Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/5da8c2-cfd5-4853-9831-fbb1348a8620/1/4SEG_Ka9SsxVgfqJ8rFxskdB8YM.roa
File:                     4SEG_Ka9SsxVgfqJ8rFxskdB8YM.roa (raw, json)
Hash identifier:          miw1wyF1xISaDKZpbc8ZdU1Lhb432CZTgpXO4KMVEZA=
Subject key identifier:   E1:21:06:FC:A6:BD:4A:CC:55:81:FA:89:F2:B1:71:B2:47:41:F1:83
Certificate issuer:       /CN=eadf80048d2032ec224364a773fe81d23fa914e0
Certificate serial:       01941FFAA6C73819E0270F6D97F0F209ED11
Authority key identifier: EA:DF:80:04:8D:20:32:EC:22:43:64:A7:73:FE:81:D2:3F:A9:14:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6t-ABI0gMuwiQ2Snc_6B0j-pFOA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/5da8c2-cfd5-4853-9831-fbb1348a8620/1/4SEG_Ka9SsxVgfqJ8rFxskdB8YM.roa
Signing time:             Wed 01 Jan 2025 03:48:27 +0000
ROA not before:           Wed 01 Jan 2025 03:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209825
IP address blocks:        85.209.44.0/22 maxlen: 22
                          85.209.44.0/24 maxlen: 24
                          85.209.45.0/24 maxlen: 24
                          85.209.46.0/24 maxlen: 24
                          85.209.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/5da8c2-cfd5-4853-9831-fbb1348a8620/1/6t-ABI0gMuwiQ2Snc_6B0j-pFOA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/5da8c2-cfd5-4853-9831-fbb1348a8620/1/6t-ABI0gMuwiQ2Snc_6B0j-pFOA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6t-ABI0gMuwiQ2Snc_6B0j-pFOA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:a6:c7:38:19:e0:27:0f:6d:97:f0:f2:09:ed:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eadf80048d2032ec224364a773fe81d23fa914e0
        Validity
            Not Before: Jan  1 03:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e12106fca6bd4acc5581fa89f2b171b24741f183
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:06:79:20:c5:01:64:50:07:5b:ed:bc:9b:84:
                    8a:0a:50:7f:0c:24:8a:8f:ae:00:6d:dc:02:22:ba:
                    66:34:6d:ed:27:19:83:c6:0f:3b:86:10:85:24:c8:
                    e9:15:fb:51:0d:10:4b:09:f1:9d:b5:92:f8:82:78:
                    08:38:5a:7c:18:60:8a:32:e1:f2:9b:bb:8d:ff:87:
                    8a:bc:b1:b2:71:53:37:24:6e:08:90:cd:3b:5f:93:
                    f3:27:98:99:d2:d8:67:fd:b2:7b:33:cf:c4:84:90:
                    b9:96:e8:a9:fb:46:13:00:35:a1:41:5b:54:e7:36:
                    c7:c5:d2:34:35:44:37:9c:69:70:8d:d3:3d:29:15:
                    79:97:0e:13:38:6e:5b:8a:4e:83:ae:39:26:b8:4e:
                    5d:bc:81:81:9d:31:e3:84:b5:b0:58:a6:38:3e:7b:
                    15:bf:a0:5d:c6:45:7e:7c:2b:f6:28:20:85:58:30:
                    f1:6a:56:06:96:0e:16:7a:55:9d:61:a9:ad:11:bf:
                    39:24:77:ea:a8:04:cb:b0:4b:38:8b:1a:5a:e6:2b:
                    a9:ae:e9:fe:99:1c:90:de:80:63:47:8c:79:7d:0a:
                    4a:73:ec:2e:ba:b7:dd:25:49:a5:77:69:ee:6b:59:
                    99:a3:33:17:63:ef:4b:05:34:a5:fd:74:cc:25:72:
                    1d:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:21:06:FC:A6:BD:4A:CC:55:81:FA:89:F2:B1:71:B2:47:41:F1:83
