Route Origin Authorization

$ rpki-client -vvf rpki.pudu.be/repo/pudu/0/36342e3138372e3230392e302f32342d3332203d3e203536373632.roa
File:                     36342e3138372e3230392e302f32342d3332203d3e203536373632.roa (raw, json)
Hash identifier:          4ldppQhuDM6WEtx0cWjATCaBLMXHYMhzaxsPMjrhKSo=
Subject key identifier:   6E:94:7F:F9:BF:D9:8B:3E:57:DF:2F:50:77:63:E9:94:76:6D:A7:4C
Certificate issuer:       /CN=73a83c810157e3e8511eebe39cfcad16fa329700
Certificate serial:       53266DE66B06FF9D2EDADC15BD253210F4A09E02
Authority key identifier: 73:A8:3C:81:01:57:E3:E8:51:1E:EB:E3:9C:FC:AD:16:FA:32:97:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c6g8gQFX4-hRHuvjnPytFvoylwA.cer
Subject info access:      rsync://rpki.pudu.be/repo/pudu/0/36342e3138372e3230392e302f32342d3332203d3e203536373632.roa
Signing time:             Sun 13 Apr 2025 19:12:35 +0000
ROA not before:           Sun 13 Apr 2025 19:07:35 +0000
ROA not after:            Sun 12 Apr 2026 19:12:35 +0000
asID:                     56762
IP address blocks:        64.187.209.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.pudu.be/repo/pudu/0/73A83C810157E3E8511EEBE39CFCAD16FA329700.crl
                          rsync://rpki.pudu.be/repo/pudu/0/73A83C810157E3E8511EEBE39CFCAD16FA329700.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c6g8gQFX4-hRHuvjnPytFvoylwA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 May 2025 14:42:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:26:6d:e6:6b:06:ff:9d:2e:da:dc:15:bd:25:32:10:f4:a0:9e:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73a83c810157e3e8511eebe39cfcad16fa329700
        Validity
            Not Before: Apr 13 19:07:35 2025 GMT
            Not After : Apr 12 19:12:35 2026 GMT
        Subject: CN=6E947FF9BFD98B3E57DF2F507763E994766DA74C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:64:42:23:33:9e:98:13:3e:a9:8b:fc:bd:26:
                    57:02:1d:a0:56:14:37:ec:16:5d:86:9f:6b:04:68:
                    b7:7c:e9:77:5d:5f:99:1a:1a:40:d3:55:07:f9:52:
                    f4:49:96:5a:63:ae:5d:0e:b0:49:1a:7e:25:6d:0b:
                    bc:0d:75:fb:ba:7a:77:a3:68:61:72:b9:73:22:8b:
                    a1:bf:ab:fd:d7:dc:61:66:50:8c:f5:f7:8d:f5:83:
                    9e:52:38:9f:a0:b8:2f:a3:37:6c:9b:5e:ae:29:0f:
                    91:cf:d6:4a:ff:ec:56:8f:5f:db:ca:9d:01:5e:b4:
                    9f:ff:91:8e:1a:f9:a1:e8:43:da:15:38:25:01:e7:
                    07:a5:ec:e8:2e:3a:05:84:18:e7:37:ac:1b:48:49:
                    92:04:fc:73:7b:9c:9c:d0:f4:e3:4e:76:b3:58:6d:
                    44:f5:cf:89:1e:5a:28:56:fa:7c:e1:ad:11:1f:13:
                    b1:91:4d:c4:88:a9:60:44:41:42:e9:e0:4c:1e:35:
                    58:6d:5b:59:77:0f:a9:e4:38:98:d8:eb:18:f0:e6:
                    bf:6f:d0:48:4f:c4:e0:3f:63:b3:a5:06:77:85:42:
                    81:ab:71:f7:ba:93:dc:e2:11:35:55:c9:49:38:37:
                    4c:f7:3e:18:d8:7f:13:75:43:b1:8f:4d:b8:05:23:
                    62:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:94:7F:F9:BF:D9:8B:3E:57:DF:2F:50:77:63:E9:94:76:6D:A7:4C
            X509v3 Authority Key Identifier:
