Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/0fU5g6ZTV1b38XbLtfsKVjLi8l8.roa
File:                     0fU5g6ZTV1b38XbLtfsKVjLi8l8.roa (raw, json)
Hash identifier:          zLbUv7AjdO6/zHQ8XxhszkxtlHJBp91VmsBBBoNSYQc=
Subject key identifier:   D1:F5:39:83:A6:53:57:56:F7:F1:76:CB:B5:FB:0A:56:32:E2:F2:5F
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187CC802085E6A0154FAD1C747EFA0EB7D4
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/0fU5g6ZTV1b38XbLtfsKVjLi8l8.roa
Signing time:             Sat 29 Apr 2023 10:12:41 +0000
ROA not before:           Sat 29 Apr 2023 10:12:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:cc:80:20:85:e6:a0:15:4f:ad:1c:74:7e:fa:0e:b7:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 29 10:12:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d1f53983a6535756f7f176cbb5fb0a5632e2f25f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:90:d9:6f:73:86:d4:ab:a7:84:c7:a8:dd:81:
                    a5:32:68:14:4a:4e:2c:53:a6:53:b7:6f:69:3f:ef:
                    2b:2c:39:fb:0f:68:b2:0f:9b:f5:4d:39:82:04:71:
                    b1:88:f1:f1:9a:e3:2f:a7:c3:1b:f2:bf:03:d4:23:
                    c3:3f:53:00:4f:7b:fa:cb:2d:8a:74:76:60:f0:04:
                    45:13:04:bd:eb:7e:30:5d:60:7f:09:0a:a4:be:2c:
                    35:33:f8:0c:09:ff:a7:5a:c3:25:78:ed:e0:a4:46:
                    e5:1a:c8:e8:e9:8f:c7:53:ea:e0:17:3d:d3:2e:24:
                    2c:23:57:18:a6:2a:59:ae:24:77:a3:c5:2e:4e:10:
                    5b:2e:d0:10:2b:2d:d8:bc:d8:06:6e:6f:55:52:ae:
                    b8:31:84:67:71:64:89:ec:2d:de:d2:42:78:5f:72:
                    8d:83:d1:b7:0a:3f:0c:47:6e:6e:5f:1d:4e:be:0e:
                    5d:83:26:f7:74:49:bc:7d:39:0b:cb:37:3e:37:21:
                    e3:31:75:95:ce:8f:a1:fd:6f:c6:e8:15:25:41:40:
                    e3:8c:53:72:ec:60:fb:ac:a5:e8:5d:fe:5d:41:4f:
                    73:07:f9:a9:a6:82:a4:97:f9:b4:75:f6:fc:3e:91:
                    11:28:9f:84:a5:25:e3:7a:56:11:e1:18:d3:c1:12:
                    e6:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:F5:39:83:A6:53:57:56:F7:F1:76:CB:B5:FB:0A:56:32:E2:F2:5F
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/0fU5g6ZTV1b38XbLtfsKVjLi8l8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         49:74:8f:9f:a3:9c:70:93:0f:83:c4:51:b8:7d:b8:98:98:eb:
         e1:14:ee:4c:c7:99:6b:ef:d0:bd:64:1d:97:62:b0:9f:f0:b6:
         16:2d:72:37:b3:56:05:4c:c8:34:0c:da:2f:a2:37:76:9c:f0:
         3a:e4:ab:50:ee:3f:4b:2a:23:11:ae:c9:4d:04:3a:0f:9b:be:
         22:ea:35:5f:26:b9:28:9f:31:1a:f5:88:cb:bb:be:2e:ef:d4:
         d1:07:f0:b6:cf:c8:3c:9a:af:45:ea:20:7f:51:c4:1a:a7:4e:
         59:07:1e:a7:dd:a6:55:e4:a2:d0:fc:87:8a:30:63:36:8c:0d:
         b1:e7:c9:b3:b1:83:6d:7f:92:17:39:58:50:0a:bd:b3:b0:de:
         1c:a9:27:e3:d2:2f:e0:2e:17:5a:eb:f1:dc:bb:ac:97:03:f6:
         03:e6:3d:cb:54:12:b0:3c:ce:bc:ea:13:a5:e3:49:1f:0d:5d:
         10:a7:dc:2c:1b:3d:c9:49:a2:4c:14:bc:7e:08:2f:6a:46:1d:
         d1:57:ee:bb:c2:75:61:dc:d9:c3:59:7d:8f:53:6e:28:90:31:
         6c:79:9a:23:4e:53:30:2a:44:48:74:5a:e1:38:1d:ce:5b:b3:
         b1:97:59:34:a6:df:9a:21:e7:8d:01:1e:00:b7:b1:74:e1:80:
         cf:fb:ee:1c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfMgCCF5qAVT60cdH76DrfUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDI5MTAxMjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWY1Mzk4M2E2NTM1NzU2ZjdmMTc2Y2JiNWZiMGE1NjMyZTJmMjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu5DZb3OG1KunhMeo3YGlMmgUSk4s
U6ZTt29pP+8rLDn7D2iyD5v1TTmCBHGxiPHxmuMvp8Mb8r8D1CPDP1MAT3v6yy2K
dHZg8ARFEwS9634wXWB/CQqkviw1M/gMCf+nWsMleO3gpEblGsjo6Y/HU+rgFz3T
LiQsI1cYpipZriR3o8UuThBbLtAQKy3YvNgGbm9VUq64MYRncWSJ7C3e0kJ4X3KN
g9G3Cj8MR25uXx1Ovg5dgyb3dEm8fTkLyzc+NyHjMXWVzo+h/W/G6BUlQUDjjFNy
7GD7rKXoXf5dQU9zB/mppoKkl/m0dfb8PpERKJ+EpSXjelYR4RjTwRLmYQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNH1OYOmU1dW9/F2y7X7ClYy4vJfMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMGZVNWc2WlRWMWIzOFhiTHRmc0tWakxpOGw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEl0j5+jnHCTD4PEUbh9
uJiY6+EU7kzHmWvv0L1kHZdisJ/wthYtcjezVgVMyDQM2i+iN3ac8Drkq1DuP0sq
IxGuyU0EOg+bviLqNV8muSifMRr1iMu7vi7v1NEH8LbPyDyar0XqIH9RxBqnTlkH
HqfdplXkotD8h4owYzaMDbHnybOxg21/khc5WFAKvbOw3hypJ+PSL+AuF1rr8dy7
rJcD9gPmPctUErA8zrzqE6XjSR8NXRCn3CwbPclJokwUvH4IL2pGHdFX7rvCdWHc
2cNZfY9TbiiQMWx5miNOUzAqREh0WuE4Hc5bs7GXWTSm35oh540BHgC3sXThgM/7
7hw=
-----END CERTIFICATE-----