Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1XIt4N2e1GAFiECXC6Pe8DJJiBw.roa
File:                     1XIt4N2e1GAFiECXC6Pe8DJJiBw.roa (raw, json)
Hash identifier:          1lPVNEBQm+Ebg+l7ap8T+M9gkUAjcu4ZHcey8FRtIpk=
Subject key identifier:   D5:72:2D:E0:DD:9E:D4:60:05:88:40:97:0B:A3:DE:F0:32:49:88:1C
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187009F86760F5D3DB785DA5DA834AB5DF6
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1XIt4N2e1GAFiECXC6Pe8DJJiBw.roa
Signing time:             Mon 20 Mar 2023 20:04:27 +0000
ROA not before:           Mon 20 Mar 2023 20:04:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:9f:5351/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:00:9f:86:76:0f:5d:3d:b7:85:da:5d:a8:34:ab:5d:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 20 20:04:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d5722de0dd9ed460058840970ba3def03249881c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:55:30:7d:a9:b5:de:01:ed:f0:28:c3:21:16:
                    ec:ac:e6:15:26:d1:9f:bb:1c:a9:68:9f:fe:05:f2:
                    ce:68:2e:f6:e5:cf:27:1b:c8:69:3f:10:ca:2a:73:
                    0d:87:5f:06:ba:a6:48:39:b4:94:12:10:a2:37:e3:
                    e9:e0:e4:d9:5d:95:6a:0e:e6:54:55:73:ae:21:98:
                    35:0a:97:04:62:b1:c1:dd:bd:4c:ba:e1:52:f1:f0:
                    8e:ed:2b:21:ac:db:0e:c3:bd:ac:01:d9:f5:1f:99:
                    b0:c2:d2:c0:79:5c:ed:a6:81:28:d7:8c:28:16:d3:
                    2d:8a:a7:44:93:e0:94:d7:bc:fc:6e:ef:89:99:69:
                    a6:b8:6a:c7:ab:52:2b:02:6e:1d:76:5c:ae:c9:07:
                    65:cb:bd:7a:5a:e1:57:c5:2a:44:80:08:8c:75:b5:
                    f6:b9:d8:be:9f:80:82:a0:30:b9:24:3c:d5:75:3a:
                    39:49:e0:c7:96:99:5f:99:ff:31:c9:0f:b9:62:b1:
                    2e:e3:03:2c:77:33:24:01:12:76:85:14:48:c0:66:
                    d0:bc:f3:eb:46:4b:db:9f:a1:a6:c3:5d:87:c6:d1:
                    6b:19:4e:77:8b:4f:0d:5c:73:0b:3d:63:b1:85:ae:
                    4c:e0:32:b0:22:af:9c:a6:3a:fa:f7:dd:aa:33:f7:
                    b4:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:72:2D:E0:DD:9E:D4:60:05:88:40:97:0B:A3:DE:F0:32:49:88:1C
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1XIt4N2e1GAFiECXC6Pe8DJJiBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:72:1e:c5:28:ec:67:6d:51:db:c7:67:2f:57:49:22:24:98:
         96:89:dd:53:82:1e:ac:ed:6e:a1:f8:ef:71:75:bf:83:3a:42:
         c8:4c:8f:21:1d:0c:83:7f:11:ba:cf:f1:f3:84:4b:74:2f:6d:
         ad:8d:56:38:10:ef:3a:ad:2d:a1:05:7a:14:02:91:a8:17:82:
         82:38:f8:6f:0a:d7:ce:d4:0a:11:ff:42:fe:cc:80:6e:5f:8d:
         fc:2b:a1:d5:71:ec:af:7a:2e:32:10:4e:ab:52:d6:b4:5b:23:
         86:3d:22:62:eb:fb:ef:30:f9:7b:2e:b5:7e:0b:01:bf:b2:9a:
         87:26:94:83:7a:ce:57:24:03:a6:94:29:ba:b0:40:f0:24:43:
         a5:15:6a:e8:2a:8f:d1:ed:7e:10:b3:51:68:ca:d0:c9:8a:1b:
         e0:2d:98:e5:6e:a9:fa:21:21:4d:a6:f3:11:af:f8:44:e3:45:
         fe:74:7d:a4:6e:71:b3:36:32:81:d1:a5:29:0b:57:ce:f6:5d:
         84:51:c8:db:67:46:99:ba:b3:62:12:b5:99:8d:4a:b0:8c:dd:
         e0:d6:c4:3e:98:11:97:87:dd:e5:18:1b:a9:e6:89:ee:4c:e4:
         ce:e4:d7:bb:11:1d:30:64:6b:cc:87:59:d9:ef:e8:7a:56:9e:
         fe:4f:9b:da
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcAn4Z2D109t4XaXag0q132MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzIwMjAwNDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTcyMmRlMGRkOWVkNDYwMDU4ODQwOTcwYmEzZGVmMDMyNDk4ODFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAulUwfam13gHt8CjDIRbsrOYVJtGf
uxypaJ/+BfLOaC725c8nG8hpPxDKKnMNh18GuqZIObSUEhCiN+Pp4OTZXZVqDuZU
VXOuIZg1CpcEYrHB3b1MuuFS8fCO7SshrNsOw72sAdn1H5mwwtLAeVztpoEo14wo
FtMtiqdEk+CU17z8bu+JmWmmuGrHq1IrAm4ddlyuyQdly716WuFXxSpEgAiMdbX2
udi+n4CCoDC5JDzVdTo5SeDHlplfmf8xyQ+5YrEu4wMsdzMkARJ2hRRIwGbQvPPr
Rkvbn6Gmw12HxtFrGU53i08NXHMLPWOxha5M4DKwIq+cpjr6992qM/e0CQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNVyLeDdntRgBYhAlwuj3vAySYgcMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMVhJdDROMmUxR0FGaUVDWEM2UGU4REpKaUJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACByHsUo7GdtUdvHZy9X
SSIkmJaJ3VOCHqztbqH473F1v4M6QshMjyEdDIN/EbrP8fOES3Qvba2NVjgQ7zqt
LaEFehQCkagXgoI4+G8K187UChH/Qv7MgG5fjfwrodVx7K96LjIQTqtS1rRbI4Y9
ImLr++8w+XsutX4LAb+ymocmlIN6zlckA6aUKbqwQPAkQ6UVaugqj9HtfhCzUWjK
0MmKG+AtmOVuqfohIU2m8xGv+ETjRf50faRucbM2MoHRpSkLV872XYRRyNtnRpm6
s2IStZmNSrCM3eDWxD6YEZeH3eUYG6nmie5M5M7k17sRHTBka8yHWdnv6HpWnv5P
m9o=
-----END CERTIFICATE-----