Route Origin Authorization

$ rpki-client -vvf rpki.pudu.be/repo/pudu/1/323030313a3637633a6238383a3a2f34382d3438203d3e203536373632.roa
File:                     323030313a3637633a6238383a3a2f34382d3438203d3e203536373632.roa (raw, json)
Hash identifier:          IO5+u5ThKglMZWkXiVcInX497V8xr52Q3GEkNOeSG1U=
Subject key identifier:   85:29:04:00:D9:3D:65:33:96:28:02:B6:7D:4C:8F:18:A4:85:3A:B6
Certificate issuer:       /CN=cf7dc5a4f702d3dc9d56ea35b9ee202ec549647e
Certificate serial:       2C1174EE380A4354D4424D0AAE5460B36B9654A6
Authority key identifier: CF:7D:C5:A4:F7:02:D3:DC:9D:56:EA:35:B9:EE:20:2E:C5:49:64:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z33FpPcC09ydVuo1ue4gLsVJZH4.cer
Subject info access:      rsync://rpki.pudu.be/repo/pudu/1/323030313a3637633a6238383a3a2f34382d3438203d3e203536373632.roa
Signing time:             Tue 24 Mar 2026 07:24:35 +0000
ROA not before:           Tue 24 Mar 2026 07:19:35 +0000
ROA not after:            Tue 23 Mar 2027 07:24:35 +0000
asID:                     56762
IP address blocks:        2001:67c:b88::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.pudu.be/repo/pudu/1/CF7DC5A4F702D3DC9D56EA35B9EE202EC549647E.crl
                          rsync://rpki.pudu.be/repo/pudu/1/CF7DC5A4F702D3DC9D56EA35B9EE202EC549647E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z33FpPcC09ydVuo1ue4gLsVJZH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:11:74:ee:38:0a:43:54:d4:42:4d:0a:ae:54:60:b3:6b:96:54:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf7dc5a4f702d3dc9d56ea35b9ee202ec549647e
        Validity
            Not Before: Mar 24 07:19:35 2026 GMT
            Not After : Mar 23 07:24:35 2027 GMT
        Subject: CN=85290400D93D6533962802B67D4C8F18A4853AB6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:66:2a:8a:19:60:d7:b8:80:c9:7f:3a:05:d0:
                    18:9a:cc:de:52:ce:6c:66:1d:79:23:d3:29:c5:fe:
                    3e:e6:67:ce:2a:a3:a9:b8:23:fd:e2:54:c0:d7:a9:
                    62:f1:cd:53:2f:25:12:71:0f:e3:7f:7f:4a:97:3c:
                    af:4d:db:3b:7d:ff:69:1a:99:d4:cf:87:18:25:cb:
                    f2:b8:e5:53:91:d8:9d:76:1c:94:8d:98:0c:b2:ea:
                    be:f6:95:52:96:b0:5c:84:71:9e:0d:f1:8a:d3:df:
                    29:3e:49:05:80:1d:e7:b5:79:10:bd:27:19:91:1f:
                    4c:5f:34:3f:cf:bc:54:6a:55:74:bc:ba:5c:21:94:
                    20:37:96:ca:96:ba:b5:82:0c:09:fe:04:b4:fd:3f:
                    1b:9b:b1:93:89:a1:91:19:06:25:d6:fa:8c:f1:76:
                    d0:c1:9d:22:b6:4d:72:6d:7c:9d:9b:e9:1e:56:57:
                    d7:0d:5a:a9:59:7f:07:89:35:0f:87:11:0a:e8:2c:
                    a3:2d:0f:49:14:49:08:73:9d:f6:04:ed:b3:a8:90:
                    6e:37:23:0a:c4:bc:96:f1:d3:48:7e:d2:1a:62:f7:
                    2b:5a:6a:f9:99:21:6c:de:42:b7:61:f8:c8:06:81:
                    1f:04:8c:72:23:4a:c5:a3:e3:0e:83:1f:63:ea:cf:
                    2f:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:29:04:00:D9:3D:65:33:96:28:02:B6:7D:4C:8F:18:A4:85:3A:B6
            X509v3 Authority Key Identifier:
