Route Origin Authorization

$ rpki-client -vvf rpki.pudu.be/repo/pudu/1/323030313a3637633a6239303a3a2f34382d3438203d3e203437363839.roa
File:                     323030313a3637633a6239303a3a2f34382d3438203d3e203437363839.roa (raw, json)
Hash identifier:          iKc4ECL2JmgsiMS1/8l/kZ4VwxF3G7vNp9tnnFsm2u0=
Subject key identifier:   55:28:3A:9A:57:F7:F2:7E:9A:2C:63:CF:49:AD:B2:74:10:9D:08:50
Certificate issuer:       /CN=cf7dc5a4f702d3dc9d56ea35b9ee202ec549647e
Certificate serial:       685F3FAB22080055C68108C46858B616F8C9607D
Authority key identifier: CF:7D:C5:A4:F7:02:D3:DC:9D:56:EA:35:B9:EE:20:2E:C5:49:64:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z33FpPcC09ydVuo1ue4gLsVJZH4.cer
Subject info access:      rsync://rpki.pudu.be/repo/pudu/1/323030313a3637633a6239303a3a2f34382d3438203d3e203437363839.roa
Signing time:             Sun 12 Jan 2025 07:12:28 +0000
ROA not before:           Sun 12 Jan 2025 07:07:28 +0000
ROA not after:            Sun 11 Jan 2026 07:12:28 +0000
asID:                     47689
IP address blocks:        2001:67c:b90::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.pudu.be/repo/pudu/1/CF7DC5A4F702D3DC9D56EA35B9EE202EC549647E.crl
                          rsync://rpki.pudu.be/repo/pudu/1/CF7DC5A4F702D3DC9D56EA35B9EE202EC549647E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z33FpPcC09ydVuo1ue4gLsVJZH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Apr 2025 19:24:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:5f:3f:ab:22:08:00:55:c6:81:08:c4:68:58:b6:16:f8:c9:60:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf7dc5a4f702d3dc9d56ea35b9ee202ec549647e
        Validity
            Not Before: Jan 12 07:07:28 2025 GMT
            Not After : Jan 11 07:12:28 2026 GMT
        Subject: CN=55283A9A57F7F27E9A2C63CF49ADB274109D0850
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:e9:30:f5:2d:c1:36:dc:69:38:e5:30:7b:e0:
                    d0:4e:c1:d1:e4:0e:f5:19:4b:f4:71:1e:5b:d1:bb:
                    78:5f:01:df:43:19:fd:db:ba:40:4c:d7:ef:88:12:
                    7a:30:ee:d7:28:39:c7:9d:af:07:9c:d6:e1:87:57:
                    d5:24:d9:af:31:89:91:57:08:3a:7f:7d:dd:44:c2:
                    17:5e:7d:c0:56:35:bb:d4:1e:55:76:15:81:af:1f:
                    08:e5:1e:9e:d1:f9:12:6e:76:79:ee:9f:37:b9:97:
                    cb:ef:b6:e2:c4:ed:78:24:48:8c:9c:f4:ad:0a:4a:
                    d3:4d:83:4a:b2:a8:54:6c:d6:90:74:e8:60:c8:7d:
                    29:4d:8e:f5:1d:eb:6a:75:78:2c:73:65:84:92:e8:
                    4d:b0:45:0a:22:19:7f:64:c6:a1:dd:7a:e5:be:df:
                    af:91:25:b7:61:16:84:00:14:3d:d0:c8:8e:cf:74:
                    fc:db:14:fa:47:51:3d:20:33:b3:26:fe:ac:48:d3:
                    10:fa:bf:61:eb:75:f8:51:23:00:a5:1d:73:77:91:
                    f9:1d:d0:39:54:e8:c8:81:f8:53:ef:79:67:ab:93:
                    4b:63:ff:d8:c8:4d:fb:db:d9:b3:9a:d6:68:4e:f8:
                    80:4d:d9:df:8a:77:4f:2b:2a:ab:e8:f4:80:95:67:
                    1e:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:28:3A:9A:57:F7:F2:7E:9A:2C:63:CF:49:AD:B2:74:10:9D:08:50
            X509v3 Authority Key Identifier:
