:D4:54:80:67:EA:F0:11:CE:D6
            X509v3 Authority Key Identifier:
                keyid:CF:7D:C5:A4:F7:02:D3:DC:9D:56:EA:35:B9:EE:20:2E:C5:49:64:7E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.pudu.be/repo/pudu/1/CF7DC5A4F702D3DC9D56EA35B9EE202EC549647E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z33FpPcC09ydVuo1ue4gLsVJZH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.pudu.be/repo/pudu/1/323030313a3637633a6238633a3a2f34382d3438203d3e203536373632.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:b8c::/48

    Signature Algorithm: sha256WithRSAEncryption
         d7:47:c0:4b:df:11:93:99:28:2f:f3:8c:54:b5:2b:48:dc:24:
         69:27:c4:fc:19:c4:21:15:3d:74:9e:43:6d:7c:80:81:bf:b6:
         00:34:a9:9d:3c:d4:c8:f6:34:f1:45:7c:34:90:a7:b8:e8:a6:
         b4:b7:e4:3d:e9:d9:97:fb:cf:97:04:c8:70:f0:3d:ea:4f:98:
         22:30:e2:ef:3c:7d:a3:f4:a1:33:a5:8c:8f:94:bc:56:83:3c:
         88:0a:5a:5e:76:b7:55:e3:39:91:c9:cb:2a:f4:ad:8d:5f:73:
         82:b3:c8:24:d7:3f:b2:02:f3:15:48:f1:e6:93:7f:8c:ef:91:
         a1:22:45:5a:83:a8:b5:47:da:7c:ec:e3:a8:c2:4c:c2:cd:a1:
         2c:bb:69:8d:1d:e2:31:f7:8b:78:13:20:ca:db:58:8b:43:e5:
         66:de:b0:e9:80:ed:ee:90:65:75:ad:de:11:c0:28:ee:29:aa:
         91:a4:4d:51:33:8a:41:a4:83:5a:92:0b:70:34:e9:7c:c7:d6:
         50:1a:69:1a:8e:db:ba:52:65:39:5a:99:b6:08:2d:2e:45:38:
         b8:ab:43:ef:35:27:34:11:09:88:02:ea:67:63:93:1b:fd:02:
         b0:ea:3d:84:df:24:ab:79:aa:24:fe:7d:a0:b4:a2:a4:dc:5e:
         17:90:ed:90
-----BEGIN CERTIFICATE-----
MIIEyzCCA7OgAwIBAgIUICG8uou6MviRZlMTPpbOGxV8JA0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2Y3ZGM1YTRmNzAyZDNkYzlkNTZlYTM1YjllZTIwMmVj
NTQ5NjQ3ZTAeFw0yNTAxMTIwNzA3MjhaFw0yNjAxMTEwNzEyMjhaMDMxMTAvBgNV
BAMTKDc3RTkyMjZEQkFBNEVBMDI1N0IyMUZENDU0ODA2N0VBRjAxMUNFRDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDP/P7B6iQOSxQvL7Q/80wLW9E
A5mpvHvVM6U4W/6XvdQ1DdPti2h970UbrnJT8b57D8Vxw7uOpRL+7AW3rNP10zzv
+4YXA5f01nh9ru3FgcvszJGnrXymYkUsuVIDuuXs9O4Jj3w1Z9g/4nLjljUo7oY9
zfe0VG+HwfrVLzFz6+IKYJsRCIS6sn1hcss4N1oIpvUfmSGPJf1fKuA3aHmv2a1m
ilV1DL31Ka1wk4vIYlQPs09CrUpJEVruIhyngNyipcP6tME4d9rCMSTw/1OmkJsI
bH1CF2c/FsjTA6O8E7qA8e4mmm+MjxawizBaJitP4AeBZvQ2YPWRLI+0Kw7RAgMB
AAGjggHVMIIB0TAdBgNVHQ4EFgQUd+kibbqk6gJXsh/UVIBn6vARztYwHwYDVR0j
BBgwFoAUz33FpPcC09ydVuo1ue4gLsVJZH4wDgYDVR0PAQH/BAQDAgeAMF4GA1Ud
HwRXMFUwU6BRoE+GTXJzeW5jOi8vcnBraS5wdWR1LmJlL3JlcG8vcHVkdS8xL0NG
N0RDNUE0RjcwMkQzREM5RDU2RUEzNUI5RUUyMDJFQzU0OTY0N0UuY3JsMGQGCCsG
AQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3Jl
cG9zaXRvcnkvREVGQVVMVC96MzNGcFBjQzA5eWRWdW8xdWU0Z0xzVkpaSDQuY2Vy
MHsGCCsGAQUFBwELBG8wbTBrBggrBgEFBQcwC4ZfcnN5bmM6Ly9ycGtpLnB1ZHUu
YmUvcmVwby9wdWR1LzEvMzIzMDMwMzEzYTM2Mzc2MzNhNjIzODYzM2EzYTJmMzQz
ODJkMzQzODIwM2QzZTIwMzUzNjM3MzYzMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABBnwLjDANBgkq
hkiG9w0BAQsFAAOCAQEA10fAS98Rk5koL/OMVLUrSNwkaSfE/BnEIRU9dJ5DbXyA
gb+2ADSpnTzUyPY08UV8NJCnuOimtLfkPenZl/vPlwTIcPA96k+YIjDi7zx9o/Sh
M6WMj5S8VoM8iApaXna3VeM5kcnLKvStjV9zgrPIJNc/sgLzFUjx5pN/jO+RoSJF
WoOotUfafOzjqMJMws2hLLtpjR3iMfeLeBMgyttYi0PlZt6w6YDt7pBlda3eEcAo
7imqkaRNUTOKQaSDWpILcDTpfMfWUBppGo7bulJlOVqZtggtLkU4uKtD7zUnNBEJ
iALqZ2OTG/0CsOo9hN8kq3mqJP59oLSipNxeF5DtkA==
-----END CERTIFICATE-----