            X509v3 Authority Key Identifier:
                keyid:EA:DF:80:04:8D:20:32:EC:22:43:64:A7:73:FE:81:D2:3F:A9:14:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6t-ABI0gMuwiQ2Snc_6B0j-pFOA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/5da8c2-cfd5-4853-9831-fbb1348a8620/1/4SEG_Ka9SsxVgfqJ8rFxskdB8YM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/5da8c2-cfd5-4853-9831-fbb1348a8620/1/6t-ABI0gMuwiQ2Snc_6B0j-pFOA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         23:52:d6:8a:b4:2e:00:03:dd:15:31:88:89:96:c2:ef:85:89:
         b5:05:e7:c6:e7:c3:64:19:e9:08:d2:16:23:cb:5e:4a:04:4c:
         cd:9a:68:b9:22:04:3d:09:8c:db:7d:ae:75:e8:38:47:15:b9:
         14:60:b5:d5:5b:9e:76:e0:fe:89:97:c9:50:b7:62:1b:83:04:
         6e:6e:0e:4f:68:d7:ed:ff:63:cc:5a:cb:72:c2:1b:e8:3f:f1:
         3d:0f:5e:ec:5a:a9:8b:af:03:f1:97:1a:6f:d2:df:79:dd:aa:
         be:df:14:29:93:53:ab:8a:37:4b:70:16:c4:2c:4b:63:08:5f:
         a8:f7:93:85:80:b4:bf:8f:f2:1a:96:59:a3:17:c3:71:9f:4c:
         1f:ab:0c:47:cd:3d:c7:81:70:22:cd:1a:3d:9d:fd:3f:2b:40:
         60:63:0a:bc:79:0b:d1:82:bb:a4:3f:be:0c:ab:b1:81:96:3d:
         07:d9:b7:6a:cd:99:a0:92:21:19:2c:b2:2a:48:18:22:5c:d3:
         77:34:38:72:cf:2c:6b:e8:58:bf:e5:90:bd:44:e1:40:8c:47:
         94:9f:1f:47:10:15:f6:0d:b3:02:9b:e7:1c:d0:e0:b3:b6:69:
         89:29:26:b7:24:c7:30:5d:06:47:ce:ae:9b:52:c5:26:ed:de:
         ca:6c:15:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+qbHOBngJw9tl/DyCe0RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhZGY4MDA0OGQyMDMyZWMyMjQzNjRhNzczZmU4MWQyM2Zh
OTE0ZTAwHhcNMjUwMTAxMDM0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTIxMDZmY2E2YmQ0YWNjNTU4MWZhODlmMmIxNzFiMjQ3NDFmMTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0QZ5IMUBZFAHW+28m4SKClB/DCSK
j64AbdwCIrpmNG3tJxmDxg87hhCFJMjpFftRDRBLCfGdtZL4gngIOFp8GGCKMuHy
m7uN/4eKvLGycVM3JG4IkM07X5PzJ5iZ0thn/bJ7M8/EhJC5luip+0YTADWhQVtU
5zbHxdI0NUQ3nGlwjdM9KRV5lw4TOG5bik6DrjkmuE5dvIGBnTHjhLWwWKY4PnsV
v6BdxkV+fCv2KCCFWDDxalYGlg4WelWdYamtEb85JHfqqATLsEs4ixpa5iuprun+
mRyQ3oBjR4x5fQpKc+wuurfdJUmld2nua1mZozMXY+9LBTSl/XTMJXIdswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOEhBvymvUrMVYH6ifKxcbJHQfGDMB8GA1UdIwQY
MBaAFOrfgASNIDLsIkNkp3P+gdI/qRTgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnQtQUJJMGdNdXdpUTJTbmNfNkIwai1wRk9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS81ZGE4YzItY2ZkNS00ODUzLTk4MzEt
ZmJiMTM0OGE4NjIwLzEvNFNFR19LYTlTc3hWZ2ZxSjhyRnhza2RCOFlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS81ZGE4YzItY2ZkNS00ODUzLTk4MzEtZmJiMTM0OGE4NjIw
LzEvNnQtQUJJMGdNdXdpUTJTbmNfNkIwai1wRk9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVdEsMA0G
CSqGSIb3DQEBCwUAA4IBAQAjUtaKtC4AA90VMYiJlsLvhYm1BefG58NkGekI0hYj
y15KBEzNmmi5IgQ9CYzbfa516DhHFbkUYLXVW5524P6Jl8lQt2IbgwRubg5PaNft
/2PMWstywhvoP/E9D17sWqmLrwPxlxpv0t953aq+3xQpk1OrijdLcBbELEtjCF+o
95OFgLS/j/IallmjF8Nxn0wfqwxHzT3HgXAizRo9nf0/K0BgYwq8eQvRgrukP74M
q7GBlj0H2bdqzZmgkiEZLLIqSBgiXNN3NDhyzyxr6Fi/5ZC9ROFAjEeUnx9HEBX2
DbMCm+cc0OCztmmJKSa3JMcwXQZHzq6bUsUm7d7KbBVL
-----END CERTIFICATE-----