Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/0376a1-49d6-4a4d-8c2a-ed7915436b27/1/JiiAQHHQ7ilOvQDebu3VRDZ4GHk.roa
File:                     JiiAQHHQ7ilOvQDebu3VRDZ4GHk.roa (raw, json)
Hash identifier:          nCg2LBGRguEEYRzIikpWv4Lkalt9WCnhcWuH2ZKPobk=
Subject key identifier:   26:28:80:40:71:D0:EE:29:4E:BD:00:DE:6E:ED:D5:44:36:78:18:79
Certificate issuer:       /CN=1501c845f13dd4ad6e9dae470d5ff69c5cca3771
Certificate serial:       019424B3D9DD5BB17D7E0264552D6ECDD2FB
Authority key identifier: 15:01:C8:45:F1:3D:D4:AD:6E:9D:AE:47:0D:5F:F6:9C:5C:CA:37:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FQHIRfE91K1una5HDV_2nFzKN3E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/0376a1-49d6-4a4d-8c2a-ed7915436b27/1/JiiAQHHQ7ilOvQDebu3VRDZ4GHk.roa
Signing time:             Thu 02 Jan 2025 01:49:13 +0000
ROA not before:           Thu 02 Jan 2025 01:49:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33942
IP address blocks:        82.213.64.0/23 maxlen: 23
                          82.213.67.0/24 maxlen: 24
                          82.213.68.0/23 maxlen: 23
                          82.213.72.0/22 maxlen: 22
                          82.213.76.0/22 maxlen: 22
                          82.213.84.0/22 maxlen: 22
                          82.213.102.0/24 maxlen: 24
                          82.213.103.0/24 maxlen: 24
                          82.213.104.0/21 maxlen: 21
                          83.139.192.0/23 maxlen: 23
                          83.139.195.0/24 maxlen: 24
                          83.139.196.0/22 maxlen: 22
                          83.139.197.0/24 maxlen: 24
                          83.139.201.0/24 maxlen: 24
                          83.139.208.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:d9:dd:5b:b1:7d:7e:02:64:55:2d:6e:cd:d2:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1501c845f13dd4ad6e9dae470d5ff69c5cca3771
        Validity
            Not Before: Jan  2 01:49:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2628804071d0ee294ebd00de6eedd54436781879
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:0e:2b:3c:e0:4c:34:16:cb:df:e0:61:52:99:
                    94:99:6b:9a:d3:f6:ac:73:bd:4f:52:5d:bb:b4:7c:
                    37:cd:f8:ee:b4:0d:94:fa:14:9c:a6:3c:4d:f5:9e:
                    d4:50:a5:75:f8:78:ba:28:96:69:88:5c:09:87:1c:
                    11:51:fc:c4:fd:e6:bb:bb:0b:e7:d9:5a:10:0e:fc:
                    0b:a1:2d:ae:dc:82:6f:53:4e:bd:8f:75:15:0f:68:
                    62:2f:23:15:6e:a6:54:f1:98:a7:eb:e9:7b:0e:0d:
                    fc:0a:f3:34:a5:ab:21:e4:b4:67:2f:83:7f:7f:be:
                    0e:bb:08:06:8c:2f:d0:99:3e:74:6d:60:9f:82:8d:
                    28:b9:fd:30:e7:81:a0:c2:8f:38:5a:08:10:a0:60:
                    9a:72:da:f2:00:19:3b:2d:37:1e:dd:ff:77:55:84:
                    63:23:ac:90:74:9a:b9:1c:a9:6b:05:9c:e3:38:b9:
                    83:91:85:cb:ce:1f:45:a5:78:c0:6a:af:1c:c8:4e:
                    8b:32:17:0f:fc:40:28:b7:ca:08:f0:07:c1:a8:e1:
                    d5:32:80:31:5a:59:15:16:f8:60:f6:00:eb:ac:86:
                    74:11:23:b7:5d:e0:da:46:ed:26:1e:17:d1:05:1d:
                    ed:e9:67:90:80:59:0a:21:42:7e:88:e4:35:b3:62:
                    2e:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:28:80:40:71:D0:EE:29:4E:BD:00:DE:6E:ED:D5:44:36:78:18:79
            X509v3 Authority Key Identifier:
