Route Origin Authorization

$ rpki-client -vvf rpki.pudu.be/repo/pudu/1/323030313a3637633a6238383a3a2f34382d3438203d3e203536373632.roa
File:                     323030313a3637633a6238383a3a2f34382d3438203d3e203536373632.roa (raw, json)
Hash identifier:          YWJxHIHWRUFPkTTQOOQtlfptKffGhKBP38j4lAddJyo=
Subject key identifier:   6D:2B:B6:42:47:F0:63:22:63:51:CB:CA:D8:35:64:75:18:33:93:03
Certificate issuer:       /CN=cf7dc5a4f702d3dc9d56ea35b9ee202ec549647e
Certificate serial:       319C2AE58A6F9A82F4AF1DCAEE7C7AA79B07C956
Authority key identifier: CF:7D:C5:A4:F7:02:D3:DC:9D:56:EA:35:B9:EE:20:2E:C5:49:64:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z33FpPcC09ydVuo1ue4gLsVJZH4.cer
Subject info access:      rsync://rpki.pudu.be/repo/pudu/1/323030313a3637633a6238383a3a2f34382d3438203d3e203536373632.roa
Signing time:             Tue 22 Apr 2025 07:12:38 +0000
ROA not before:           Tue 22 Apr 2025 07:07:38 +0000
ROA not after:            Tue 21 Apr 2026 07:12:38 +0000
asID:                     56762
IP address blocks:        2001:67c:b88::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.pudu.be/repo/pudu/1/CF7DC5A4F702D3DC9D56EA35B9EE202EC549647E.crl
                          rsync://rpki.pudu.be/repo/pudu/1/CF7DC5A4F702D3DC9D56EA35B9EE202EC549647E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z33FpPcC09ydVuo1ue4gLsVJZH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 12:56:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:9c:2a:e5:8a:6f:9a:82:f4:af:1d:ca:ee:7c:7a:a7:9b:07:c9:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf7dc5a4f702d3dc9d56ea35b9ee202ec549647e
        Validity
            Not Before: Apr 22 07:07:38 2025 GMT
            Not After : Apr 21 07:12:38 2026 GMT
        Subject: CN=6D2BB64247F063226351CBCAD835647518339303
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:aa:76:f7:14:fa:ae:e2:ad:cc:1a:a2:ae:c1:
                    e9:a4:43:f9:b8:1d:eb:80:c5:91:be:fb:7b:4b:f1:
                    0b:7b:6f:a4:dc:69:cd:03:88:e8:cb:14:8c:0e:2d:
                    e0:cf:5f:ec:e5:8a:cd:e7:8d:69:69:ac:a6:83:d2:
                    d4:50:fe:12:62:f8:42:a5:24:db:eb:6f:b8:d1:27:
                    a0:0c:ab:f2:86:97:40:a4:3e:b6:66:10:f5:0a:f5:
                    fb:ab:d5:7d:b1:b3:29:82:52:fe:31:d8:44:08:67:
                    79:ee:78:7d:c6:43:d6:b5:c5:f4:77:c1:a4:be:77:
                    8b:e2:2f:da:81:e9:90:bd:40:18:95:67:2c:11:81:
                    76:e0:6a:23:22:0c:10:97:fb:5d:8c:45:16:98:af:
                    8a:6c:7a:a3:e9:8d:57:8b:b5:43:84:df:e9:e2:ec:
                    a2:4a:e0:69:bb:bd:e5:5e:91:de:9d:75:6f:da:e2:
                    d2:a2:03:d7:fa:74:3a:1a:6c:6a:95:55:cd:25:fa:
                    70:51:12:5f:30:cb:3c:56:86:e7:10:96:61:01:8a:
                    e9:68:6a:21:1f:72:6e:f1:14:f0:ac:71:56:47:c3:
                    59:db:68:5f:a3:05:d0:d5:27:7b:1f:d0:6d:1e:1e:
                    ab:af:f9:00:74:26:c6:2a:4f:db:55:22:1d:c2:40:
                    88:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:2B:B6:42:47:F0:63:22:63:51:CB:CA:D8:35:64:75:18:33:93:03
            X509v3 Authority Key Identifier:
                keyid:CF:7D:C5:A4:F7:02:D3:DC:9D:56:EA:35:B9:EE:20:2E:C5:49:64:7E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.pudu.be/repo/pudu/1/CF7DC5A4F702D3DC9D56EA35B9EE202EC549647E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z33FpPcC09ydVuo1ue4gLsVJZH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.pudu.be/repo/pudu/1/323030313a3637633a6238383a3a2f34382d3438203d3e203536373632.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:b88::/48

    Signature Algorithm: sha256WithRSAEncryption
         2f:f7:8b:3e:20:96:0f:69:7a:6d:ff:39:b6:6a:79:59:da:f9:
         30:8b:da:d5:92:ca:77:76:d4:dc:76:8e:f7:4a:71:e7:3b:9b:
         df:13:66:f0:6a:2e:dc:22:71:68:ab:34:6b:e2:33:bc:f6:8f:
         c1:bf:c4:69:01:f5:48:a2:dc:43:e9:93:c4:2b:e1:e5:82:06:
         24:ff:df:f5:7b:a7:c4:13:5e:67:13:d9:fc:42:90:7d:aa:c1:
         d0:c3:17:b1:d6:31:67:15:28:59:19:4f:a4:1c:48:ee:e5:b7:
         f4:eb:bf:e6:79:e6:83:9b:b2:fe:b4:14:ca:c9:b0:1c:c3:14:
         00:ba:85:37:94:1a:6c:5a:05:70:17:4a:b8:81:f2:7c:d5:47:
         f7:46:d8:63:ab:93:f1:3c:dc:37:56:51:b7:a3:fd:c3:15:c0:
         fd:6c:24:c6:99:07:4e:f2:90:c0:c2:d8:27:fe:9e:3e:fa:52:
         0d:91:03:4b:d4:76:82:1e:c7:70:58:f6:42:78:9a:2f:80:f0:
         96:77:d0:b8:45:2d:ff:f4:0a:e8:1d:72:da:9d:58:36:92:8a:
         8e:41:4b:c1:83:c4:42:7d:72:08:d4:fd:e0:63:c7:4b:66:0c:
         f2:c5:29:de:03:73:e8:e0:6c:48:e7:c9:9c:fa:5a:b9:82:d8:
         9b:e4:61:b1
-----BEGIN CERTIFICATE-----
MIIEyzCCA7OgAwIBAgIUMZwq5YpvmoL0rx3K7nx6p5sHyVYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2Y3ZGM1YTRmNzAyZDNkYzlkNTZlYTM1YjllZTIwMmVj
NTQ5NjQ3ZTAeFw0yNTA0MjIwNzA3MzhaFw0yNjA0MjEwNzEyMzhaMDMxMTAvBgNV
BAMTKDZEMkJCNjQyNDdGMDYzMjI2MzUxQ0JDQUQ4MzU2NDc1MTgzMzkzMDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNqnb3FPqu4q3MGqKuwemkQ/m4
HeuAxZG++3tL8Qt7b6Tcac0DiOjLFIwOLeDPX+zlis3njWlprKaD0tRQ/hJi+EKl
JNvrb7jRJ6AMq/KGl0CkPrZmEPUK9fur1X2xsymCUv4x2EQIZ3nueH3GQ9a1xfR3
waS+d4viL9qB6ZC9QBiVZywRgXbgaiMiDBCX+12MRRaYr4pseqPpjVeLtUOE3+ni
7KJK4Gm7veVekd6ddW/a4tKiA9f6dDoabGqVVc0l+nBREl8wyzxWhucQlmEBiulo
aiEfcm7xFPCscVZHw1nbaF+jBdDVJ3sf0G0eHquv+QB0JsYqT9tVIh3CQIhRAgMB
AAGjggHVMIIB0TAdBgNVHQ4EFgQUbSu2QkfwYyJjUcvK2DVkdRgzkwMwHwYDVR0j
BBgwFoAUz33FpPcC09ydVuo1ue4gLsVJZH4wDgYDVR0PAQH/BAQDAgeAMF4GA1Ud
HwRXMFUwU6BRoE+GTXJzeW5jOi8vcnBraS5wdWR1LmJlL3JlcG8vcHVkdS8xL0NG
N0RDNUE0RjcwMkQzREM5RDU2RUEzNUI5RUUyMDJFQzU0OTY0N0UuY3JsMGQGCCsG
AQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3Jl
cG9zaXRvcnkvREVGQVVMVC96MzNGcFBjQzA5eWRWdW8xdWU0Z0xzVkpaSDQuY2Vy
MHsGCCsGAQUFBwELBG8wbTBrBggrBgEFBQcwC4ZfcnN5bmM6Ly9ycGtpLnB1ZHUu
YmUvcmVwby9wdWR1LzEvMzIzMDMwMzEzYTM2Mzc2MzNhNjIzODM4M2EzYTJmMzQz
ODJkMzQzODIwM2QzZTIwMzUzNjM3MzYzMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABBnwLiDANBgkq
hkiG9w0BAQsFAAOCAQEAL/eLPiCWD2l6bf85tmp5Wdr5MIva1ZLKd3bU3HaO90px
5zub3xNm8Gou3CJxaKs0a+IzvPaPwb/EaQH1SKLcQ+mTxCvh5YIGJP/f9XunxBNe
ZxPZ/EKQfarB0MMXsdYxZxUoWRlPpBxI7uW39Ou/5nnmg5uy/rQUysmwHMMUALqF
N5QabFoFcBdKuIHyfNVH90bYY6uT8TzcN1ZRt6P9wxXA/WwkxpkHTvKQwMLYJ/6e
PvpSDZEDS9R2gh7HcFj2QniaL4DwlnfQuEUt//QK6B1y2p1YNpKKjkFLwYPEQn1y
CNT94GPHS2YM8sUp3gNz6OBsSOfJnPpauYLYm+RhsQ==
-----END CERTIFICATE-----