                keyid:CF:7D:C5:A4:F7:02:D3:DC:9D:56:EA:35:B9:EE:20:2E:C5:49:64:7E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.pudu.be/repo/pudu/1/CF7DC5A4F702D3DC9D56EA35B9EE202EC549647E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z33FpPcC09ydVuo1ue4gLsVJZH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.pudu.be/repo/pudu/1/323030313a3637633a6239303a3a2f34382d3438203d3e203437363839.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:b90::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:e4:9d:18:69:fc:04:1b:8e:c5:22:a1:13:be:d6:80:7e:18:
         5a:55:0a:69:a2:6a:ca:91:e1:16:3a:42:3e:ac:04:9c:bd:c2:
         e2:26:df:a0:7d:52:6d:ca:cf:51:79:f9:9b:36:8d:d9:ac:ea:
         a9:ef:fc:4c:8d:17:64:91:38:b2:ac:c3:27:8b:b8:83:92:d7:
         af:90:37:07:68:da:ef:41:61:9d:34:21:40:44:cf:82:d6:40:
         91:d0:db:ba:cf:e7:0e:4b:63:34:4d:91:78:92:f7:51:52:40:
         c9:73:81:e0:71:3c:41:85:98:74:be:53:04:37:ae:32:9b:c7:
         e8:cf:0e:06:7c:0e:d4:ef:63:ca:89:8f:56:f6:a9:d0:e3:74:
         76:71:58:75:8c:d3:7e:af:35:30:d8:35:5b:61:c3:bf:b4:8f:
         23:e9:b5:af:b1:3c:58:19:76:10:3d:3f:c1:6c:e6:09:ad:9d:
         bc:6f:61:78:dd:a2:46:41:5f:1d:55:61:e8:ff:65:ef:d5:02:
         31:e4:76:e4:c7:d3:23:17:e2:49:b8:ce:13:fe:00:87:ff:d5:
         b9:1e:81:f4:1d:69:b4:67:ee:cd:79:6b:c0:89:16:d1:29:ca:
         88:5f:91:78:91:42:5a:85:8f:57:14:ed:d0:6a:a4:39:96:fe:
         6c:d9:1c:13
-----BEGIN CERTIFICATE-----
MIIEyzCCA7OgAwIBAgIUaF8/qyIIAFXGgQjEaFi2FvjJYH0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2Y3ZGM1YTRmNzAyZDNkYzlkNTZlYTM1YjllZTIwMmVj
NTQ5NjQ3ZTAeFw0yNTAxMTIwNzA3MjhaFw0yNjAxMTEwNzEyMjhaMDMxMTAvBgNV
BAMTKDU1MjgzQTlBNTdGN0YyN0U5QTJDNjNDRjQ5QURCMjc0MTA5RDA4NTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJ6TD1LcE23Gk45TB74NBOwdHk
DvUZS/RxHlvRu3hfAd9DGf3bukBM1++IEnow7tcoOcedrwec1uGHV9Uk2a8xiZFX
CDp/fd1EwhdefcBWNbvUHlV2FYGvHwjlHp7R+RJudnnunze5l8vvtuLE7XgkSIyc
9K0KStNNg0qyqFRs1pB06GDIfSlNjvUd62p1eCxzZYSS6E2wRQoiGX9kxqHdeuW+
36+RJbdhFoQAFD3QyI7PdPzbFPpHUT0gM7Mm/qxI0xD6v2HrdfhRIwClHXN3kfkd
0DlU6MiB+FPveWerk0tj/9jITfvb2bOa1mhO+IBN2d+Kd08rKqvo9ICVZx5dAgMB
AAGjggHVMIIB0TAdBgNVHQ4EFgQUVSg6mlf38n6aLGPPSa2ydBCdCFAwHwYDVR0j
BBgwFoAUz33FpPcC09ydVuo1ue4gLsVJZH4wDgYDVR0PAQH/BAQDAgeAMF4GA1Ud
HwRXMFUwU6BRoE+GTXJzeW5jOi8vcnBraS5wdWR1LmJlL3JlcG8vcHVkdS8xL0NG
N0RDNUE0RjcwMkQzREM5RDU2RUEzNUI5RUUyMDJFQzU0OTY0N0UuY3JsMGQGCCsG
AQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3Jl
cG9zaXRvcnkvREVGQVVMVC96MzNGcFBjQzA5eWRWdW8xdWU0Z0xzVkpaSDQuY2Vy
MHsGCCsGAQUFBwELBG8wbTBrBggrBgEFBQcwC4ZfcnN5bmM6Ly9ycGtpLnB1ZHUu
YmUvcmVwby9wdWR1LzEvMzIzMDMwMzEzYTM2Mzc2MzNhNjIzOTMwM2EzYTJmMzQz
ODJkMzQzODIwM2QzZTIwMzQzNzM2MzgzOS5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABBnwLkDANBgkq
hkiG9w0BAQsFAAOCAQEAGuSdGGn8BBuOxSKhE77WgH4YWlUKaaJqypHhFjpCPqwE
nL3C4ibfoH1SbcrPUXn5mzaN2azqqe/8TI0XZJE4sqzDJ4u4g5LXr5A3B2ja70Fh
nTQhQETPgtZAkdDbus/nDktjNE2ReJL3UVJAyXOB4HE8QYWYdL5TBDeuMpvH6M8O
BnwO1O9jyomPVvap0ON0dnFYdYzTfq81MNg1W2HDv7SPI+m1r7E8WBl2ED0/wWzm
Ca2dvG9heN2iRkFfHVVh6P9l79UCMeR25MfTIxfiSbjOE/4Ah//VuR6B9B1ptGfu
zXlrwIkW0SnKiF+ReJFCWoWPVxTt0GqkOZb+bNkcEw==
-----END CERTIFICATE-----