Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/09OycTzOOXj7j9MtCvtyoL762eo.roa
File:                     09OycTzOOXj7j9MtCvtyoL762eo.roa (raw, json)
Hash identifier:          K1f8y54Ow+d47KpNuHcqMsM9IOI3z+fEYIosKwQRc1I=
Subject key identifier:   D3:D3:B2:71:3C:CE:39:78:FB:8F:D3:2D:0A:FB:72:A0:BE:FA:D9:EA
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018704EA296FBD0B6201AABF171E84D88E37
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/09OycTzOOXj7j9MtCvtyoL762eo.roa
Signing time:             Tue 21 Mar 2023 16:04:27 +0000
ROA not before:           Tue 21 Mar 2023 16:04:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4ea:1e71/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:04:ea:29:6f:bd:0b:62:01:aa:bf:17:1e:84:d8:8e:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 21 16:04:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d3d3b2713cce3978fb8fd32d0afb72a0befad9ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:e4:84:f7:a1:d1:4f:35:f0:2f:de:3d:07:d6:
                    70:74:51:70:dc:9c:3f:9b:07:68:51:33:ba:f1:48:
                    fc:5c:57:d7:91:16:97:e9:f6:cd:bb:4c:f8:1e:a5:
                    c2:03:d4:0f:2e:fd:05:14:7c:66:f9:f2:93:9a:d9:
                    98:ff:72:20:0e:9f:45:97:3a:44:00:e0:de:2f:80:
                    ec:dd:ef:dd:90:27:79:84:12:4d:af:d6:d5:80:8c:
                    43:e9:cc:7b:60:df:2e:ae:80:f1:16:0f:45:13:50:
                    1a:95:b9:12:c3:bd:c0:08:d5:de:57:ee:ac:20:e9:
                    34:9c:93:cf:5e:47:a7:aa:f3:cb:95:bb:92:40:1f:
                    50:93:90:10:00:ba:63:86:2a:11:a9:cc:68:af:90:
                    be:91:26:47:00:77:55:a9:9f:51:f8:ff:f4:73:4b:
                    80:ef:cd:85:23:da:34:d1:0c:f6:5f:38:af:72:13:
                    31:ad:12:ac:a0:e8:7f:f9:9e:ac:48:b5:e5:85:97:
                    54:8b:27:65:77:59:ec:11:eb:d2:a1:12:78:79:96:
                    0e:48:db:7b:93:0d:2c:8f:0c:ce:e9:8f:1c:4f:3c:
                    29:ed:1c:1b:15:56:59:0e:ac:d8:cb:82:16:59:77:
                    23:74:00:d4:98:3a:dc:6a:dc:ed:28:89:a9:51:98:
                    9d:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:D3:B2:71:3C:CE:39:78:FB:8F:D3:2D:0A:FB:72:A0:BE:FA:D9:EA
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/09OycTzOOXj7j9MtCvtyoL762eo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         74:42:bf:f1:ad:fa:c7:4e:7e:82:74:01:9e:46:71:ee:e6:67:
         9e:3b:23:cf:94:55:3b:94:ec:c0:0b:71:47:50:c9:83:2c:a1:
         09:ab:e7:d1:09:f2:f4:33:a1:88:ef:c0:01:91:20:7c:57:5a:
         a4:59:46:cc:90:c4:4e:f8:56:cd:d9:ad:1a:a9:78:5f:97:13:
         39:53:c4:75:bd:27:50:ca:e0:62:5f:be:ec:f7:bc:62:2e:14:
         33:ed:cb:bc:68:00:38:77:ad:bc:d1:6d:0a:e8:89:0b:58:68:
         c9:b5:05:ba:5b:ad:11:15:9d:9b:b7:87:cb:67:f6:ca:18:39:
         92:a3:35:f8:e3:c8:cd:2d:d9:f7:94:a5:96:23:a5:c2:9e:3d:
         3c:95:5c:57:76:02:5e:3d:ca:74:06:52:a0:ef:95:dd:34:c1:
         8d:b6:66:df:28:32:ee:90:d8:e5:c1:06:12:91:d8:c6:8e:fb:
         76:ef:e8:bf:17:65:e0:9d:49:45:10:30:b0:bb:5e:2c:13:b3:
         2f:1b:6e:ec:d1:21:cd:12:c1:9c:38:8d:b4:c4:50:96:78:1d:
         e5:2e:26:01:d1:bc:6c:dd:c4:4c:bd:c1:22:78:4d:d6:1e:43:
         f9:9a:5d:78:78:61:38:82:d2:7a:b0:be:28:9a:08:bd:e5:4f:
         83:90:3b:18
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcE6ilvvQtiAaq/Fx6E2I43MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzIxMTYwNDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2QzYjI3MTNjY2UzOTc4ZmI4ZmQzMmQwYWZiNzJhMGJlZmFkOWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAieSE96HRTzXwL949B9ZwdFFw3Jw/
mwdoUTO68Uj8XFfXkRaX6fbNu0z4HqXCA9QPLv0FFHxm+fKTmtmY/3IgDp9FlzpE
AODeL4Ds3e/dkCd5hBJNr9bVgIxD6cx7YN8uroDxFg9FE1AalbkSw73ACNXeV+6s
IOk0nJPPXkenqvPLlbuSQB9Qk5AQALpjhioRqcxor5C+kSZHAHdVqZ9R+P/0c0uA
782FI9o00Qz2XzivchMxrRKsoOh/+Z6sSLXlhZdUiydld1nsEevSoRJ4eZYOSNt7
kw0sjwzO6Y8cTzwp7RwbFVZZDqzYy4IWWXcjdADUmDrcatztKImpUZidOQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNPTsnE8zjl4+4/TLQr7cqC++tnqMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMDlPeWNUek9PWGo3ajlNdEN2dHlvTDc2MmVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHRCv/Gt+sdOfoJ0AZ5G
ce7mZ547I8+UVTuU7MALcUdQyYMsoQmr59EJ8vQzoYjvwAGRIHxXWqRZRsyQxE74
Vs3ZrRqpeF+XEzlTxHW9J1DK4GJfvuz3vGIuFDPty7xoADh3rbzRbQroiQtYaMm1
BbpbrREVnZu3h8tn9soYOZKjNfjjyM0t2feUpZYjpcKePTyVXFd2Al49ynQGUqDv
ld00wY22Zt8oMu6Q2OXBBhKR2MaO+3bv6L8XZeCdSUUQMLC7XiwTsy8bbuzRIc0S
wZw4jbTEUJZ4HeUuJgHRvGzdxEy9wSJ4TdYeQ/maXXh4YTiC0nqwviiaCL3lT4OQ
Oxg=
-----END CERTIFICATE-----