Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1fIume2FfQpaUW5oXF-_xjgYXtU.roa
File:                     1fIume2FfQpaUW5oXF-_xjgYXtU.roa (raw, json)
Hash identifier:          RJ3L8/36P9IL2WjMW6hc2La68wBXJO3udMYuJuPbE4s=
Subject key identifier:   D5:F2:2E:99:ED:85:7D:0A:5A:51:6E:68:5C:5F:BF:C6:38:18:5E:D5
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01876CC9E1D6D71C1C983C7CDFE0F30895A3
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1fIume2FfQpaUW5oXF-_xjgYXtU.roa
Signing time:             Mon 10 Apr 2023 20:09:42 +0000
ROA not before:           Mon 10 Apr 2023 20:09:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:6c:c9:e1:d6:d7:1c:1c:98:3c:7c:df:e0:f3:08:95:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 10 20:09:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d5f22e99ed857d0a5a516e685c5fbfc638185ed5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:f1:d5:43:d5:dc:42:29:f8:68:cb:3c:49:ab:
                    0c:d0:7a:c7:c0:0a:84:54:69:43:ee:16:9b:a0:3b:
                    53:f3:a9:ce:0c:6a:df:c5:16:27:ca:42:62:60:e4:
                    e2:92:27:23:19:79:95:e7:5a:4b:a0:ae:27:75:7f:
                    cd:9b:62:b8:c9:14:3d:74:0a:47:ef:98:b9:01:87:
                    e0:c3:7b:cd:3d:34:0e:5c:cc:f7:1c:b9:25:84:05:
                    76:cc:2d:23:da:0a:e0:6f:33:d9:e6:64:66:ec:2e:
                    80:29:28:13:10:29:c9:70:e1:57:7c:3c:4a:fc:76:
                    b7:9c:2a:15:78:cd:f4:ed:6f:3f:a3:2b:b9:30:ef:
                    c9:dd:1b:92:df:03:66:61:88:d7:42:2f:94:a6:e0:
                    90:5e:00:d7:c9:05:0a:c6:2e:ee:f3:d4:2a:f8:f4:
                    a7:0d:d5:85:ca:32:f4:31:45:ab:83:24:56:be:3c:
                    a4:7b:f8:0e:14:fa:03:9c:5c:a1:3f:f4:1b:81:e5:
                    4b:d7:c1:3e:3e:43:ab:fc:d4:61:ba:17:91:99:99:
                    82:38:32:60:99:df:46:f1:46:f8:20:42:71:44:a2:
                    21:0c:59:ce:99:d6:87:38:9e:6c:20:6e:8f:b0:49:
                    0c:42:2a:61:87:91:0c:05:da:1e:91:36:ce:53:f7:
                    a7:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:F2:2E:99:ED:85:7D:0A:5A:51:6E:68:5C:5F:BF:C6:38:18:5E:D5
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1fIume2FfQpaUW5oXF-_xjgYXtU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:f8:7a:8e:67:7d:e4:0c:37:94:b8:8d:51:04:80:c7:70:76:
         ca:9c:0d:8b:ef:a0:69:9b:3c:92:e1:75:45:39:3b:a2:df:cb:
         67:41:81:66:ec:da:49:3c:93:65:20:89:88:1c:a7:1e:43:20:
         44:7f:1b:41:28:84:19:30:be:ab:6d:26:8a:a7:1b:ba:8c:90:
         77:b4:86:ce:f6:02:50:87:cd:6a:7d:3f:82:28:96:57:13:13:
         4c:07:7b:bf:cc:ab:95:b7:23:91:dd:23:b9:ec:ff:3d:23:de:
         33:82:85:32:15:e0:72:a6:c9:8b:28:4c:34:3e:60:4a:9a:02:
         dd:b3:d2:ec:a8:91:f2:c3:34:66:85:9a:c4:58:e2:81:b7:98:
         63:6b:10:ea:95:b8:0d:20:b9:84:c2:96:3f:46:a1:3c:97:12:
         18:22:7f:d4:5e:b3:3a:b0:d7:e2:88:fa:9a:fe:1f:b9:25:de:
         13:1a:0f:35:72:47:f9:ab:70:fe:7c:53:8f:3b:67:5c:1f:95:
         45:34:cc:cc:a0:05:39:78:a9:e4:cb:9a:5c:cd:f7:6d:3a:68:
         58:1e:2f:8c:82:c2:74:65:c1:7e:c6:a3:ff:89:9c:9c:59:3d:
         b9:80:d2:c8:65:64:e5:37:fb:e6:f4:23:58:ff:e9:b4:f0:bb:
         0a:74:f3:c2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdsyeHW1xwcmDx83+DzCJWjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDEwMjAwOTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWYyMmU5OWVkODU3ZDBhNWE1MTZlNjg1YzVmYmZjNjM4MTg1ZWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlfHVQ9XcQin4aMs8SasM0HrHwAqE
VGlD7haboDtT86nODGrfxRYnykJiYOTikicjGXmV51pLoK4ndX/Nm2K4yRQ9dApH
75i5AYfgw3vNPTQOXMz3HLklhAV2zC0j2grgbzPZ5mRm7C6AKSgTECnJcOFXfDxK
/Ha3nCoVeM307W8/oyu5MO/J3RuS3wNmYYjXQi+UpuCQXgDXyQUKxi7u89Qq+PSn
DdWFyjL0MUWrgyRWvjyke/gOFPoDnFyhP/QbgeVL18E+PkOr/NRhuheRmZmCODJg
md9G8Ub4IEJxRKIhDFnOmdaHOJ5sIG6PsEkMQiphh5EMBdoekTbOU/endwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNXyLpnthX0KWlFuaFxfv8Y4GF7VMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMWZJdW1lMkZmUXBhVVc1b1hGLV94amdZWHRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFH4eo5nfeQMN5S4jVEE
gMdwdsqcDYvvoGmbPJLhdUU5O6Lfy2dBgWbs2kk8k2UgiYgcpx5DIER/G0EohBkw
vqttJoqnG7qMkHe0hs72AlCHzWp9P4IollcTE0wHe7/Mq5W3I5HdI7ns/z0j3jOC
hTIV4HKmyYsoTDQ+YEqaAt2z0uyokfLDNGaFmsRY4oG3mGNrEOqVuA0guYTClj9G
oTyXEhgif9Reszqw1+KI+pr+H7kl3hMaDzVyR/mrcP58U487Z1wflUU0zMygBTl4
qeTLmlzN9206aFgeL4yCwnRlwX7Go/+JnJxZPbmA0shlZOU3++b0I1j/6bTwuwp0
88I=
-----END CERTIFICATE-----