Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-xFn_lsa6D2Bg-IYWqRPXkjZAzI.roa
File:                     1-xFn_lsa6D2Bg-IYWqRPXkjZAzI.roa (raw, json)
Hash identifier:          UlBoQjhU4npyagWnusgC/ZUMEjSUJDcx/uX3NcnDtDE=
Subject key identifier:   FB:11:67:FE:5B:1A:E8:3D:81:83:E2:18:5A:A4:4F:5E:48:D9:03:32
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188030046416B09ACD517049EC4D539931B
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-xFn_lsa6D2Bg-IYWqRPXkjZAzI.roa
Signing time:             Wed 10 May 2023 00:12:09 +0000
ROA not before:           Wed 10 May 2023 00:12:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:03:00:46:41:6b:09:ac:d5:17:04:9e:c4:d5:39:93:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 10 00:12:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fb1167fe5b1ae83d8183e2185aa44f5e48d90332
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:4a:cb:59:a6:a9:80:46:65:15:08:21:13:b8:
                    2f:fb:b2:3a:4a:c8:43:ee:0c:d5:a6:68:4a:fa:d7:
                    8a:a2:48:25:14:36:0d:58:37:7d:08:eb:de:71:a8:
                    93:6e:d8:92:c4:f1:5d:05:e1:2d:d1:4f:da:b8:52:
                    3e:1e:f1:ac:7c:be:b8:08:9c:1f:51:ff:b9:31:f6:
                    81:c4:cd:13:62:cf:ed:01:02:01:9c:1a:94:f4:e5:
                    65:bd:50:ef:9a:da:ea:9a:e3:0f:bb:9d:78:3e:74:
                    7e:9f:b1:f2:53:e4:62:53:1f:43:fa:97:e0:c1:dc:
                    91:9b:8b:86:09:d7:e3:49:18:c3:20:11:3c:05:a3:
                    e5:f9:df:37:cb:62:05:08:84:f0:b3:59:66:b2:81:
                    b0:3e:09:56:b6:dd:31:9f:b6:73:07:e3:c9:20:19:
                    48:ec:ef:6d:8b:2d:cc:72:50:4c:33:be:47:71:48:
                    90:47:fc:36:c3:7a:30:5d:72:a3:d1:c0:09:13:52:
                    b6:60:d4:be:8f:ab:c4:d6:28:cf:5a:14:f5:db:eb:
                    d0:1b:df:90:a2:dc:fc:9b:15:56:06:59:05:dd:e0:
                    43:d7:88:fc:40:4b:90:96:48:e9:dd:9e:58:3f:bc:
                    98:a8:c3:e2:3c:17:c7:47:0c:90:36:0b:08:64:cc:
                    fc:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:11:67:FE:5B:1A:E8:3D:81:83:E2:18:5A:A4:4F:5E:48:D9:03:32
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-xFn_lsa6D2Bg-IYWqRPXkjZAzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         36:b2:98:4e:b3:18:0f:ea:39:a5:76:1f:79:2e:ad:e2:4b:65:
         6a:58:05:d5:07:40:a3:93:d9:ba:1a:cf:81:da:d7:59:3a:22:
         2d:5f:82:b6:c9:4a:04:59:f6:19:9d:60:3f:89:01:b8:f5:1c:
         ec:78:76:56:25:a1:c1:a2:fd:d4:0f:09:0c:03:09:d0:d0:a0:
         ec:01:94:33:b0:e2:74:0c:c3:71:02:4c:f3:47:9e:5b:40:5a:
         f3:ec:3a:b8:e8:84:22:98:9a:7a:3f:6b:8b:9d:fb:e0:45:41:
         50:cb:53:90:5c:c8:a7:e0:10:18:89:dd:b7:2d:db:29:d8:f2:
         81:5c:11:72:30:2c:56:e5:c3:a5:af:f3:a2:42:33:69:c3:3f:
         4b:83:46:af:e8:1e:0d:15:fe:4d:39:e6:12:06:7c:2e:30:35:
         55:a0:08:1c:d8:0b:34:4e:55:12:27:46:1e:5a:45:d6:2c:7f:
         16:f0:24:cb:9d:91:7f:f9:7f:78:e8:ea:bc:97:0a:99:0a:b2:
         27:07:bd:44:9d:c8:a0:8f:99:13:64:fe:47:01:fb:6e:ae:5c:
         ec:a4:fb:2c:33:ff:31:bc:4b:01:a7:84:10:86:8c:92:5e:cb:
         68:6e:2b:01:de:d2:ca:95:7c:d1:12:69:2c:f4:c4:2e:bc:82:
         8a:90:4e:bc
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYgDAEZBawms1RcEnsTVOZMbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTEwMDAxMjA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjExNjdmZTViMWFlODNkODE4M2UyMTg1YWE0NGY1ZTQ4ZDkwMzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5UrLWaapgEZlFQghE7gv+7I6SshD
7gzVpmhK+teKokglFDYNWDd9COvecaiTbtiSxPFdBeEt0U/auFI+HvGsfL64CJwf
Uf+5MfaBxM0TYs/tAQIBnBqU9OVlvVDvmtrqmuMPu514PnR+n7HyU+RiUx9D+pfg
wdyRm4uGCdfjSRjDIBE8BaPl+d83y2IFCITws1lmsoGwPglWtt0xn7ZzB+PJIBlI
7O9tiy3MclBMM75HcUiQR/w2w3owXXKj0cAJE1K2YNS+j6vE1ijPWhT12+vQG9+Q
otz8mxVWBlkF3eBD14j8QEuQlkjp3Z5YP7yYqMPiPBfHRwyQNgsIZMz8ywIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPsRZ/5bGug9gYPiGFqkT15I2QMyMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMS14Rm5fbHNhNkQyQmctSVlXcVJQWGtqWkF6SS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNWUvNzk4NDQ3LTIxZjQtNDVhYi05OWRjLTFhYmUzYWMxMGFh
Ni8xL2NnUjc0VnNuV1FMYzloZmNQUTRXM0I4d2dDSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAwBggrBgEFBQcBBwEB/wQhMB8wDAQCAAEwBgMEA8EAGDAP
BAIAAjAJAwcAIAEGfABkMA0GCSqGSIb3DQEBCwUAA4IBAQA2sphOsxgP6jmldh95
Lq3iS2VqWAXVB0Cjk9m6Gs+B2tdZOiItX4K2yUoEWfYZnWA/iQG49RzseHZWJaHB
ov3UDwkMAwnQ0KDsAZQzsOJ0DMNxAkzzR55bQFrz7Dq46IQimJp6P2uLnfvgRUFQ
y1OQXMin4BAYid23Ldsp2PKBXBFyMCxW5cOlr/OiQjNpwz9Lg0av6B4NFf5NOeYS
BnwuMDVVoAgc2As0TlUSJ0YeWkXWLH8W8CTLnZF/+X946Oq8lwqZCrInB71Encig
j5kTZP5HAfturlzspPssM/8xvEsBp4QQhoySXstobisB3tLKlXzREmks9MQuvIKK
kE68
-----END CERTIFICATE-----