Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1l9u3_89ShuqYlxH1HYTZasUdbc.roa
File:                     1l9u3_89ShuqYlxH1HYTZasUdbc.roa (raw, json)
Hash identifier:          mrfg3SPNhlUFLedluOY0hHjiwNh6x1+mlYIqiQY3F1I=
Subject key identifier:   D6:5F:6E:DF:FF:3D:4A:1B:AA:62:5C:47:D4:76:13:65:AB:14:75:B7
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187B5889C8011C937D36685C6AFA9EDBA4E
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1l9u3_89ShuqYlxH1HYTZasUdbc.roa
Signing time:             Mon 24 Apr 2023 23:10:41 +0000
ROA not before:           Mon 24 Apr 2023 23:10:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:b5:88:9c:80:11:c9:37:d3:66:85:c6:af:a9:ed:ba:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 24 23:10:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d65f6edfff3d4a1baa625c47d4761365ab1475b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:5e:30:1d:ad:f1:37:ab:4b:90:ed:ab:4e:ed:
                    74:54:15:dc:aa:c2:0a:35:b4:2b:68:b6:42:0d:ce:
                    ef:5d:91:7e:ac:20:86:ef:1b:bd:53:5d:45:35:cc:
                    db:5b:da:88:48:e1:73:7c:fd:07:61:4c:e0:45:ae:
                    a6:3d:10:9e:25:31:a1:ef:61:34:6b:02:69:d3:e6:
                    74:a1:8f:27:3a:8c:40:cd:17:78:ac:83:db:19:0f:
                    99:0c:38:4d:0c:ff:61:15:e0:82:43:a3:95:d7:c3:
                    d2:18:f7:98:99:5c:be:21:53:af:de:7c:50:f0:05:
                    0a:1a:da:cc:0a:f3:ec:40:29:36:5f:c2:84:5f:07:
                    5a:62:ea:8f:22:e7:57:d6:71:e0:9c:dc:49:ef:ad:
                    ab:7f:b9:a9:c0:5b:ec:24:3d:4c:68:7a:5e:f3:41:
                    06:52:65:95:5e:8e:0c:27:35:83:98:2f:0f:a1:cb:
                    23:e1:1a:8e:95:80:60:7d:5d:51:88:64:41:1e:59:
                    cd:72:5f:7c:23:58:83:54:4b:b7:83:70:fe:80:ff:
                    79:16:71:52:30:fa:9a:df:a8:a7:6d:dc:7d:1f:7c:
                    78:ca:6e:a7:5c:3b:bc:47:c0:e7:03:bf:d4:3d:65:
                    4f:2e:28:f7:c2:21:86:c0:c5:4a:c9:39:28:70:2d:
                    a7:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:5F:6E:DF:FF:3D:4A:1B:AA:62:5C:47:D4:76:13:65:AB:14:75:B7
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1l9u3_89ShuqYlxH1HYTZasUdbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         19:9c:bc:ad:b2:9c:46:8d:54:54:71:33:d7:f0:91:4b:66:5b:
         39:cc:c0:2b:d5:9a:a1:86:d1:11:c1:68:a8:34:6d:19:40:ea:
         fc:6e:2f:c2:19:4b:be:69:2c:f9:19:dc:c2:08:f9:ba:51:0c:
         38:77:45:19:cd:c5:35:66:c1:79:e5:f1:ae:66:16:63:03:22:
         68:80:6b:4c:99:55:43:35:30:6d:11:14:6b:59:82:70:7e:2d:
         f4:9c:a0:8a:e1:19:02:41:cc:59:cc:c6:b3:b9:67:33:be:a8:
         38:f7:d8:06:da:80:74:ac:5d:1a:3f:fb:9e:40:be:8e:19:ca:
         79:30:84:34:db:0c:8b:ca:b3:8b:0b:09:88:ac:35:2a:63:b3:
         bf:7a:29:c6:76:19:f4:93:75:fe:2d:bd:51:a7:21:0a:5d:3f:
         95:a5:60:76:e2:25:df:13:8b:b2:b4:3c:80:93:33:b4:9d:71:
         9b:4e:a5:95:61:18:37:11:a4:4c:bd:92:2b:2b:d5:8e:99:4a:
         34:01:11:c4:48:7a:be:e3:4e:78:3d:5d:f0:a5:f1:ff:0d:dc:
         32:cf:51:79:e7:91:b9:82:2a:c8:d2:e0:76:35:56:ee:43:c2:
         aa:51:65:bb:8d:5b:a3:11:54:e4:a1:fa:4e:f0:a6:e3:05:4b:
         0a:17:c5:23
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYe1iJyAEck302aFxq+p7bpOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDI0MjMxMDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjVmNmVkZmZmM2Q0YTFiYWE2MjVjNDdkNDc2MTM2NWFiMTQ3NWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoV4wHa3xN6tLkO2rTu10VBXcqsIK
NbQraLZCDc7vXZF+rCCG7xu9U11FNczbW9qISOFzfP0HYUzgRa6mPRCeJTGh72E0
awJp0+Z0oY8nOoxAzRd4rIPbGQ+ZDDhNDP9hFeCCQ6OV18PSGPeYmVy+IVOv3nxQ
8AUKGtrMCvPsQCk2X8KEXwdaYuqPIudX1nHgnNxJ762rf7mpwFvsJD1MaHpe80EG
UmWVXo4MJzWDmC8Pocsj4RqOlYBgfV1RiGRBHlnNcl98I1iDVEu3g3D+gP95FnFS
MPqa36inbdx9H3x4ym6nXDu8R8DnA7/UPWVPLij3wiGGwMVKyTkocC2n0QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNZfbt//PUobqmJcR9R2E2WrFHW3MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMWw5dTNfODlTaHVxWWx4SDFIWVRaYXNVZGJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABmcvK2ynEaNVFRxM9fw
kUtmWznMwCvVmqGG0RHBaKg0bRlA6vxuL8IZS75pLPkZ3MII+bpRDDh3RRnNxTVm
wXnl8a5mFmMDImiAa0yZVUM1MG0RFGtZgnB+LfScoIrhGQJBzFnMxrO5ZzO+qDj3
2AbagHSsXRo/+55Avo4ZynkwhDTbDIvKs4sLCYisNSpjs796KcZ2GfSTdf4tvVGn
IQpdP5WlYHbiJd8Ti7K0PICTM7SdcZtOpZVhGDcRpEy9kisr1Y6ZSjQBEcRIer7j
Tng9XfCl8f8N3DLPUXnnkbmCKsjS4HY1Vu5DwqpRZbuNW6MRVOSh+k7wpuMFSwoX
xSM=
-----END CERTIFICATE-----