Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2O46bGYDGM3Dh_7QCda0Xz3JEmc.roa
File:                     2O46bGYDGM3Dh_7QCda0Xz3JEmc.roa (raw, json)
Hash identifier:          Q9QX9cLyxva6Q3kmu1j5RHmeKkXYqKhaANUy/YSd7QQ=
Subject key identifier:   D8:EE:3A:6C:66:03:18:CD:C3:87:FE:D0:09:D6:B4:5F:3D:C9:12:67
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01870940FE085A516EF82E2DBDF9E20B82EF
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2O46bGYDGM3Dh_7QCda0Xz3JEmc.roa
Signing time:             Wed 22 Mar 2023 12:17:46 +0000
ROA not before:           Wed 22 Mar 2023 12:17:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:09:40:fe:08:5a:51:6e:f8:2e:2d:bd:f9:e2:0b:82:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 22 12:17:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d8ee3a6c660318cdc387fed009d6b45f3dc91267
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:56:5f:89:42:48:5a:c1:9f:be:98:ad:a3:82:
                    c0:ec:ee:24:0c:48:c9:e4:20:24:2c:78:ac:85:df:
                    90:82:e6:a7:19:b0:6a:a8:a3:d3:c5:05:02:be:aa:
                    1a:96:ff:ca:93:57:4e:ba:a0:35:61:ec:57:b0:46:
                    4a:9d:af:63:95:ce:05:49:7b:85:a6:c0:27:64:57:
                    b8:ab:06:b8:22:67:e5:30:58:b2:e4:74:64:ee:49:
                    09:25:3e:c6:65:e9:7d:06:75:b4:87:d8:ee:a8:ec:
                    cf:ac:19:d1:40:f5:45:f3:5c:8c:3a:f9:7c:1c:16:
                    f0:2e:9b:21:0a:2e:09:19:ea:38:a2:8f:68:1d:84:
                    3c:ad:61:2f:87:2d:05:34:ad:5b:ae:ea:2b:a5:34:
                    b9:ed:6d:dd:6f:3d:9d:99:4d:0a:5b:8b:47:ff:c5:
                    24:e4:b5:08:4c:e7:37:21:7d:eb:d2:db:67:2f:f1:
                    bc:50:3f:bf:c3:48:51:50:74:9f:b5:5f:d8:e3:72:
                    ea:16:e9:1c:01:3d:37:c4:5a:aa:cb:44:51:d8:88:
                    52:4b:40:56:42:f0:70:a6:4d:4d:7a:5e:40:3e:88:
                    bb:75:5a:73:7f:cf:a0:2b:85:79:d1:bb:d8:76:57:
                    9c:54:47:85:1e:08:70:36:3e:62:e6:48:64:ed:f6:
                    db:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:EE:3A:6C:66:03:18:CD:C3:87:FE:D0:09:D6:B4:5F:3D:C9:12:67
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2O46bGYDGM3Dh_7QCda0Xz3JEmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         78:76:d0:95:9e:d6:98:90:50:9f:d3:66:78:6f:17:5d:9a:13:
         33:5d:70:c5:34:91:9b:45:82:fd:62:3d:d5:c6:1f:3d:34:c8:
         0d:44:80:e7:01:cf:9c:b5:f8:a3:3e:81:95:a5:be:66:61:9d:
         62:11:ad:5b:43:0c:c9:71:42:ae:e0:05:92:fc:dd:2a:91:87:
         31:48:0a:54:98:e0:2f:f7:37:46:bd:95:2f:3f:43:b2:96:e6:
         88:22:e1:8c:32:e9:a5:b0:e7:5d:20:e3:a3:c1:75:40:73:97:
         25:7f:c1:11:ad:23:a1:0d:92:6c:19:de:61:bd:3f:a9:9a:18:
         18:32:24:c9:9f:b9:63:e0:56:66:0c:a2:70:79:62:79:0b:fd:
         4e:68:3f:b9:03:16:60:21:59:24:73:d0:7c:7b:5f:a0:14:70:
         f2:42:a6:8f:a8:c4:a4:69:b3:0f:0b:f2:53:75:49:ac:66:bd:
         bd:32:f0:bb:d2:c6:ee:98:fb:72:c0:e5:12:db:11:f7:4d:30:
         fa:59:15:90:5e:fd:95:1d:0f:aa:84:6f:ae:a6:29:f1:38:29:
         a9:93:9c:c4:38:a9:0c:15:ff:ce:08:5e:f2:ce:fa:88:17:90:
         5e:e9:0e:1c:67:c4:f1:58:cf:00:94:4b:fa:c8:05:09:81:02:
         b2:59:4a:31
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcJQP4IWlFu+C4tvfniC4LvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzIyMTIxNzQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGVlM2E2YzY2MDMxOGNkYzM4N2ZlZDAwOWQ2YjQ1ZjNkYzkxMjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFZfiUJIWsGfvpito4LA7O4kDEjJ
5CAkLHishd+QguanGbBqqKPTxQUCvqoalv/Kk1dOuqA1YexXsEZKna9jlc4FSXuF
psAnZFe4qwa4ImflMFiy5HRk7kkJJT7GZel9BnW0h9juqOzPrBnRQPVF81yMOvl8
HBbwLpshCi4JGeo4oo9oHYQ8rWEvhy0FNK1bruorpTS57W3dbz2dmU0KW4tH/8Uk
5LUITOc3IX3r0ttnL/G8UD+/w0hRUHSftV/Y43LqFukcAT03xFqqy0RR2IhSS0BW
QvBwpk1Nel5APoi7dVpzf8+gK4V50bvYdlecVEeFHghwNj5i5khk7fbb8QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNjuOmxmAxjNw4f+0AnWtF89yRJnMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMk80NmJHWURHTTNEaF83UUNkYTBYejNKRW1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHh20JWe1piQUJ/TZnhv
F12aEzNdcMU0kZtFgv1iPdXGHz00yA1EgOcBz5y1+KM+gZWlvmZhnWIRrVtDDMlx
Qq7gBZL83SqRhzFIClSY4C/3N0a9lS8/Q7KW5ogi4Ywy6aWw510g46PBdUBzlyV/
wRGtI6ENkmwZ3mG9P6maGBgyJMmfuWPgVmYMonB5YnkL/U5oP7kDFmAhWSRz0Hx7
X6AUcPJCpo+oxKRpsw8L8lN1Saxmvb0y8LvSxu6Y+3LA5RLbEfdNMPpZFZBe/ZUd
D6qEb66mKfE4KamTnMQ4qQwV/84IXvLO+ogXkF7pDhxnxPFYzwCUS/rIBQmBArJZ
SjE=
-----END CERTIFICATE-----