Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1wmjF_3F1Y7zk-PaPABvsESA4vQ.roa
File:                     1wmjF_3F1Y7zk-PaPABvsESA4vQ.roa (raw, json)
Hash identifier:          lXfncami+1te8K+IB1pgw6OHIhl5bp+XYKsPcO3M+5k=
Subject key identifier:   D7:09:A3:17:FD:C5:D5:8E:F3:93:E3:DA:3C:00:6F:B0:44:80:E2:F4
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187F08C1A815B0E56E3C48891C1CAEB7B91
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1wmjF_3F1Y7zk-PaPABvsESA4vQ.roa
Signing time:             Sat 06 May 2023 10:12:06 +0000
ROA not before:           Sat 06 May 2023 10:12:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:f0:8c:1a:81:5b:0e:56:e3:c4:88:91:c1:ca:eb:7b:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  6 10:12:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d709a317fdc5d58ef393e3da3c006fb04480e2f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:27:3f:71:7e:ee:15:5a:a3:e1:23:3f:39:1b:
                    40:42:d5:c6:94:aa:27:c2:b6:7a:bc:96:fa:84:9a:
                    75:67:28:48:fd:83:ce:31:f3:9e:dc:65:d6:ca:a1:
                    ae:18:73:93:79:6f:d2:1c:d6:c9:24:fc:29:d2:4c:
                    c0:e1:2e:51:a7:32:71:d3:71:8a:42:99:b0:ca:bf:
                    7c:cd:95:5a:ee:5c:66:6c:81:99:2e:5c:c6:cd:e9:
                    0f:c9:41:82:95:bf:1b:45:97:1d:c5:e9:72:e9:14:
                    ec:57:a4:c9:83:45:ae:23:de:19:cb:cc:b5:da:0f:
                    1b:b3:76:c5:af:34:f5:7f:6f:32:57:b4:33:8c:37:
                    97:3d:27:86:e0:3b:1d:3b:0f:d1:b5:41:5e:55:e6:
                    6e:1e:ac:c1:fa:05:d5:94:1b:d0:3b:79:a5:cd:57:
                    0b:1b:a5:ed:69:b2:d1:29:cc:20:36:28:a1:e0:76:
                    36:5a:eb:36:11:18:2a:ca:c9:82:8e:55:be:88:6c:
                    24:ff:f0:e3:c0:e0:50:07:0c:5c:73:8b:96:a5:37:
                    a1:59:58:8d:b9:19:ee:77:20:3b:7a:27:5b:52:5d:
                    02:45:00:bd:93:8d:5b:1c:b6:e6:ce:36:92:aa:db:
                    7d:d1:5d:5d:4b:65:fc:84:95:dd:b8:0e:40:ed:d6:
                    d4:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:09:A3:17:FD:C5:D5:8E:F3:93:E3:DA:3C:00:6F:B0:44:80:E2:F4
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1wmjF_3F1Y7zk-PaPABvsESA4vQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         5b:ca:ef:41:b1:f4:3a:a1:9e:79:da:69:9b:52:15:16:a9:52:
         62:ff:b3:ae:7c:c6:7c:be:e3:ac:46:c5:2c:dc:ac:a2:69:7c:
         3c:c9:13:7e:65:cf:ac:cd:68:24:92:40:c0:d8:90:f8:52:0d:
         32:bc:06:fa:9e:a4:4f:be:72:36:a7:5c:92:5f:af:cc:de:69:
         6b:1a:47:e6:cf:c8:aa:fc:bb:fe:09:22:59:0e:a1:52:7b:0c:
         d8:ff:6e:34:41:26:35:bf:21:28:15:12:97:a4:df:01:6c:8a:
         3b:68:10:53:91:04:8c:24:71:a0:e0:c4:27:0f:25:9e:53:c8:
         a6:16:3f:39:ac:06:35:c4:f3:15:23:d8:c0:77:96:4f:a9:67:
         3e:fa:90:28:73:64:75:7c:0d:9d:cf:6d:f6:e8:a4:f2:9e:d6:
         35:67:70:8b:ae:00:28:61:89:27:ba:eb:a5:c7:30:58:9e:cd:
         21:7e:49:cf:20:56:21:c7:73:e8:86:95:29:db:1b:3c:0d:31:
         8f:62:b8:7d:5e:58:f2:46:9e:12:88:09:7d:91:0f:e8:6b:14:
         3f:c6:d6:8e:5f:50:a9:47:a7:45:5c:a5:53:26:7a:32:6a:be:
         52:f6:7f:96:a0:15:10:57:c0:45:e6:31:e8:27:45:53:02:bb:
         5c:f7:ea:83
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfwjBqBWw5W48SIkcHK63uRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA2MTAxMjA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzA5YTMxN2ZkYzVkNThlZjM5M2UzZGEzYzAwNmZiMDQ0ODBlMmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArSc/cX7uFVqj4SM/ORtAQtXGlKon
wrZ6vJb6hJp1ZyhI/YPOMfOe3GXWyqGuGHOTeW/SHNbJJPwp0kzA4S5RpzJx03GK
Qpmwyr98zZVa7lxmbIGZLlzGzekPyUGClb8bRZcdxely6RTsV6TJg0WuI94Zy8y1
2g8bs3bFrzT1f28yV7QzjDeXPSeG4DsdOw/RtUFeVeZuHqzB+gXVlBvQO3mlzVcL
G6XtabLRKcwgNiih4HY2Wus2ERgqysmCjlW+iGwk//DjwOBQBwxcc4uWpTehWViN
uRnudyA7eidbUl0CRQC9k41bHLbmzjaSqtt90V1dS2X8hJXduA5A7dbUMwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNcJoxf9xdWO85Pj2jwAb7BEgOL0MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMXdtakZfM0YxWTd6ay1QYVBBQnZzRVNBNHZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFvK70Gx9DqhnnnaaZtS
FRapUmL/s658xny+46xGxSzcrKJpfDzJE35lz6zNaCSSQMDYkPhSDTK8BvqepE++
cjanXJJfr8zeaWsaR+bPyKr8u/4JIlkOoVJ7DNj/bjRBJjW/ISgVEpek3wFsijto
EFORBIwkcaDgxCcPJZ5TyKYWPzmsBjXE8xUj2MB3lk+pZz76kChzZHV8DZ3Pbfbo
pPKe1jVncIuuAChhiSe666XHMFiezSF+Sc8gViHHc+iGlSnbGzwNMY9iuH1eWPJG
nhKICX2RD+hrFD/G1o5fUKlHp0VcpVMmejJqvlL2f5agFRBXwEXmMegnRVMCu1z3
6oM=
-----END CERTIFICATE-----