Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1tK1EjuoVmSW7HpJ8t-VGJ7Ckjc.roa
File:                     1tK1EjuoVmSW7HpJ8t-VGJ7Ckjc.roa (raw, json)
Hash identifier:          5SZ8LBV8yqYT5MFDisfGrm7b/61Ft/WGhBaHciq/kO4=
Subject key identifier:   D6:D2:B5:12:3B:A8:56:64:96:EC:7A:49:F2:DF:95:18:9E:C2:92:37
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01885A8AC94E8F5D95FFE9FB7A35D91A3392
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1tK1EjuoVmSW7HpJ8t-VGJ7Ckjc.roa
Signing time:             Sat 27 May 2023 00:10:24 +0000
ROA not before:           Sat 27 May 2023 00:10:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:5a:8a:c9:4e:8f:5d:95:ff:e9:fb:7a:35:d9:1a:33:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 27 00:10:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d6d2b5123ba8566496ec7a49f2df95189ec29237
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:c0:84:f1:c0:52:2b:b2:d7:cf:c1:b7:6e:cb:
                    2c:a9:f6:e5:98:96:84:b4:f7:89:08:c3:f8:af:89:
                    e0:9a:7c:0a:19:0a:f9:2c:81:93:4c:0f:57:63:df:
                    75:1c:77:b7:76:e4:cd:98:6d:1c:5f:e5:ed:d3:ba:
                    6c:8e:50:d7:6c:dd:38:1c:16:6b:a0:c1:84:59:51:
                    a1:0d:05:67:df:b2:66:85:1c:2b:15:25:3f:3a:81:
                    d5:07:57:4b:eb:f9:b8:81:ff:34:67:fe:7d:49:be:
                    38:5e:72:ad:8a:0d:c8:bf:bc:87:bf:9f:35:2a:0a:
                    10:37:7a:a9:53:b5:c5:f7:f9:9c:c5:7f:17:66:33:
                    67:b1:93:74:1a:ba:91:31:8e:e6:dc:43:2b:2d:b3:
                    05:09:a8:76:cb:50:50:f2:b2:ad:41:c7:a2:53:df:
                    39:45:2d:14:37:21:d7:14:6e:99:47:5a:6e:a9:f8:
                    93:8f:f2:b3:08:80:7c:dc:61:01:de:3f:21:c6:46:
                    f6:9f:9c:46:7b:5c:6e:62:73:6d:32:1d:22:43:00:
                    9e:e3:22:64:ac:46:3c:79:34:39:55:36:e3:03:d5:
                    7d:f5:3d:35:12:51:59:0f:a4:75:04:02:fe:e0:5c:
                    03:b5:63:4c:30:42:e5:b7:81:2e:25:5a:9b:96:b1:
                    bf:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:D2:B5:12:3B:A8:56:64:96:EC:7A:49:F2:DF:95:18:9E:C2:92:37
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1tK1EjuoVmSW7HpJ8t-VGJ7Ckjc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         5b:f5:c3:f5:fb:7d:89:ec:df:00:0d:10:43:a3:d4:0a:f4:45:
         2c:36:98:71:e9:87:86:64:af:33:1e:7f:df:a1:01:39:04:f4:
         28:e8:bb:07:b3:9d:17:e5:94:2b:7a:b7:02:22:4e:e2:6e:13:
         7a:41:52:6f:f0:ce:2d:3f:4d:ee:21:eb:4e:5c:0e:35:fa:70:
         6d:bb:1f:bf:cb:af:50:b9:91:8b:61:b4:3c:ee:0e:28:b5:a5:
         ea:f8:18:0b:38:2d:0d:5d:29:3f:fd:dd:dd:fd:52:ee:b2:fa:
         2f:21:2c:63:d0:22:e9:74:41:59:1d:89:1f:48:78:50:c1:3d:
         60:da:f7:29:d3:c3:be:f1:62:21:46:58:5f:7a:16:78:97:65:
         41:8e:a9:f5:24:9d:60:ab:0b:70:5c:42:9f:00:69:a6:ac:46:
         ab:07:ad:a3:c5:ef:d9:4b:a6:3b:32:a3:fe:6f:73:8d:bf:d0:
         b8:a7:5a:96:5c:10:4f:0f:67:47:7a:1f:b5:b9:58:0c:21:06:
         6f:ec:94:27:41:6b:4f:e1:a1:b6:33:f3:c4:9f:2b:90:eb:a0:
         57:65:be:3c:57:77:52:39:cc:6d:fd:2a:b9:87:e7:89:b3:6c:
         c6:52:94:a9:6d:6b:3b:3e:31:c3:0f:99:06:c4:8e:65:65:9c:
         4d:eb:4f:03
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhaislOj12V/+n7ejXZGjOSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTI3MDAxMDI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmQyYjUxMjNiYTg1NjY0OTZlYzdhNDlmMmRmOTUxODllYzI5MjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg8CE8cBSK7LXz8G3bsssqfblmJaE
tPeJCMP4r4ngmnwKGQr5LIGTTA9XY991HHe3duTNmG0cX+Xt07psjlDXbN04HBZr
oMGEWVGhDQVn37JmhRwrFSU/OoHVB1dL6/m4gf80Z/59Sb44XnKtig3Iv7yHv581
KgoQN3qpU7XF9/mcxX8XZjNnsZN0GrqRMY7m3EMrLbMFCah2y1BQ8rKtQceiU985
RS0UNyHXFG6ZR1puqfiTj/KzCIB83GEB3j8hxkb2n5xGe1xuYnNtMh0iQwCe4yJk
rEY8eTQ5VTbjA9V99T01ElFZD6R1BAL+4FwDtWNMMELlt4EuJVqblrG/qwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNbStRI7qFZklux6SfLflRiewpI3MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMXRLMUVqdW9WbVNXN0hwSjh0LVZHSjdDa2pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFv1w/X7fYns3wANEEOj
1Ar0RSw2mHHph4ZkrzMef9+hATkE9CjouweznRfllCt6twIiTuJuE3pBUm/wzi0/
Te4h605cDjX6cG27H7/Lr1C5kYthtDzuDii1per4GAs4LQ1dKT/93d39Uu6y+i8h
LGPQIul0QVkdiR9IeFDBPWDa9ynTw77xYiFGWF96FniXZUGOqfUknWCrC3BcQp8A
aaasRqsHraPF79lLpjsyo/5vc42/0LinWpZcEE8PZ0d6H7W5WAwhBm/slCdBa0/h
obYz88SfK5DroFdlvjxXd1I5zG39KrmH54mzbMZSlKltazs+McMPmQbEjmVlnE3r
TwM=
-----END CERTIFICATE-----