Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2Yj-_KFBMbhR8_pz377gcIzRJFk.roa
File:                     2Yj-_KFBMbhR8_pz377gcIzRJFk.roa (raw, json)
Hash identifier:          ZUyVrRfvPuxeX4j8356xnrdJL85ezpTZbzvWYUpLDxM=
Subject key identifier:   D9:88:FE:FC:A1:41:31:B8:51:F3:FA:73:DF:BE:E0:70:8C:D1:24:59
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01872A095D35C74D038D50CA9DF290592C7F
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2Yj-_KFBMbhR8_pz377gcIzRJFk.roa
Signing time:             Tue 28 Mar 2023 21:04:29 +0000
ROA not before:           Tue 28 Mar 2023 21:04:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:187:2a09:bd2/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:2a:09:5d:35:c7:4d:03:8d:50:ca:9d:f2:90:59:2c:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 28 21:04:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d988fefca14131b851f3fa73dfbee0708cd12459
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:71:ca:dd:01:bf:d4:45:b4:c0:e5:57:77:c5:
                    02:10:ed:e4:df:b6:ea:af:e5:f1:1e:1e:0a:18:88:
                    d5:3d:fe:20:e5:18:34:1c:ee:e9:3a:10:d4:64:7f:
                    74:2c:1f:1b:83:c9:26:2a:2c:bd:5e:d1:46:09:c7:
                    c8:da:83:58:d0:23:62:1e:d5:49:25:c9:78:ff:44:
                    b8:4c:b8:e8:b8:6f:3a:cf:7f:a3:04:22:e6:42:04:
                    aa:8e:25:e4:46:43:42:05:bb:62:9c:56:a3:82:97:
                    6a:f0:66:df:42:86:e6:66:81:94:53:36:6c:9f:d3:
                    c0:66:dc:c3:c0:5d:88:ae:2b:a9:0a:20:2f:f8:70:
                    4e:88:2c:00:2e:4d:df:c3:b2:ca:6a:23:c3:c0:77:
                    b3:ae:7e:36:97:dc:99:1e:e2:8d:7b:e5:ba:94:13:
                    96:93:f9:2b:35:ce:2d:84:37:e7:9c:31:0f:99:8c:
                    f1:35:24:3f:8f:68:a9:63:7c:da:4e:7e:7a:92:34:
                    13:b3:78:d2:c5:95:7e:a8:13:d9:b3:21:51:58:3a:
                    ac:ca:c1:a4:ba:96:f8:1d:6b:59:22:00:b9:1e:75:
                    48:d5:5a:a5:b0:b9:cd:fc:2d:15:b1:63:af:c7:ae:
                    71:61:16:bb:59:10:56:38:fd:3f:64:95:ed:aa:e2:
                    f1:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:88:FE:FC:A1:41:31:B8:51:F3:FA:73:DF:BE:E0:70:8C:D1:24:59
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2Yj-_KFBMbhR8_pz377gcIzRJFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         02:02:f0:8d:9e:ec:e4:93:8f:42:18:fe:59:cd:b7:c4:51:03:
         37:6b:73:2d:08:7e:f4:82:65:13:0f:98:fb:2d:51:50:b9:97:
         81:f2:f9:49:d1:d6:34:2f:71:c8:b0:36:d7:88:98:b6:bd:b6:
         30:2c:bb:91:a2:f0:5c:f1:10:90:dd:d6:d1:d6:21:74:a1:ca:
         53:61:84:1d:52:23:1f:42:35:a0:01:fb:ec:1f:83:2d:02:14:
         15:1e:c7:bf:9c:ee:68:1f:96:22:44:b7:f2:6a:d6:ab:d9:d8:
         b4:8f:93:65:75:6c:73:02:80:b1:f3:3a:e9:61:8d:1f:18:55:
         8e:9e:44:2f:ef:8d:7a:95:f2:ed:45:44:78:f6:19:08:30:19:
         ff:3f:0a:cd:38:b4:f2:b6:3b:4f:24:4f:0e:84:49:5f:44:2e:
         22:bf:a9:b8:48:32:98:97:0a:3e:6a:33:99:3f:01:ae:1c:67:
         c4:e5:64:22:41:94:5a:60:b8:38:bc:15:e1:55:f2:4f:eb:ec:
         48:2c:59:2d:e0:4a:68:44:22:5e:83:01:e5:64:c7:8b:04:c6:
         13:1e:41:c6:fc:f1:62:0b:47:35:f1:f7:e2:00:ae:38:78:09:
         bd:2a:66:2d:4e:09:83:61:dd:6b:60:fc:23:97:06:fe:77:71:
         ad:2b:0e:84
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcqCV01x00DjVDKnfKQWSx/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI4MjEwNDI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTg4ZmVmY2ExNDEzMWI4NTFmM2ZhNzNkZmJlZTA3MDhjZDEyNDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1XHK3QG/1EW0wOVXd8UCEO3k37bq
r+XxHh4KGIjVPf4g5Rg0HO7pOhDUZH90LB8bg8kmKiy9XtFGCcfI2oNY0CNiHtVJ
Jcl4/0S4TLjouG86z3+jBCLmQgSqjiXkRkNCBbtinFajgpdq8GbfQobmZoGUUzZs
n9PAZtzDwF2IriupCiAv+HBOiCwALk3fw7LKaiPDwHezrn42l9yZHuKNe+W6lBOW
k/krNc4thDfnnDEPmYzxNSQ/j2ipY3zaTn56kjQTs3jSxZV+qBPZsyFRWDqsysGk
upb4HWtZIgC5HnVI1VqlsLnN/C0VsWOvx65xYRa7WRBWOP0/ZJXtquLx/QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNmI/vyhQTG4UfP6c9++4HCM0SRZMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMllqLV9LRkJNYmhSOF9wejM3N2djSXpSSkZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAIC8I2e7OSTj0IY/lnN
t8RRAzdrcy0IfvSCZRMPmPstUVC5l4Hy+UnR1jQvcciwNteImLa9tjAsu5Gi8Fzx
EJDd1tHWIXShylNhhB1SIx9CNaAB++wfgy0CFBUex7+c7mgfliJEt/Jq1qvZ2LSP
k2V1bHMCgLHzOulhjR8YVY6eRC/vjXqV8u1FRHj2GQgwGf8/Cs04tPK2O08kTw6E
SV9ELiK/qbhIMpiXCj5qM5k/Aa4cZ8TlZCJBlFpguDi8FeFV8k/r7EgsWS3gSmhE
Il6DAeVkx4sExhMeQcb88WILRzXx9+IArjh4Cb0qZi1OCYNh3Wtg/COXBv53ca0r
DoQ=
-----END CERTIFICATE-----