Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/0gUSy3k88LOpqsFc-MELhYYUIGY.roa
File:                     0gUSy3k88LOpqsFc-MELhYYUIGY.roa (raw, json)
Hash identifier:          B/19Z+T1T7zp0X6tzQiODFtnt4cAcShSDOGsIHCgUE0=
Subject key identifier:   D2:05:12:CB:79:3C:F0:B3:A9:AA:C1:5C:F8:C1:0B:85:86:14:20:66
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018791E90C12DE5569BCBDD24ADFBAE0DE12
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/0gUSy3k88LOpqsFc-MELhYYUIGY.roa
Signing time:             Tue 18 Apr 2023 01:09:41 +0000
ROA not before:           Tue 18 Apr 2023 01:09:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:91:e9:0c:12:de:55:69:bc:bd:d2:4a:df:ba:e0:de:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 18 01:09:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d20512cb793cf0b3a9aac15cf8c10b8586142066
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:3c:3b:ab:40:04:de:38:84:52:cb:66:59:84:
                    95:87:f0:53:f1:2f:74:de:15:27:5d:62:24:99:01:
                    17:82:09:fa:16:1d:61:f8:91:a1:87:40:1f:6d:91:
                    f3:85:86:e8:85:8e:cd:29:54:6c:32:e4:b3:65:36:
                    6e:9c:8b:d3:ed:7e:2f:d0:7c:25:8f:bf:df:b1:3e:
                    bc:b9:61:fc:63:2a:49:cd:11:dd:05:7f:31:94:ed:
                    aa:13:4b:3a:9a:21:4c:3c:0c:72:18:cd:3b:25:18:
                    6d:68:cd:37:b2:18:12:cf:f6:b9:44:41:6f:0f:83:
                    80:cc:4a:37:0b:e6:bb:35:2d:43:49:d0:5d:a8:66:
                    41:d0:ae:6d:2c:1f:bd:42:cc:a4:81:de:d1:6b:5f:
                    f9:26:d3:76:7e:4c:86:d4:bf:0d:c7:54:b9:d5:de:
                    fa:a4:e3:06:c0:a2:e5:28:c8:18:0a:5b:bc:b0:37:
                    b1:9c:b3:75:26:c0:4a:b3:2e:93:49:4a:c9:ff:08:
                    56:47:e4:c7:50:e2:e6:84:c6:10:ac:f2:37:22:a0:
                    2d:a9:95:96:c5:80:ae:99:cb:40:82:d0:5a:2a:78:
                    df:72:42:e7:30:64:56:71:75:c0:a4:0c:b8:a6:16:
                    c8:26:8e:94:b9:7c:a9:5f:e8:53:34:17:d9:37:62:
                    6a:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:05:12:CB:79:3C:F0:B3:A9:AA:C1:5C:F8:C1:0B:85:86:14:20:66
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/0gUSy3k88LOpqsFc-MELhYYUIGY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         88:15:64:51:61:0c:8c:27:57:c1:22:78:c4:b2:de:95:66:87:
         8e:0e:6d:28:be:d4:85:ce:4d:6f:57:18:f8:66:3c:de:82:77:
         61:d5:24:e3:9b:de:50:5b:bc:63:cf:da:6d:75:9e:ec:c0:64:
         1c:bd:45:c4:5e:a9:0e:8e:81:9d:33:d4:38:c6:dc:a9:85:16:
         bf:a4:c4:09:1b:54:05:17:b6:b7:e6:14:67:54:c9:93:11:9d:
         e9:0c:61:54:4c:0b:94:b7:c6:92:68:3b:d1:28:0d:a7:58:14:
         bd:32:1e:56:8f:14:d0:5f:81:0f:3e:08:ee:b6:8a:e9:f5:c4:
         52:e9:da:3c:b8:24:f4:32:7c:b3:34:80:5b:14:6e:c8:c4:64:
         05:dc:6e:41:a9:82:fe:90:7c:bb:34:46:3a:c7:24:44:19:e6:
         3d:f1:01:d8:76:76:2d:a5:c0:d3:bc:dd:91:00:de:6c:7a:3b:
         a9:43:50:57:20:4b:40:8b:67:46:51:e2:95:5f:90:7c:c0:f8:
         43:e3:99:20:b9:d9:c6:51:27:d4:8c:d8:2f:e9:ce:01:86:68:
         5e:c8:35:dd:80:f9:ed:78:7f:b6:fe:8b:8c:a9:11:1b:de:37:
         d7:09:ac:32:e8:82:8b:30:ba:d6:7c:e4:44:22:68:70:1e:bc:
         1f:12:21:09
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYeR6QwS3lVpvL3SSt+64N4SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDE4MDEwOTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjA1MTJjYjc5M2NmMGIzYTlhYWMxNWNmOGMxMGI4NTg2MTQyMDY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozw7q0AE3jiEUstmWYSVh/BT8S90
3hUnXWIkmQEXggn6Fh1h+JGhh0AfbZHzhYbohY7NKVRsMuSzZTZunIvT7X4v0Hwl
j7/fsT68uWH8YypJzRHdBX8xlO2qE0s6miFMPAxyGM07JRhtaM03shgSz/a5REFv
D4OAzEo3C+a7NS1DSdBdqGZB0K5tLB+9Qsykgd7Ra1/5JtN2fkyG1L8Nx1S51d76
pOMGwKLlKMgYClu8sDexnLN1JsBKsy6TSUrJ/whWR+THUOLmhMYQrPI3IqAtqZWW
xYCumctAgtBaKnjfckLnMGRWcXXApAy4phbIJo6UuXypX+hTNBfZN2JqGQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNIFEst5PPCzqarBXPjBC4WGFCBmMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMGdVU3kzazg4TE9wcXNGYy1NRUxoWVlVSUdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIgVZFFhDIwnV8EieMSy
3pVmh44ObSi+1IXOTW9XGPhmPN6Cd2HVJOOb3lBbvGPP2m11nuzAZBy9RcReqQ6O
gZ0z1DjG3KmFFr+kxAkbVAUXtrfmFGdUyZMRnekMYVRMC5S3xpJoO9EoDadYFL0y
HlaPFNBfgQ8+CO62iun1xFLp2jy4JPQyfLM0gFsUbsjEZAXcbkGpgv6QfLs0RjrH
JEQZ5j3xAdh2di2lwNO83ZEA3mx6O6lDUFcgS0CLZ0ZR4pVfkHzA+EPjmSC52cZR
J9SM2C/pzgGGaF7INd2A+e14f7b+i4ypERveN9cJrDLogoswutZ85EQiaHAevB8S
IQk=
-----END CERTIFICATE-----