Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/0zWHtRx1VuVrU_H5C2YgdW3JhG4.roa
File:                     0zWHtRx1VuVrU_H5C2YgdW3JhG4.roa (raw, json)
Hash identifier:          2ZvOYz/sMcD/3UJeOm6E6pvAdSRj/zl0ZxzVnpd8ErU=
Subject key identifier:   D3:35:87:B5:1C:75:56:E5:6B:53:F1:F9:0B:66:20:75:6D:C9:84:6E
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187E4196863F7008DF81FD4E9C8F7BF931A
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/0zWHtRx1VuVrU_H5C2YgdW3JhG4.roa
Signing time:             Thu 04 May 2023 00:11:22 +0000
ROA not before:           Thu 04 May 2023 00:11:22 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:e4:19:68:63:f7:00:8d:f8:1f:d4:e9:c8:f7:bf:93:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  4 00:11:22 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d33587b51c7556e56b53f1f90b6620756dc9846e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:3c:bd:8a:e5:f7:9b:c4:18:9a:56:15:9c:f5:
                    fa:43:48:74:80:0f:1d:2d:ea:cc:01:80:92:f4:05:
                    8f:dc:65:13:2a:81:99:87:3f:e3:86:57:bb:48:92:
                    f1:c8:27:75:b9:74:e3:b5:ef:9d:e0:43:53:b8:7d:
                    0f:70:02:0d:17:af:bc:e3:8b:75:ca:72:3f:4d:d2:
                    9b:b9:e4:d0:a2:bf:eb:ac:11:a2:67:ff:78:25:2e:
                    fb:14:73:d7:2b:1a:77:ab:8c:51:f3:b6:e7:17:78:
                    72:9c:78:f9:e3:79:c8:65:dd:14:e7:ad:ba:87:59:
                    cf:34:92:e1:c9:c1:76:cd:89:94:05:0d:63:13:d9:
                    7b:69:ef:45:f1:0c:7d:69:6c:2c:be:3d:b3:4d:a7:
                    f3:82:f4:2c:df:0a:98:e2:b2:1e:dc:f0:67:f6:79:
                    84:24:35:e3:67:b8:ad:6b:95:83:92:57:90:53:99:
                    8a:2c:23:19:ca:c9:b0:bb:71:99:bf:b6:fe:07:90:
                    f3:f1:0b:e7:66:55:8c:6e:fd:74:e0:d4:18:0d:8d:
                    67:b2:f6:31:92:52:86:66:49:b0:12:91:64:93:a4:
                    75:11:08:d2:90:69:f0:53:0f:e8:cd:8d:26:11:fa:
                    ce:b3:73:82:ba:90:3e:52:91:9a:06:dc:c2:0b:8c:
                    14:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:35:87:B5:1C:75:56:E5:6B:53:F1:F9:0B:66:20:75:6D:C9:84:6E
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/0zWHtRx1VuVrU_H5C2YgdW3JhG4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         66:4d:44:c6:40:af:55:e5:2f:e6:2d:64:0d:d2:4b:39:98:1c:
         13:3b:0b:39:4e:74:67:f7:2c:29:90:2e:ad:36:9c:02:3d:99:
         76:ea:4e:ca:e0:f1:0c:42:2e:83:2f:e7:03:f9:ca:2a:fc:fb:
         80:2d:23:61:22:e9:22:a1:82:f7:aa:1c:15:88:70:7d:29:1e:
         2c:66:d5:b2:9b:d4:e6:7e:37:4a:43:d5:d6:82:aa:6f:a4:cb:
         f1:6b:c4:d2:f7:0d:62:d1:9d:2f:80:56:1b:20:1f:78:db:5b:
         d6:a3:aa:47:09:cf:05:c7:00:e6:88:18:6e:d9:72:ea:bd:57:
         42:35:ac:05:87:8d:4b:92:ea:9a:a9:44:92:e7:87:95:b2:6a:
         dc:cf:d6:60:f9:e0:aa:8d:df:21:71:8a:77:fb:cb:22:58:05:
         85:02:58:af:ae:91:c2:50:9d:ec:9f:0f:7a:33:0c:8c:ce:b9:
         a3:ae:fa:f5:58:57:cc:33:02:91:77:0b:35:4b:2a:d8:d4:58:
         1b:bf:15:ff:76:f8:ea:76:7e:bc:3e:ee:b1:5e:c4:5a:a8:dc:
         7e:4b:02:15:d1:00:fc:73:d5:d5:2e:95:55:d1:85:6f:29:c2:
         74:31:d1:c1:67:5f:7a:55:b6:4c:67:53:79:ea:f6:19:bc:5d:
         cb:36:fd:90
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfkGWhj9wCN+B/U6cj3v5MaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA0MDAxMTIyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzM1ODdiNTFjNzU1NmU1NmI1M2YxZjkwYjY2MjA3NTZkYzk4NDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzy9iuX3m8QYmlYVnPX6Q0h0gA8d
LerMAYCS9AWP3GUTKoGZhz/jhle7SJLxyCd1uXTjte+d4ENTuH0PcAINF6+844t1
ynI/TdKbueTQor/rrBGiZ/94JS77FHPXKxp3q4xR87bnF3hynHj543nIZd0U5626
h1nPNJLhycF2zYmUBQ1jE9l7ae9F8Qx9aWwsvj2zTafzgvQs3wqY4rIe3PBn9nmE
JDXjZ7ita5WDkleQU5mKLCMZysmwu3GZv7b+B5Dz8QvnZlWMbv104NQYDY1nsvYx
klKGZkmwEpFkk6R1EQjSkGnwUw/ozY0mEfrOs3OCupA+UpGaBtzCC4wUfQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNM1h7UcdVbla1Px+QtmIHVtyYRuMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMHpXSHRSeDFWdVZyVV9INUMyWWdkVzNKaEc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGZNRMZAr1XlL+YtZA3S
SzmYHBM7CzlOdGf3LCmQLq02nAI9mXbqTsrg8QxCLoMv5wP5yir8+4AtI2Ei6SKh
gveqHBWIcH0pHixm1bKb1OZ+N0pD1daCqm+ky/FrxNL3DWLRnS+AVhsgH3jbW9aj
qkcJzwXHAOaIGG7Zcuq9V0I1rAWHjUuS6pqpRJLnh5WyatzP1mD54KqN3yFxinf7
yyJYBYUCWK+ukcJQneyfD3ozDIzOuaOu+vVYV8wzApF3CzVLKtjUWBu/Ff92+Op2
frw+7rFexFqo3H5LAhXRAPxz1dUulVXRhW8pwnQx0cFnX3pVtkxnU3nq9hm8Xcs2
/ZA=
-----END CERTIFICATE-----