Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1YZUXpBIOOzrVcKfxQ5EgrIrOOU.roa
File:                     1YZUXpBIOOzrVcKfxQ5EgrIrOOU.roa (raw, json)
Hash identifier:          uU20sBOjM6GTEYIC9hPvcujqzimQsCx6ZnV8yGwrtns=
Subject key identifier:   D5:86:54:5E:90:48:38:EC:EB:55:C2:9F:C5:0E:44:82:B2:2B:38:E5
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018787DC009382EEC7F0B2DC38304A9A227B
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1YZUXpBIOOzrVcKfxQ5EgrIrOOU.roa
Signing time:             Sun 16 Apr 2023 02:19:14 +0000
ROA not before:           Sun 16 Apr 2023 02:19:14 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:87:dc:00:93:82:ee:c7:f0:b2:dc:38:30:4a:9a:22:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 16 02:19:14 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d586545e904838eceb55c29fc50e4482b22b38e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:b7:ca:ab:4f:21:fb:ca:44:34:c9:1a:40:08:
                    17:40:39:55:be:d5:b2:79:cb:3a:fe:82:f9:2e:a5:
                    76:eb:50:4b:31:a2:18:05:e8:6b:a4:0b:03:a5:e8:
                    5b:2c:55:0e:ae:d1:f0:33:eb:08:a2:4e:ea:e8:79:
                    fd:11:92:6f:49:e7:24:f2:58:fe:55:c8:f8:70:fa:
                    6f:6f:37:4d:0c:51:5e:00:6a:b8:d7:75:48:4f:38:
                    bb:54:2e:51:06:54:3e:a9:a8:f3:61:ef:77:d7:72:
                    5e:70:36:63:17:b7:3d:14:3f:42:3e:79:16:8b:68:
                    f6:8c:27:f1:e7:0e:50:de:a9:20:77:64:f3:54:0e:
                    24:63:7d:41:e2:eb:34:d6:51:48:fb:46:9d:c2:88:
                    b2:6f:9e:28:70:ad:8d:6d:9d:6d:2d:d1:c9:0d:c5:
                    b5:62:66:99:75:b5:95:0a:1d:16:51:ab:47:4c:d9:
                    d3:ab:4c:87:18:15:13:d5:a5:b6:58:e8:83:ea:9f:
                    78:42:ab:58:e5:70:26:1f:03:c9:e1:a8:19:50:20:
                    f5:c4:77:c4:e1:a9:4a:4b:53:60:61:21:3d:f6:02:
                    bd:41:57:1a:e0:27:5e:2c:cb:0b:3b:e9:2c:a9:72:
                    e9:a2:8b:6c:14:b5:44:85:f6:87:8a:cb:97:ff:b9:
                    61:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:86:54:5E:90:48:38:EC:EB:55:C2:9F:C5:0E:44:82:B2:2B:38:E5
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1YZUXpBIOOzrVcKfxQ5EgrIrOOU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         b2:e4:08:8d:4a:50:7c:21:36:29:27:b2:7d:f8:90:ef:a2:75:
         41:23:92:20:c5:47:a8:d1:09:27:d4:81:80:be:f8:98:c7:c0:
         2b:9a:43:48:23:99:87:d8:fe:84:b3:72:50:d3:b0:e0:b5:d3:
         b3:b3:3e:d7:bb:92:25:93:eb:0a:52:37:3d:0d:d2:33:f3:e6:
         36:b0:14:bf:c3:2f:81:67:10:da:f7:da:8a:9d:52:00:f2:9f:
         a0:d9:bc:83:9c:cc:79:ca:64:5c:d7:94:01:64:4e:c8:e1:f6:
         76:6d:3f:4c:a6:46:00:c5:1d:9a:54:c9:e3:e0:1c:e8:65:f7:
         98:89:c4:e8:a6:f7:85:37:3e:fc:e4:5b:42:df:eb:ef:8c:87:
         a7:fe:a4:2f:5c:35:65:de:85:82:79:f9:29:c4:de:a6:52:fc:
         e0:da:46:3b:2d:65:f5:67:a7:df:36:65:0d:33:91:3b:85:91:
         8f:db:ef:9a:92:ec:50:34:6f:f1:f2:42:e7:2b:01:a8:a6:5d:
         27:21:8a:ee:93:a2:76:77:85:20:a9:d5:97:27:b2:b8:9b:b0:
         c3:8b:27:e2:a8:73:66:78:d6:a5:16:4c:4e:cc:38:72:26:7b:
         0d:2b:d2:17:1a:4b:b7:c6:25:59:b9:ca:93:57:15:0e:81:61:
         63:ed:68:2d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYeH3ACTgu7H8LLcODBKmiJ7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDE2MDIxOTE0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTg2NTQ1ZTkwNDgzOGVjZWI1NWMyOWZjNTBlNDQ4MmIyMmIzOGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmrfKq08h+8pENMkaQAgXQDlVvtWy
ecs6/oL5LqV261BLMaIYBehrpAsDpehbLFUOrtHwM+sIok7q6Hn9EZJvSeck8lj+
Vcj4cPpvbzdNDFFeAGq413VITzi7VC5RBlQ+qajzYe9313JecDZjF7c9FD9CPnkW
i2j2jCfx5w5Q3qkgd2TzVA4kY31B4us01lFI+0adwoiyb54ocK2NbZ1tLdHJDcW1
YmaZdbWVCh0WUatHTNnTq0yHGBUT1aW2WOiD6p94QqtY5XAmHwPJ4agZUCD1xHfE
4alKS1NgYSE99gK9QVca4CdeLMsLO+ksqXLpootsFLVEhfaHisuX/7lhmwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNWGVF6QSDjs61XCn8UORIKyKzjlMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMVlaVVhwQklPT3pyVmNLZnhRNUVncklyT09VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBALLkCI1KUHwhNiknsn34
kO+idUEjkiDFR6jRCSfUgYC++JjHwCuaQ0gjmYfY/oSzclDTsOC107OzPte7kiWT
6wpSNz0N0jPz5jawFL/DL4FnENr32oqdUgDyn6DZvIOczHnKZFzXlAFkTsjh9nZt
P0ymRgDFHZpUyePgHOhl95iJxOim94U3PvzkW0Lf6++Mh6f+pC9cNWXehYJ5+SnE
3qZS/ODaRjstZfVnp982ZQ0zkTuFkY/b75qS7FA0b/HyQucrAaimXSchiu6TonZ3
hSCp1ZcnsribsMOLJ+Koc2Z41qUWTE7MOHImew0r0hcaS7fGJVm5ypNXFQ6BYWPt
aC0=
-----END CERTIFICATE-----