                keyid:73:A8:3C:81:01:57:E3:E8:51:1E:EB:E3:9C:FC:AD:16:FA:32:97:00

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.pudu.be/repo/pudu/0/73A83C810157E3E8511EEBE39CFCAD16FA329700.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6g8gQFX4-hRHuvjnPytFvoylwA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.pudu.be/repo/pudu/0/36342e3138372e3230392e302f32342d3332203d3e203536373632.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.187.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:bf:46:d5:66:d2:97:62:a1:a2:1d:7b:48:17:0a:b9:12:7f:
         9e:4c:17:0a:89:ef:24:37:bb:c2:21:fd:46:d7:f2:c9:d3:b7:
         74:90:af:7b:fe:c3:0b:c1:aa:87:9b:65:3f:42:0f:56:fa:7d:
         a1:1b:29:6d:37:53:73:d7:43:d2:f7:81:41:32:07:8a:e6:b0:
         6d:aa:5a:29:a0:2d:18:b8:22:bc:c1:63:24:8d:f8:cd:7d:a0:
         aa:44:2d:f9:ce:b3:5b:db:04:be:11:64:c9:b7:bb:6c:a8:6c:
         3a:c6:ed:f4:c0:96:08:bb:ae:a8:e1:63:a3:ff:7f:5e:a1:aa:
         83:ea:a5:a0:03:96:5e:f1:70:10:21:c4:e6:d2:bf:c7:ef:b2:
         e8:d9:03:27:ce:09:c6:9b:8f:2f:9c:8a:1d:7e:26:2e:ba:c4:
         c1:1e:ef:fa:06:36:e8:6b:24:35:59:b9:6c:53:c6:e3:a8:f3:
         e6:ba:6e:24:94:77:5f:bf:6c:1d:6d:4d:f1:db:ac:a2:b9:b8:
         8a:6b:31:41:66:76:86:3a:41:82:5a:f0:3b:9c:06:63:0c:ce:
         bc:39:4e:bd:3b:a4:bc:53:df:b6:cd:46:3e:17:e9:0a:1c:01:
         6f:2d:cd:97:36:ef:8b:47:05:94:07:d7:7e:f6:72:82:07:7a:
         88:7c:a4:02
-----BEGIN CERTIFICATE-----
MIIExDCCA6ygAwIBAgIUUyZt5msG/50u2twVvSUyEPSgngIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzNhODNjODEwMTU3ZTNlODUxMWVlYmUzOWNmY2FkMTZm
YTMyOTcwMDAeFw0yNTA0MTMxOTA3MzVaFw0yNjA0MTIxOTEyMzVaMDMxMTAvBgNV
BAMTKDZFOTQ3RkY5QkZEOThCM0U1N0RGMkY1MDc3NjNFOTk0NzY2REE3NEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0ZEIjM56YEz6pi/y9JlcCHaBW
FDfsFl2Gn2sEaLd86XddX5kaGkDTVQf5UvRJllpjrl0OsEkafiVtC7wNdfu6enej
aGFyuXMii6G/q/3X3GFmUIz19431g55SOJ+guC+jN2ybXq4pD5HP1kr/7FaPX9vK
nQFetJ//kY4a+aHoQ9oVOCUB5wel7OguOgWEGOc3rBtISZIE/HN7nJzQ9ONOdrNY
bUT1z4keWihW+nzhrREfE7GRTcSIqWBEQULp4EweNVhtW1l3D6nkOJjY6xjw5r9v
0EhPxOA/Y7OlBneFQoGrcfe6k9ziETVVyUk4N0z3PhjYfxN1Q7GPTbgFI2IHAgMB
AAGjggHOMIIByjAdBgNVHQ4EFgQUbpR/+b/Ziz5X3y9Qd2PplHZtp0wwHwYDVR0j
BBgwFoAUc6g8gQFX4+hRHuvjnPytFvoylwAwDgYDVR0PAQH/BAQDAgeAMF4GA1Ud
HwRXMFUwU6BRoE+GTXJzeW5jOi8vcnBraS5wdWR1LmJlL3JlcG8vcHVkdS8wLzcz
QTgzQzgxMDE1N0UzRTg1MTFFRUJFMzlDRkNBRDE2RkEzMjk3MDAuY3JsMGQGCCsG
AQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3Jl
cG9zaXRvcnkvREVGQVVMVC9jNmc4Z1FGWDQtaFJIdXZqblB5dEZ2b3lsd0EuY2Vy
MHcGCCsGAQUFBwELBGswaTBnBggrBgEFBQcwC4ZbcnN5bmM6Ly9ycGtpLnB1ZHUu
YmUvcmVwby9wdWR1LzAvMzYzNDJlMzEzODM3MmUzMjMwMzkyZTMwMmYzMjM0MmQz
MzMyMjAzZDNlMjAzNTM2MzczNjMyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAQLvRMA0GCSqGSIb3DQEB
CwUAA4IBAQBiv0bVZtKXYqGiHXtIFwq5En+eTBcKie8kN7vCIf1G1/LJ07d0kK97
/sMLwaqHm2U/Qg9W+n2hGyltN1Nz10PS94FBMgeK5rBtqlopoC0YuCK8wWMkjfjN
faCqRC35zrNb2wS+EWTJt7tsqGw6xu30wJYIu66o4WOj/39eoaqD6qWgA5Ze8XAQ
IcTm0r/H77Lo2QMnzgnGm48vnIodfiYuusTBHu/6BjboayQ1WblsU8bjqPPmum4k
lHdfv2wdbU3x26yiubiKazFBZnaGOkGCWvA7nAZjDM68OU69O6S8U9+2zUY+F+kK
HAFvLc2XNu+LRwWUB9d+9nKCB3qIfKQC
-----END CERTIFICATE-----