Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2V0ciYsm6k-OX21nWPbJPOr41mw.roa
File:                     2V0ciYsm6k-OX21nWPbJPOr41mw.roa (raw, json)
Hash identifier:          wztWfLmkx8HTAGXBBSIjKK3Q0WZPf0DsCltG0DHGSZw=
Subject key identifier:   D9:5D:1C:89:8B:26:EA:4F:8E:5F:6D:67:58:F6:C9:3C:EA:F8:D6:6C
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187CCB451213DAD96B90CA30251599D8A2A
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2V0ciYsm6k-OX21nWPbJPOr41mw.roa
Signing time:             Sat 29 Apr 2023 11:09:41 +0000
ROA not before:           Sat 29 Apr 2023 11:09:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:cc:b4:51:21:3d:ad:96:b9:0c:a3:02:51:59:9d:8a:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 29 11:09:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d95d1c898b26ea4f8e5f6d6758f6c93ceaf8d66c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:f9:ab:8c:aa:45:ef:cd:13:32:2c:64:0a:ca:
                    d2:a5:bb:3e:4e:97:62:67:e4:60:b1:ec:42:93:70:
                    2c:c2:95:79:57:22:2d:9e:97:db:06:24:42:7c:aa:
                    f0:df:d4:bf:5b:4b:b6:57:6f:7a:ff:09:57:1b:eb:
                    71:d5:fa:db:43:8a:9c:e4:2b:24:9d:a7:8f:b3:dc:
                    7c:fb:ab:0a:91:bb:5a:de:15:e9:d3:e1:6d:54:0e:
                    1e:a8:48:e6:d2:5a:58:85:a8:d1:3d:7e:ed:57:3f:
                    dd:73:89:47:d6:14:cc:d7:7b:fb:26:37:b6:52:c0:
                    de:39:25:00:9c:fa:af:a7:7f:da:f9:2b:52:34:8a:
                    8a:c1:bb:61:8e:b9:39:6b:97:64:5a:05:2c:57:16:
                    cc:ff:4c:a6:9d:19:61:30:a2:39:d1:4d:ca:05:d8:
                    83:2b:f8:91:a5:bb:f0:49:cb:72:e2:ef:f6:62:ce:
                    28:66:4e:62:e2:7f:d8:58:0d:22:36:d2:ba:db:46:
                    3a:a3:dc:ee:3d:d2:46:c8:09:e9:ed:95:7b:f3:20:
                    bb:be:a6:f2:39:79:3f:5a:7e:57:45:95:be:22:60:
                    78:8d:3f:f5:80:d5:c4:f1:b4:b0:1b:df:c1:40:15:
                    dd:8c:53:ca:76:1a:b0:35:7f:42:16:c3:22:fe:31:
                    10:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:5D:1C:89:8B:26:EA:4F:8E:5F:6D:67:58:F6:C9:3C:EA:F8:D6:6C
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2V0ciYsm6k-OX21nWPbJPOr41mw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         99:c6:8e:97:ef:a1:5f:4d:0f:00:4b:92:21:b8:7a:82:52:2a:
         e7:6a:a9:de:05:47:4b:6c:f8:6f:56:95:e2:78:fc:66:52:b1:
         2e:e5:52:07:24:0c:e4:bc:fe:e2:e4:de:23:3f:ad:ab:da:04:
         c3:18:59:d4:bd:b5:04:55:3d:5b:02:8d:10:c5:fb:2c:d5:71:
         cc:87:a8:88:fe:bb:35:cb:a7:5d:a4:d3:97:ac:e2:3e:92:00:
         8d:00:4a:6c:d5:24:88:35:8e:78:24:02:8f:33:e7:50:d1:6c:
         ed:a9:ba:f5:c3:b0:94:6a:8c:1d:0f:1a:05:ae:ad:19:6e:a9:
         e3:39:bb:a5:45:31:11:c4:dd:7b:2c:06:e6:10:6a:0e:8f:2b:
         e9:ad:6e:60:13:f3:be:e6:0c:c7:a9:ec:98:2d:5a:a0:d8:86:
         85:da:49:79:51:0b:7f:e0:e9:d2:fb:e7:d1:d8:57:3d:96:62:
         a1:b5:b3:df:93:88:3a:eb:91:cd:22:97:a6:c0:1a:f4:38:7d:
         c9:be:2f:7b:6f:0b:e5:7e:6d:b0:6e:1f:f7:47:ba:85:44:69:
         0a:3f:01:15:0a:e2:6d:39:bd:05:81:9a:b9:94:2f:91:6e:1c:
         94:c4:d5:8c:b7:2e:ba:7b:ad:de:54:e9:e6:aa:e4:ce:46:d9:
         96:db:cc:38
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfMtFEhPa2WuQyjAlFZnYoqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDI5MTEwOTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTVkMWM4OThiMjZlYTRmOGU1ZjZkNjc1OGY2YzkzY2VhZjhkNjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhPmrjKpF780TMixkCsrSpbs+Tpdi
Z+RgsexCk3AswpV5VyItnpfbBiRCfKrw39S/W0u2V296/wlXG+tx1frbQ4qc5Csk
naePs9x8+6sKkbta3hXp0+FtVA4eqEjm0lpYhajRPX7tVz/dc4lH1hTM13v7Jje2
UsDeOSUAnPqvp3/a+StSNIqKwbthjrk5a5dkWgUsVxbM/0ymnRlhMKI50U3KBdiD
K/iRpbvwScty4u/2Ys4oZk5i4n/YWA0iNtK620Y6o9zuPdJGyAnp7ZV78yC7vqby
OXk/Wn5XRZW+ImB4jT/1gNXE8bSwG9/BQBXdjFPKdhqwNX9CFsMi/jEQFwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNldHImLJupPjl9tZ1j2yTzq+NZsMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMlYwY2lZc202ay1PWDIxbldQYkpQT3I0MW13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJnGjpfvoV9NDwBLkiG4
eoJSKudqqd4FR0ts+G9WleJ4/GZSsS7lUgckDOS8/uLk3iM/ravaBMMYWdS9tQRV
PVsCjRDF+yzVccyHqIj+uzXLp12k05es4j6SAI0ASmzVJIg1jngkAo8z51DRbO2p
uvXDsJRqjB0PGgWurRluqeM5u6VFMRHE3XssBuYQag6PK+mtbmAT877mDMep7Jgt
WqDYhoXaSXlRC3/g6dL759HYVz2WYqG1s9+TiDrrkc0il6bAGvQ4fcm+L3tvC+V+
bbBuH/dHuoVEaQo/ARUK4m05vQWBmrmUL5FuHJTE1Yy3Lrp7rd5U6eaq5M5G2Zbb
zDg=
-----END CERTIFICATE-----