Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-CDtx9swe95hpn5jsrSejX5sQz0.roa
File:                     1-CDtx9swe95hpn5jsrSejX5sQz0.roa (raw, json)
Hash identifier:          5sH0uiT3jWo9suIdgJtchCMuOyHC2QhYOyagIiWsoXQ=
Subject key identifier:   F8:20:ED:C7:DB:30:7B:DE:61:A6:7E:63:B2:B4:9E:8D:7E:6C:43:3D
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018846965415783D11174518B58557581A32
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-CDtx9swe95hpn5jsrSejX5sQz0.roa
Signing time:             Tue 23 May 2023 03:10:37 +0000
ROA not before:           Tue 23 May 2023 03:10:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:46:96:54:15:78:3d:11:17:45:18:b5:85:57:58:1a:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 23 03:10:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f820edc7db307bde61a67e63b2b49e8d7e6c433d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:fb:7b:fc:e2:ca:0b:1b:5d:1e:25:15:c4:bc:
                    af:08:a5:a5:ab:f5:f6:8d:7a:67:9a:bf:21:91:e3:
                    e5:6e:1e:3e:55:bf:71:f5:17:0f:be:2f:55:33:0a:
                    c7:72:a6:26:8a:3f:bd:61:35:5e:98:c6:e5:4d:c7:
                    e1:15:c6:23:bd:d2:fc:9a:03:4a:ed:38:3c:f7:85:
                    61:98:6d:9c:7c:e1:7a:38:f6:7d:d1:8d:b4:65:c4:
                    98:32:30:b6:5d:b3:1c:cd:18:80:17:4c:80:ec:28:
                    d7:10:71:70:03:8f:98:c6:44:47:5a:84:05:e3:19:
                    10:4f:7c:38:a2:c7:c9:e5:43:5b:b6:3e:7b:76:03:
                    09:d8:a4:b6:f5:91:ee:3e:a6:69:8c:04:34:39:21:
                    e0:65:a8:80:de:4f:d3:f3:86:15:32:d3:dc:e7:23:
                    6a:06:5d:10:d9:47:df:30:e8:a4:97:3d:48:d1:f1:
                    08:eb:0a:5a:31:19:f7:9b:c9:fb:36:07:60:a0:40:
                    f9:1c:71:2a:98:96:68:15:93:b2:f0:ed:8a:d5:b0:
                    4a:e8:c6:07:12:0c:a5:21:8c:c6:d0:e8:70:15:34:
                    b5:ad:6e:15:b2:25:cc:34:1b:1c:80:82:04:10:ae:
                    3d:1b:72:08:3f:28:e4:8f:67:0d:61:77:c5:fc:dc:
                    00:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:20:ED:C7:DB:30:7B:DE:61:A6:7E:63:B2:B4:9E:8D:7E:6C:43:3D
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-CDtx9swe95hpn5jsrSejX5sQz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         63:79:ab:a5:fb:f9:f4:2b:f9:4a:e5:25:73:0e:16:a1:9d:ae:
         53:29:c4:c6:90:fd:30:e4:a5:36:46:fd:b1:be:c5:ae:b8:97:
         04:47:14:9e:53:2c:fe:94:68:35:72:21:13:21:5c:fe:83:9b:
         17:41:d2:f7:6f:8a:10:2d:55:72:20:5d:cc:1d:f3:a7:da:d8:
         80:06:ba:67:a0:89:e3:8f:85:38:e5:c1:a6:1f:98:32:20:11:
         54:ee:b0:d7:81:30:5e:42:e8:e9:66:cd:eb:b0:d5:6e:63:ba:
         a4:ad:93:e9:95:3a:d4:d0:d9:ab:f2:45:f1:4b:4e:09:f5:8a:
         fc:8e:f2:41:69:1c:30:4a:f0:31:43:3f:83:46:4f:3e:ce:6f:
         07:96:f7:ab:7f:bb:24:13:3d:a0:0b:e3:b4:33:0f:1a:d5:46:
         51:28:8c:62:30:61:16:2a:e5:f0:a7:05:16:ef:f3:ac:b0:fb:
         3c:bc:91:62:f6:8f:e4:b6:59:76:33:d9:57:36:8b:a9:41:12:
         52:72:a8:92:f1:c7:1f:c6:bf:63:fc:6d:1a:20:59:df:06:b0:
         f9:ad:f1:8d:48:4d:51:0c:f1:e5:ed:dc:99:7a:2d:b8:97:f7:
         16:e5:be:1b:55:8b:13:8b:3c:d8:ff:6b:f2:34:11:9a:55:2e:
         a3:01:66:9b
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYhGllQVeD0RF0UYtYVXWBoyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTIzMDMxMDM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODIwZWRjN2RiMzA3YmRlNjFhNjdlNjNiMmI0OWU4ZDdlNmM0MzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvvt7/OLKCxtdHiUVxLyvCKWlq/X2
jXpnmr8hkePlbh4+Vb9x9RcPvi9VMwrHcqYmij+9YTVemMblTcfhFcYjvdL8mgNK
7Tg894VhmG2cfOF6OPZ90Y20ZcSYMjC2XbMczRiAF0yA7CjXEHFwA4+YxkRHWoQF
4xkQT3w4osfJ5UNbtj57dgMJ2KS29ZHuPqZpjAQ0OSHgZaiA3k/T84YVMtPc5yNq
Bl0Q2UffMOiklz1I0fEI6wpaMRn3m8n7NgdgoED5HHEqmJZoFZOy8O2K1bBK6MYH
EgylIYzG0OhwFTS1rW4VsiXMNBscgIIEEK49G3IIPyjkj2cNYXfF/NwANwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPgg7cfbMHveYaZ+Y7K0no1+bEM9MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMS1DRHR4OXN3ZTk1aHBuNWpzclNlalg1c1F6MC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNWUvNzk4NDQ3LTIxZjQtNDVhYi05OWRjLTFhYmUzYWMxMGFh
Ni8xL2NnUjc0VnNuV1FMYzloZmNQUTRXM0I4d2dDSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAwBggrBgEFBQcBBwEB/wQhMB8wDAQCAAEwBgMEA8EAGDAP
BAIAAjAJAwcAIAEGfABkMA0GCSqGSIb3DQEBCwUAA4IBAQBjeaul+/n0K/lK5SVz
Dhahna5TKcTGkP0w5KU2Rv2xvsWuuJcERxSeUyz+lGg1ciETIVz+g5sXQdL3b4oQ
LVVyIF3MHfOn2tiABrpnoInjj4U45cGmH5gyIBFU7rDXgTBeQujpZs3rsNVuY7qk
rZPplTrU0Nmr8kXxS04J9Yr8jvJBaRwwSvAxQz+DRk8+zm8Hlverf7skEz2gC+O0
Mw8a1UZRKIxiMGEWKuXwpwUW7/OssPs8vJFi9o/ktll2M9lXNoupQRJScqiS8ccf
xr9j/G0aIFnfBrD5rfGNSE1RDPHl7dyZei24l/cW5b4bVYsTizzY/2vyNBGaVS6j
AWab
-----END CERTIFICATE-----