Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1KGHxwMRkHxwm2D5FGSVT5sB-Jk.roa
File:                     1KGHxwMRkHxwm2D5FGSVT5sB-Jk.roa (raw, json)
Hash identifier:          /ErKk7QWiej2uvr7zKDhbZSoHtEYeB1MXQB79iOhV+4=
Subject key identifier:   D4:A1:87:C7:03:11:90:7C:70:9B:60:F9:14:64:95:4F:9B:01:F8:99
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187131D19CC3A40170B86D8CAE3F5311683
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1KGHxwMRkHxwm2D5FGSVT5sB-Jk.roa
Signing time:             Fri 24 Mar 2023 10:14:46 +0000
ROA not before:           Fri 24 Mar 2023 10:14:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:13:1d:19:cc:3a:40:17:0b:86:d8:ca:e3:f5:31:16:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 24 10:14:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d4a187c70311907c709b60f91464954f9b01f899
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:63:66:25:d3:11:c5:e6:ba:1c:aa:89:11:fe:
                    4f:36:71:58:4e:ed:db:c4:66:c1:3b:fb:89:62:f9:
                    a8:b4:78:10:04:f5:37:43:6a:c6:76:91:1c:f2:3b:
                    25:f9:ba:d9:ba:cb:e7:37:88:a2:36:a8:cf:c1:eb:
                    81:22:cb:0a:ea:ea:1b:94:a4:eb:5f:31:31:87:ba:
                    99:b1:ce:79:3a:6a:4d:3f:cf:3a:32:8d:3d:d6:d5:
                    2b:87:b3:4f:72:74:af:ac:aa:6a:f5:93:7a:37:2e:
                    2a:fa:69:2c:fc:36:45:f0:b6:8d:b7:05:f7:f8:97:
                    a4:7b:f9:c9:d6:98:e3:ad:ac:07:51:da:86:b5:61:
                    3f:2a:e8:f3:43:f7:b6:ef:65:fd:a8:3f:7a:76:41:
                    d4:1f:0e:79:73:20:52:ff:ba:99:f9:b4:fc:68:0c:
                    b5:d7:ea:03:bc:3f:66:56:d5:5a:9c:30:e1:8f:8e:
                    28:7b:1d:10:dc:09:26:9f:e4:c3:b5:70:dd:f7:6a:
                    5a:4f:02:47:cb:a7:78:ee:cd:7a:b7:75:e7:43:fa:
                    2a:5d:5f:b7:27:95:6c:23:13:70:e4:3b:09:4f:ee:
                    1f:03:6f:9a:e6:40:bb:84:8d:ab:69:87:4f:27:88:
                    94:8b:c4:23:9a:f2:b0:2d:2d:7e:c8:41:71:47:3b:
                    d0:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:A1:87:C7:03:11:90:7C:70:9B:60:F9:14:64:95:4F:9B:01:F8:99
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1KGHxwMRkHxwm2D5FGSVT5sB-Jk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         02:a3:b6:9e:3b:f4:1b:bc:63:f0:18:af:db:48:98:db:a6:d9:
         81:d6:56:5c:70:5b:85:39:20:7d:10:22:84:5e:79:19:ce:40:
         6d:29:6c:bc:42:1f:7a:0d:8f:94:42:d9:59:09:5f:be:72:ec:
         44:ed:4c:03:f1:39:3a:2f:13:81:7b:b0:e3:89:24:66:48:6e:
         79:94:cd:76:38:55:a9:98:8a:d8:e9:96:12:74:99:93:13:c8:
         be:9e:bb:cf:1a:29:05:36:9b:a8:62:bb:0a:d4:c2:87:20:82:
         64:37:8e:c4:f5:7f:c6:1d:d6:5b:ad:44:50:12:d0:06:44:15:
         2b:3d:3a:6e:a3:4f:5b:51:fc:e4:09:2b:e2:c6:9e:55:cf:e9:
         02:74:50:72:56:c0:87:b7:7b:7e:3c:86:cb:1c:e1:45:c1:84:
         b2:7f:12:1b:81:21:20:fa:9b:b7:18:96:03:9e:81:75:cc:94:
         9c:ec:59:ef:dc:2e:81:b9:4c:20:3d:9c:85:a5:2e:e7:23:be:
         e2:b5:d3:a3:b4:28:75:83:fe:70:54:6b:69:b4:b4:39:f3:50:
         3f:86:87:c6:4d:0f:dc:0a:f6:e2:89:c3:22:69:a8:00:f8:1d:
         a0:19:67:d0:b5:53:32:19:c2:0f:c9:07:78:74:79:9c:26:53:
         27:81:db:83
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcTHRnMOkAXC4bYyuP1MRaDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI0MTAxNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGExODdjNzAzMTE5MDdjNzA5YjYwZjkxNDY0OTU0ZjliMDFmODk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomNmJdMRxea6HKqJEf5PNnFYTu3b
xGbBO/uJYvmotHgQBPU3Q2rGdpEc8jsl+brZusvnN4iiNqjPweuBIssK6uoblKTr
XzExh7qZsc55OmpNP886Mo091tUrh7NPcnSvrKpq9ZN6Ny4q+mks/DZF8LaNtwX3
+Jeke/nJ1pjjrawHUdqGtWE/KujzQ/e272X9qD96dkHUHw55cyBS/7qZ+bT8aAy1
1+oDvD9mVtVanDDhj44oex0Q3Akmn+TDtXDd92paTwJHy6d47s16t3XnQ/oqXV+3
J5VsIxNw5DsJT+4fA2+a5kC7hI2raYdPJ4iUi8QjmvKwLS1+yEFxRzvQ6QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNShh8cDEZB8cJtg+RRklU+bAfiZMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMUtHSHh3TVJrSHh3bTJENUZHU1ZUNXNCLUprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAKjtp479Bu8Y/AYr9tI
mNum2YHWVlxwW4U5IH0QIoReeRnOQG0pbLxCH3oNj5RC2VkJX75y7ETtTAPxOTov
E4F7sOOJJGZIbnmUzXY4VamYitjplhJ0mZMTyL6eu88aKQU2m6hiuwrUwocggmQ3
jsT1f8Yd1lutRFAS0AZEFSs9Om6jT1tR/OQJK+LGnlXP6QJ0UHJWwIe3e348hssc
4UXBhLJ/EhuBISD6m7cYlgOegXXMlJzsWe/cLoG5TCA9nIWlLucjvuK106O0KHWD
/nBUa2m0tDnzUD+Gh8ZND9wK9uKJwyJpqAD4HaAZZ9C1UzIZwg/JB3h0eZwmUyeB
24M=
-----END CERTIFICATE-----