Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-MzopeYeiIMhLfnsjwmXKXwwGio.roa
File:                     1-MzopeYeiIMhLfnsjwmXKXwwGio.roa (raw, json)
Hash identifier:          qdPks4Tnm0ozjrp48Fh68M0PijcWhAma02JeNCcOAsE=
Subject key identifier:   F8:CC:E8:A5:E6:1E:88:83:21:2D:F9:EC:8F:09:97:29:7C:30:1A:2A
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187560C0C8E4013FA2543208D74849C782C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-MzopeYeiIMhLfnsjwmXKXwwGio.roa
Signing time:             Thu 06 Apr 2023 10:10:42 +0000
ROA not before:           Thu 06 Apr 2023 10:10:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:56:0c:0c:8e:40:13:fa:25:43:20:8d:74:84:9c:78:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  6 10:10:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f8cce8a5e61e8883212df9ec8f0997297c301a2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:cd:2a:43:b3:6b:f2:38:8a:58:c1:13:14:9c:
                    12:81:d9:4d:e7:28:d3:5e:13:db:a9:0a:22:2a:85:
                    5e:6c:9b:d4:73:c5:91:19:3b:81:24:e4:c8:b6:6a:
                    ce:39:fb:54:f5:e9:30:99:4d:78:d5:70:82:e5:97:
                    ed:df:db:06:44:64:a3:76:8c:3e:99:9a:27:ef:35:
                    ae:3d:dc:c8:c6:d7:61:69:1e:14:ea:f7:45:1c:1b:
                    b1:db:40:1b:c7:53:6b:c4:d9:a0:90:63:03:ba:ab:
                    39:95:8e:d7:89:af:36:f4:53:4e:cc:dc:88:5e:69:
                    f0:8f:98:51:70:f8:3b:c3:9f:77:e9:dd:27:bc:e7:
                    ef:63:41:38:ff:8e:fc:d4:d0:a7:92:14:48:21:71:
                    c9:cb:a7:08:99:1d:60:af:c4:b6:5d:95:3f:bf:6d:
                    1c:04:a5:71:91:6d:2a:e8:a1:07:b8:75:df:25:79:
                    be:f5:7c:d3:e2:30:a6:cf:34:65:91:26:07:15:f0:
                    fb:55:b3:ae:cc:ed:da:49:2b:05:3d:40:02:a2:89:
                    3e:6e:38:6a:de:4f:e2:3b:d6:46:20:4e:da:39:9e:
                    7b:d4:a9:8d:21:98:a4:ff:30:0c:ca:b0:c7:3e:86:
                    ad:e4:77:8b:1c:02:f9:36:6e:6a:8e:86:a0:ec:2f:
                    67:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:CC:E8:A5:E6:1E:88:83:21:2D:F9:EC:8F:09:97:29:7C:30:1A:2A
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-MzopeYeiIMhLfnsjwmXKXwwGio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2c:a5:db:f8:1c:3c:3d:76:8b:78:5a:8b:29:da:d3:31:fe:95:
         02:30:e3:ce:50:ff:ae:01:63:8b:d1:3e:e8:07:2a:80:b6:4e:
         4b:5e:43:8f:af:cd:14:3f:b5:1d:69:0e:09:16:2c:f8:cf:e6:
         53:b1:a0:4f:52:7a:90:a2:25:9d:5e:47:f8:fe:68:c9:0f:a5:
         75:91:20:e3:ce:d5:65:42:a8:01:98:be:e4:de:c3:a2:5a:a4:
         67:b5:83:af:4a:98:c1:e9:f4:66:07:65:31:21:fa:da:86:e5:
         f3:1d:2b:23:63:34:56:c7:34:d1:42:5b:5a:5c:01:94:94:25:
         aa:83:bb:9b:62:cd:87:4d:69:52:e1:83:97:07:e7:7f:92:90:
         42:9d:48:e6:1f:14:28:eb:03:fd:5f:18:07:25:4f:78:9c:60:
         39:0c:9c:07:00:6f:53:91:a5:0f:46:b5:1f:52:84:4c:bb:b8:
         d8:97:00:1c:68:b2:ed:cd:de:56:c8:63:bc:a4:a3:14:aa:94:
         d1:e0:83:32:cc:7d:6c:cc:2a:8e:e5:55:3e:71:5e:29:56:11:
         c8:ac:48:bf:b4:4a:dd:5a:e4:be:29:e1:19:e1:02:00:a7:db:
         6c:e5:26:3e:53:e6:98:0e:ff:d5:c1:1b:f4:01:6d:02:c5:f2:
         c6:9f:dc:d0
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYdWDAyOQBP6JUMgjXSEnHgsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDA2MTAxMDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGNjZThhNWU2MWU4ODgzMjEyZGY5ZWM4ZjA5OTcyOTdjMzAxYTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArM0qQ7Nr8jiKWMETFJwSgdlN5yjT
XhPbqQoiKoVebJvUc8WRGTuBJOTItmrOOftU9ekwmU141XCC5Zft39sGRGSjdow+
mZon7zWuPdzIxtdhaR4U6vdFHBux20Abx1NrxNmgkGMDuqs5lY7Xia829FNOzNyI
Xmnwj5hRcPg7w5936d0nvOfvY0E4/4781NCnkhRIIXHJy6cImR1gr8S2XZU/v20c
BKVxkW0q6KEHuHXfJXm+9XzT4jCmzzRlkSYHFfD7VbOuzO3aSSsFPUACook+bjhq
3k/iO9ZGIE7aOZ571KmNIZik/zAMyrDHPoat5HeLHAL5Nm5qjoag7C9ncwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPjM6KXmHoiDIS357I8Jlyl8MBoqMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMS1Nem9wZVllaUlNaExmbnNqd21YS1h3d0dpby5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNWUvNzk4NDQ3LTIxZjQtNDVhYi05OWRjLTFhYmUzYWMxMGFh
Ni8xL2NnUjc0VnNuV1FMYzloZmNQUTRXM0I4d2dDSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAwBggrBgEFBQcBBwEB/wQhMB8wDAQCAAEwBgMEA8EAGDAP
BAIAAjAJAwcAIAEGfABkMA0GCSqGSIb3DQEBCwUAA4IBAQAspdv4HDw9dot4Wosp
2tMx/pUCMOPOUP+uAWOL0T7oByqAtk5LXkOPr80UP7UdaQ4JFiz4z+ZTsaBPUnqQ
oiWdXkf4/mjJD6V1kSDjztVlQqgBmL7k3sOiWqRntYOvSpjB6fRmB2UxIfrahuXz
HSsjYzRWxzTRQltaXAGUlCWqg7ubYs2HTWlS4YOXB+d/kpBCnUjmHxQo6wP9XxgH
JU94nGA5DJwHAG9TkaUPRrUfUoRMu7jYlwAcaLLtzd5WyGO8pKMUqpTR4IMyzH1s
zCqO5VU+cV4pVhHIrEi/tErdWuS+KeEZ4QIAp9ts5SY+U+aYDv/VwRv0AW0CxfLG
n9zQ
-----END CERTIFICATE-----