Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2dvZNewfbKErj1EzZre1oBCn_Dw.roa
File:                     2dvZNewfbKErj1EzZre1oBCn_Dw.roa (raw, json)
Hash identifier:          txb/qNgFV6cxMV9MLvPy1yhWs/P0TW9TDJOS6e7WBSg=
Subject key identifier:   D9:DB:D9:35:EC:1F:6C:A1:2B:8F:51:33:66:B7:B5:A0:10:A7:FC:3C
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01874779737A9A11EA3B298FBF144A839A17
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2dvZNewfbKErj1EzZre1oBCn_Dw.roa
Signing time:             Mon 03 Apr 2023 14:15:54 +0000
ROA not before:           Mon 03 Apr 2023 14:15:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:47:79:73:7a:9a:11:ea:3b:29:8f:bf:14:4a:83:9a:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  3 14:15:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d9dbd935ec1f6ca12b8f513366b7b5a010a7fc3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:dc:d7:87:5e:7c:e9:c5:ae:9c:21:92:92:96:
                    da:c5:ba:53:fd:99:40:d5:11:fc:d3:8a:8f:f5:2b:
                    91:59:94:37:61:94:96:3a:88:01:0e:e8:11:8a:96:
                    dc:2e:8b:fe:0a:be:05:af:08:7c:0b:77:cc:60:23:
                    18:e8:d2:8f:58:a4:81:02:77:3a:63:1f:08:f0:15:
                    cc:60:29:81:1e:30:06:4b:95:a9:ee:a8:f2:fe:1a:
                    03:4f:21:a9:77:93:2c:15:63:b1:fa:bf:6d:83:51:
                    3e:ca:c9:37:b1:f6:b3:de:48:9c:a1:e8:04:e4:09:
                    2f:60:48:4b:3c:0e:ad:8a:cd:02:9f:7a:73:34:d3:
                    41:0a:33:2a:6a:4b:fe:94:c6:a8:bf:00:87:47:08:
                    42:37:52:a6:7e:05:a2:ad:7f:1a:44:98:16:49:ee:
                    36:e3:80:45:6b:55:5d:d0:4c:ca:16:89:ac:66:6a:
                    a6:2d:ba:2a:a4:da:eb:a9:66:67:89:c4:11:fa:45:
                    2b:80:8a:78:9d:72:3e:c2:cc:17:7e:75:58:ef:87:
                    9c:e7:cc:14:c8:13:71:8a:c2:f5:8a:0e:11:e0:58:
                    c6:56:48:c9:8a:83:cd:b1:ec:01:37:ea:29:cc:91:
                    2f:82:e5:8f:57:aa:2c:f4:36:f1:7d:f3:b4:2d:7f:
                    2f:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:DB:D9:35:EC:1F:6C:A1:2B:8F:51:33:66:B7:B5:A0:10:A7:FC:3C
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2dvZNewfbKErj1EzZre1oBCn_Dw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2c:1e:17:8c:e0:22:fb:c7:d0:74:21:58:24:3e:47:55:31:df:
         a2:cc:c7:f3:fc:5a:43:67:c7:34:99:20:7a:c0:7d:52:d2:20:
         ec:a3:88:32:a4:8a:07:26:f8:a7:c7:0e:0f:30:53:60:75:de:
         2d:54:72:ab:87:f7:6e:60:c6:64:4d:e6:d4:23:c7:a6:80:05:
         11:85:92:17:8e:b8:21:8c:c7:9b:74:43:58:99:72:40:c4:5a:
         a4:75:30:90:1f:27:b6:55:b5:52:ea:cb:c2:ec:f9:50:b3:6a:
         c7:02:9b:f2:81:c7:15:bd:6c:0a:b0:f2:cd:0e:f6:42:86:13:
         9b:36:7f:5a:2c:92:fb:79:8c:b8:7c:3e:72:7b:78:57:31:60:
         81:c1:37:7c:d5:31:f6:46:d4:2c:4c:ea:44:57:d1:3a:d7:bf:
         45:16:b5:93:06:7c:9f:04:e1:be:3c:d7:c4:69:60:c6:af:52:
         14:3f:ef:d5:26:b0:ee:48:38:1e:56:e5:4a:f7:a1:a4:00:9e:
         ae:15:47:57:8f:52:2a:3d:2d:70:c3:d7:58:4b:9f:34:82:75:
         80:a0:91:8d:72:50:0a:c9:9d:36:50:c3:69:3a:26:d8:db:48:
         ba:f0:51:cd:cb:9b:7b:98:cf:7a:83:11:ad:d2:f8:3b:ca:66:
         50:6e:a6:4e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdHeXN6mhHqOymPvxRKg5oXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDAzMTQxNTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWRiZDkzNWVjMWY2Y2ExMmI4ZjUxMzM2NmI3YjVhMDEwYTdmYzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNzXh1586cWunCGSkpbaxbpT/ZlA
1RH804qP9SuRWZQ3YZSWOogBDugRipbcLov+Cr4Frwh8C3fMYCMY6NKPWKSBAnc6
Yx8I8BXMYCmBHjAGS5Wp7qjy/hoDTyGpd5MsFWOx+r9tg1E+ysk3sfaz3kicoegE
5AkvYEhLPA6tis0Cn3pzNNNBCjMqakv+lMaovwCHRwhCN1KmfgWirX8aRJgWSe42
44BFa1Vd0EzKFomsZmqmLboqpNrrqWZnicQR+kUrgIp4nXI+wswXfnVY74ec58wU
yBNxisL1ig4R4FjGVkjJioPNsewBN+opzJEvguWPV6os9DbxffO0LX8v1QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNnb2TXsH2yhK49RM2a3taAQp/w8MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMmR2Wk5ld2ZiS0VyajFFelpyZTFvQkNuX0R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACweF4zgIvvH0HQhWCQ+
R1Ux36LMx/P8WkNnxzSZIHrAfVLSIOyjiDKkigcm+KfHDg8wU2B13i1UcquH925g
xmRN5tQjx6aABRGFkheOuCGMx5t0Q1iZckDEWqR1MJAfJ7ZVtVLqy8Ls+VCzascC
m/KBxxW9bAqw8s0O9kKGE5s2f1oskvt5jLh8PnJ7eFcxYIHBN3zVMfZG1CxM6kRX
0TrXv0UWtZMGfJ8E4b4818RpYMavUhQ/79UmsO5IOB5W5Ur3oaQAnq4VR1ePUio9
LXDD11hLnzSCdYCgkY1yUArJnTZQw2k6JtjbSLrwUc3Lm3uYz3qDEa3S+DvKZlBu
pk4=
-----END CERTIFICATE-----