                keyid:CF:7D:C5:A4:F7:02:D3:DC:9D:56:EA:35:B9:EE:20:2E:C5:49:64:7E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.pudu.be/repo/pudu/1/CF7DC5A4F702D3DC9D56EA35B9EE202EC549647E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z33FpPcC09ydVuo1ue4gLsVJZH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.pudu.be/repo/pudu/1/323030313a3637633a6238383a3a2f34382d3438203d3e203536373632.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:b88::/48

    Signature Algorithm: sha256WithRSAEncryption
         95:54:03:f4:a1:2d:f0:c6:24:17:8f:4a:9f:58:77:09:3c:14:
         dd:a2:5b:1b:ff:20:48:2a:30:5d:29:70:28:ec:78:d3:e1:bd:
         53:49:b2:08:19:ed:23:04:9f:ae:6e:48:77:a8:09:1d:96:d8:
         ce:e7:aa:ed:85:35:77:77:ce:ab:10:b1:a6:f0:85:3b:22:f8:
         a5:89:4f:50:97:7e:6a:f8:36:91:13:4f:58:3c:97:2e:80:50:
         f6:54:04:86:de:1f:1f:84:0e:83:3d:2b:43:b8:04:e4:96:45:
         64:ac:0a:29:6b:4f:9d:ae:bc:e5:82:12:ad:b8:ad:17:7e:52:
         0b:79:95:77:6c:5f:c5:1e:d4:6e:13:b4:33:65:a5:75:35:f0:
         c3:ed:37:e8:96:c8:ec:0e:75:2e:09:66:e4:6c:48:19:26:c7:
         5d:a4:b4:de:53:d3:a7:9a:3b:0c:f2:2f:26:8a:7a:ed:7d:6d:
         f1:ed:fd:c4:7d:42:b0:d1:55:9c:71:50:19:ad:89:f5:e2:44:
         09:cd:56:23:6e:e5:3e:dc:c1:08:97:79:7d:41:e9:b0:21:41:
         8b:6d:56:20:0c:e6:4d:f2:3f:64:a1:3b:c9:d6:cc:1e:e0:83:
         36:2a:a3:55:56:18:bc:d6:e3:49:84:54:62:6d:65:e9:6e:0a:
         40:82:99:f4
-----BEGIN CERTIFICATE-----
MIIEyzCCA7OgAwIBAgIULBF07jgKQ1TUQk0KrlRgs2uWVKYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2Y3ZGM1YTRmNzAyZDNkYzlkNTZlYTM1YjllZTIwMmVj
NTQ5NjQ3ZTAeFw0yNjAzMjQwNzE5MzVaFw0yNzAzMjMwNzI0MzVaMDMxMTAvBgNV
BAMTKDg1MjkwNDAwRDkzRDY1MzM5NjI4MDJCNjdENEM4RjE4QTQ4NTNBQjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcZiqKGWDXuIDJfzoF0BiazN5S
zmxmHXkj0ynF/j7mZ84qo6m4I/3iVMDXqWLxzVMvJRJxD+N/f0qXPK9N2zt9/2ka
mdTPhxgly/K45VOR2J12HJSNmAyy6r72lVKWsFyEcZ4N8YrT3yk+SQWAHee1eRC9
JxmRH0xfND/PvFRqVXS8ulwhlCA3lsqWurWCDAn+BLT9PxubsZOJoZEZBiXW+ozx
dtDBnSK2TXJtfJ2b6R5WV9cNWqlZfweJNQ+HEQroLKMtD0kUSQhznfYE7bOokG43
IwrEvJbx00h+0hpi9ytaavmZIWzeQrdh+MgGgR8EjHIjSsWj4w6DH2Pqzy/tAgMB
AAGjggHVMIIB0TAdBgNVHQ4EFgQUhSkEANk9ZTOWKAK2fUyPGKSFOrYwHwYDVR0j
BBgwFoAUz33FpPcC09ydVuo1ue4gLsVJZH4wDgYDVR0PAQH/BAQDAgeAMF4GA1Ud
HwRXMFUwU6BRoE+GTXJzeW5jOi8vcnBraS5wdWR1LmJlL3JlcG8vcHVkdS8xL0NG
N0RDNUE0RjcwMkQzREM5RDU2RUEzNUI5RUUyMDJFQzU0OTY0N0UuY3JsMGQGCCsG
AQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3Jl
cG9zaXRvcnkvREVGQVVMVC96MzNGcFBjQzA5eWRWdW8xdWU0Z0xzVkpaSDQuY2Vy
MHsGCCsGAQUFBwELBG8wbTBrBggrBgEFBQcwC4ZfcnN5bmM6Ly9ycGtpLnB1ZHUu
YmUvcmVwby9wdWR1LzEvMzIzMDMwMzEzYTM2Mzc2MzNhNjIzODM4M2EzYTJmMzQz
ODJkMzQzODIwM2QzZTIwMzUzNjM3MzYzMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABBnwLiDANBgkq
hkiG9w0BAQsFAAOCAQEAlVQD9KEt8MYkF49Kn1h3CTwU3aJbG/8gSCowXSlwKOx4
0+G9U0myCBntIwSfrm5Id6gJHZbYzueq7YU1d3fOqxCxpvCFOyL4pYlPUJd+avg2
kRNPWDyXLoBQ9lQEht4fH4QOgz0rQ7gE5JZFZKwKKWtPna685YISrbitF35SC3mV
d2xfxR7UbhO0M2WldTXww+036JbI7A51Lglm5GxIGSbHXaS03lPTp5o7DPIvJop6
7X1t8e39xH1CsNFVnHFQGa2J9eJECc1WI27lPtzBCJd5fUHpsCFBi21WIAzmTfI/
ZKE7ydbMHuCDNiqjVVYYvNbjSYRUYm1l6W4KQIKZ9A==
-----END CERTIFICATE-----