                keyid:15:01:C8:45:F1:3D:D4:AD:6E:9D:AE:47:0D:5F:F6:9C:5C:CA:37:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FQHIRfE91K1una5HDV_2nFzKN3E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/0376a1-49d6-4a4d-8c2a-ed7915436b27/1/JiiAQHHQ7ilOvQDebu3VRDZ4GHk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/0376a1-49d6-4a4d-8c2a-ed7915436b27/1/FQHIRfE91K1una5HDV_2nFzKN3E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.213.64.0/23
                  82.213.67.0-82.213.69.255
                  82.213.72.0/21
                  82.213.84.0/22
                  82.213.102.0-82.213.111.255
                  83.139.192.0/23
                  83.139.195.0-83.139.199.255
                  83.139.201.0/24
                  83.139.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:f5:05:77:77:5c:ca:b5:ad:6c:55:db:3a:a6:fa:23:47:a1:
         36:7f:12:4a:a5:40:a0:d4:e5:aa:64:57:db:4a:04:dc:1b:83:
         7d:15:e5:24:8a:ed:0c:71:16:d5:24:0f:c1:7e:9d:43:ac:3d:
         f1:0e:05:20:b6:bc:a2:62:4c:cf:c0:fd:9c:16:9e:17:f5:79:
         87:92:81:48:8e:81:41:5f:fb:f0:89:c1:76:c2:03:05:47:b6:
         40:45:72:1e:fa:61:15:82:c6:60:68:d4:51:ac:ae:5d:ff:7f:
         52:5b:ed:d5:64:ed:73:29:2b:4e:b0:de:4c:33:7d:41:9f:d6:
         fc:64:ed:8f:c9:5b:cc:35:df:72:38:b2:ac:5b:ec:ed:73:d3:
         0e:71:02:9a:b0:52:66:9f:ca:f9:82:34:db:74:7b:c7:e9:af:
         8b:48:85:17:98:a2:3a:47:37:3d:ba:e0:df:ed:a0:2e:6e:24:
         32:8c:b8:c5:13:7c:9a:66:e6:52:a8:13:ef:62:80:b2:d7:69:
         44:75:22:dd:6d:05:9a:7c:c7:51:86:c7:9f:7f:7b:bb:d4:56:
         9c:e8:3b:0b:e1:c4:85:04:0e:13:c0:0d:ff:11:9b:e6:f1:f1:
         a6:29:eb:88:fe:5d:aa:28:8c:f6:94:b9:14:4f:4e:3e:1a:7f:
         5a:ba:ef:72
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAZQks9ndW7F9fgJkVS1uzdL7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1MDFjODQ1ZjEzZGQ0YWQ2ZTlkYWU0NzBkNWZmNjljNWNj
YTM3NzEwHhcNMjUwMTAyMDE0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjI4ODA0MDcxZDBlZTI5NGViZDAwZGU2ZWVkZDU0NDM2NzgxODc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyA4rPOBMNBbL3+BhUpmUmWua0/as
c71PUl27tHw3zfjutA2U+hScpjxN9Z7UUKV1+Hi6KJZpiFwJhxwRUfzE/ea7uwvn
2VoQDvwLoS2u3IJvU069j3UVD2hiLyMVbqZU8Zin6+l7Dg38CvM0pash5LRnL4N/
f74OuwgGjC/QmT50bWCfgo0ouf0w54Ggwo84WggQoGCactryABk7LTce3f93VYRj
I6yQdJq5HKlrBZzjOLmDkYXLzh9FpXjAaq8cyE6LMhcP/EAot8oI8AfBqOHVMoAx
WlkVFvhg9gDrrIZ0ESO3XeDaRu0mHhfRBR3t6WeQgFkKIUJ+iOQ1s2Iu+wIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFCYogEBx0O4pTr0A3m7t1UQ2eBh5MB8GA1UdIwQY
MBaAFBUByEXxPdStbp2uRw1f9pxcyjdxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlFISVJmRTkxSzF1bmE1SERWXzJuRnpLTjNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8wMzc2YTEtNDlkNi00YTRkLThjMmEt
ZWQ3OTE1NDM2YjI3LzEvSmlpQVFISFE3aWxPdlFEZWJ1M1ZSRFo0R0hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8wMzc2YTEtNDlkNi00YTRkLThjMmEtZWQ3OTE1NDM2YjI3
LzEvRlFISVJmRTkxSzF1bmE1SERWXzJuRnpLTjNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQBUtVAMAwD
BABS1UMDBAFS1UQDBANS1UgDBAJS1VQwDAMEAVLVZgMEBFLVYAMEAVOLwDAMAwQA
U4vDAwQDU4vAAwQAU4vJAwQAU4vQMA0GCSqGSIb3DQEBCwUAA4IBAQCS9QV3d1zK
ta1sVds6pvojR6E2fxJKpUCg1OWqZFfbSgTcG4N9FeUkiu0McRbVJA/Bfp1DrD3x
DgUgtryiYkzPwP2cFp4X9XmHkoFIjoFBX/vwicF2wgMFR7ZARXIe+mEVgsZgaNRR
rK5d/39SW+3VZO1zKStOsN5MM31Bn9b8ZO2PyVvMNd9yOLKsW+ztc9MOcQKasFJm
n8r5gjTbdHvH6a+LSIUXmKI6Rzc9uuDf7aAubiQyjLjFE3yaZuZSqBPvYoCy12lE
dSLdbQWafMdRhseff3u71Fac6DsL4cSFBA4TwA3/EZvm8fGmKeuI/l2qKIz2lLkU
T04+Gn9auu9y
-----END CERTIFICATE-----