Route Origin Authorization

$ rpki-client -vvf rpki.pudu.be/repo/pudu/1/323030313a3637633a6239303a3a2f34382d3438203d3e203437363839.roa
File:                     323030313a3637633a6239303a3a2f34382d3438203d3e203437363839.roa (raw, json)
Hash identifier:          SHbmshDfS27VkORUT5mster21nFNh6XEYWfClEW3yKE=
Subject key identifier:   05:C8:56:9C:E3:FE:53:53:82:34:34:85:4F:CF:59:13:13:33:15:16
Certificate issuer:       /CN=cf7dc5a4f702d3dc9d56ea35b9ee202ec549647e
Certificate serial:       1C5AC7913E66509736962A56E5F4CDF14C5E7DB5
Authority key identifier: CF:7D:C5:A4:F7:02:D3:DC:9D:56:EA:35:B9:EE:20:2E:C5:49:64:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z33FpPcC09ydVuo1ue4gLsVJZH4.cer
Subject info access:      rsync://rpki.pudu.be/repo/pudu/1/323030313a3637633a6239303a3a2f34382d3438203d3e203437363839.roa
Signing time:             Sun 11 Feb 2024 06:25:40 +0000
ROA not before:           Sun 11 Feb 2024 06:20:40 +0000
ROA not after:            Sun 09 Feb 2025 06:25:40 +0000
asID:                     47689
IP address blocks:        2001:67c:b90::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.pudu.be/repo/pudu/1/CF7DC5A4F702D3DC9D56EA35B9EE202EC549647E.crl
                          rsync://rpki.pudu.be/repo/pudu/1/CF7DC5A4F702D3DC9D56EA35B9EE202EC549647E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z33FpPcC09ydVuo1ue4gLsVJZH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:5a:c7:91:3e:66:50:97:36:96:2a:56:e5:f4:cd:f1:4c:5e:7d:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf7dc5a4f702d3dc9d56ea35b9ee202ec549647e
        Validity
            Not Before: Feb 11 06:20:40 2024 GMT
            Not After : Feb  9 06:25:40 2025 GMT
        Subject: CN=05C8569CE3FE5353823434854FCF591313331516
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:ed:ac:eb:9e:88:e5:f5:94:9d:c4:d7:97:2d:
                    6b:2b:52:a8:b8:1a:92:6c:78:6d:6e:eb:be:6c:6e:
                    a0:c7:0b:2f:10:f8:f4:e0:92:d8:4d:36:fb:8d:e3:
                    f6:21:5d:89:4a:de:1e:fc:3f:1b:ba:58:bc:e6:38:
                    67:c0:3c:09:04:71:34:44:fd:f9:d7:ca:a7:5a:63:
                    4c:66:0a:85:dd:64:f1:33:f5:be:bd:99:12:cc:03:
                    35:c4:f8:27:72:16:1b:fa:d2:a1:32:fe:d9:c0:b6:
                    25:ec:e4:6c:e6:1c:30:05:9d:b9:ab:e4:d6:33:8f:
                    95:01:9f:a0:77:0e:92:d6:67:3d:fb:02:9c:9d:db:
                    de:fa:fe:44:8e:33:fe:45:1b:a2:7b:e2:a8:45:eb:
                    22:19:4a:cb:05:e7:93:55:ec:b3:6b:68:28:cc:f5:
                    fc:31:0d:3e:5a:33:1f:9f:7d:cf:ca:0c:b4:cf:62:
                    f6:a2:5c:f0:58:c1:3a:97:d0:e7:8e:29:87:8d:dd:
                    0e:f7:15:43:11:c6:bf:7b:45:50:f2:fa:72:7f:ed:
                    f5:62:61:a3:25:cf:8b:e5:c0:16:06:45:45:0f:e7:
                    d5:56:06:ff:c2:b1:67:d4:61:bc:88:5a:d3:4d:cc:
                    7a:44:bf:ed:df:ae:13:5f:27:19:a2:21:af:19:ed:
                    a6:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:C8:56:9C:E3:FE:53:53:82:34:34:85:4F:CF:59:13:13:33:15:16
            X509v3 Authority Key Identifier:
                keyid:CF:7D:C5:A4:F7:02:D3:DC:9D:56:EA:35:B9:EE:20:2E:C5:49:64:7E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.pudu.be/repo/pudu/1/CF7DC5A4F702D3DC9D56EA35B9EE202EC549647E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z33FpPcC09ydVuo1ue4gLsVJZH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.pudu.be/repo/pudu/1/323030313a3637633a6239303a3a2f34382d3438203d3e203437363839.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:b90::/48

    Signature Algorithm: sha256WithRSAEncryption
         64:1a:51:a0:27:2d:bb:84:cb:32:53:ef:bf:7d:be:5b:86:55:
         04:34:86:33:6b:45:bf:88:a9:15:78:dc:1a:65:f6:91:b0:30:
         b3:00:66:f6:ec:91:ce:f0:80:18:01:6f:bd:5e:fc:dd:ec:ab:
         be:66:fa:3f:67:9a:42:4d:1b:50:71:1f:00:50:00:ca:63:bf:
         e1:f0:a7:23:3d:b6:6d:79:45:70:da:92:c9:d9:81:c5:3a:0d:
         51:b8:04:a0:08:4d:b6:ee:12:f6:82:5e:28:ea:74:4a:51:1f:
         85:b6:64:94:80:0f:70:58:33:af:2b:f7:d0:3d:f4:2a:72:42:
         11:25:19:55:cf:cc:45:b9:04:9b:62:ec:10:da:64:39:17:f4:
         73:78:fa:be:32:97:44:c5:68:8d:65:5a:3e:32:a5:cd:3f:0e:
         9e:81:ce:21:f0:84:35:00:7e:b6:46:92:6f:b1:e6:79:51:8b:
         ab:c2:6a:0b:c0:07:a3:ee:6a:20:e7:42:bc:a7:cf:1b:93:34:
         5b:b2:36:30:4b:d8:93:b4:56:a0:36:b0:12:3d:26:d6:a4:a7:
         f9:58:36:fd:38:71:04:e8:18:23:a3:4d:9e:b9:a9:8d:60:8d:
         78:a4:67:2f:1b:58:5a:a5:2d:fd:20:35:1b:5e:bc:da:a6:39:
         4c:eb:22:cb
-----BEGIN CERTIFICATE-----
MIIEyzCCA7OgAwIBAgIUHFrHkT5mUJc2lipW5fTN8UxefbUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2Y3ZGM1YTRmNzAyZDNkYzlkNTZlYTM1YjllZTIwMmVj
NTQ5NjQ3ZTAeFw0yNDAyMTEwNjIwNDBaFw0yNTAyMDkwNjI1NDBaMDMxMTAvBgNV
BAMTKDA1Qzg1NjlDRTNGRTUzNTM4MjM0MzQ4NTRGQ0Y1OTEzMTMzMzE1MTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDG7azrnojl9ZSdxNeXLWsrUqi4
GpJseG1u675sbqDHCy8Q+PTgkthNNvuN4/YhXYlK3h78Pxu6WLzmOGfAPAkEcTRE
/fnXyqdaY0xmCoXdZPEz9b69mRLMAzXE+CdyFhv60qEy/tnAtiXs5GzmHDAFnbmr
5NYzj5UBn6B3DpLWZz37Apyd2976/kSOM/5FG6J74qhF6yIZSssF55NV7LNraCjM
9fwxDT5aMx+ffc/KDLTPYvaiXPBYwTqX0OeOKYeN3Q73FUMRxr97RVDy+nJ/7fVi
YaMlz4vlwBYGRUUP59VWBv/CsWfUYbyIWtNNzHpEv+3frhNfJxmiIa8Z7aYPAgMB
AAGjggHVMIIB0TAdBgNVHQ4EFgQUBchWnOP+U1OCNDSFT89ZExMzFRYwHwYDVR0j
BBgwFoAUz33FpPcC09ydVuo1ue4gLsVJZH4wDgYDVR0PAQH/BAQDAgeAMF4GA1Ud
HwRXMFUwU6BRoE+GTXJzeW5jOi8vcnBraS5wdWR1LmJlL3JlcG8vcHVkdS8xL0NG
N0RDNUE0RjcwMkQzREM5RDU2RUEzNUI5RUUyMDJFQzU0OTY0N0UuY3JsMGQGCCsG
AQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3Jl
cG9zaXRvcnkvREVGQVVMVC96MzNGcFBjQzA5eWRWdW8xdWU0Z0xzVkpaSDQuY2Vy
MHsGCCsGAQUFBwELBG8wbTBrBggrBgEFBQcwC4ZfcnN5bmM6Ly9ycGtpLnB1ZHUu
YmUvcmVwby9wdWR1LzEvMzIzMDMwMzEzYTM2Mzc2MzNhNjIzOTMwM2EzYTJmMzQz
ODJkMzQzODIwM2QzZTIwMzQzNzM2MzgzOS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABBnwLkDANBgkq
hkiG9w0BAQsFAAOCAQEAZBpRoCctu4TLMlPvv32+W4ZVBDSGM2tFv4ipFXjcGmX2
kbAwswBm9uyRzvCAGAFvvV783eyrvmb6P2eaQk0bUHEfAFAAymO/4fCnIz22bXlF
cNqSydmBxToNUbgEoAhNtu4S9oJeKOp0SlEfhbZklIAPcFgzryv30D30KnJCESUZ
Vc/MRbkEm2LsENpkORf0c3j6vjKXRMVojWVaPjKlzT8OnoHOIfCENQB+tkaSb7Hm
eVGLq8JqC8AHo+5qIOdCvKfPG5M0W7I2MEvYk7RWoDawEj0m1qSn+Vg2/ThxBOgY
I6NNnrmpjWCNeKRnLxtYWqUt/SA1G1682qY5TOsiyw==
-----END CERTIFICATE-----