Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2xRwK3DQxTnAyl92F7MJKY4B8UI.roa
File:                     2xRwK3DQxTnAyl92F7MJKY4B8UI.roa (raw, json)
Hash identifier:          Q7iU+FZ92HnoYsZs1ln5suHxVjeUXMrsLEUDaxnDDp4=
Subject key identifier:   DB:14:70:2B:70:D0:C5:39:C0:CA:5F:76:17:B3:09:29:8E:01:F1:42
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01872061B602763C864D773DB09CD91A45B7
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2xRwK3DQxTnAyl92F7MJKY4B8UI.roa
Signing time:             Mon 27 Mar 2023 00:04:47 +0000
ROA not before:           Mon 27 Mar 2023 00:04:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:2061:3281/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:20:61:b6:02:76:3c:86:4d:77:3d:b0:9c:d9:1a:45:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 27 00:04:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=db14702b70d0c539c0ca5f7617b309298e01f142
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:d7:64:12:b6:ec:e1:08:a7:d0:ab:29:d8:74:
                    5a:22:98:50:78:8b:f7:a3:02:81:9d:c9:36:7f:0c:
                    4b:b4:47:88:55:97:d1:4b:43:85:28:6d:80:30:ce:
                    34:71:3a:c4:29:c9:57:27:a6:25:fa:3a:39:2a:68:
                    c4:3e:2c:83:ed:49:93:18:62:7a:6e:34:b9:70:39:
                    3f:02:08:01:36:7f:29:96:b7:97:e9:be:2e:19:eb:
                    86:b3:a6:ea:15:c6:e0:88:9b:98:b2:1d:fd:93:8a:
                    93:3e:27:ba:36:0a:12:37:d3:a2:5b:56:40:0a:be:
                    08:08:e1:db:21:1d:60:27:7d:55:f3:83:6d:2b:8d:
                    a7:87:54:b5:dc:13:f7:f2:ae:da:1f:1c:fa:af:82:
                    3e:f2:ff:63:ce:c8:76:1c:56:ab:1b:f8:b3:6d:72:
                    2f:cb:82:f6:93:aa:db:be:59:62:48:fc:ec:24:19:
                    91:5d:79:09:31:f3:61:45:7f:8c:45:b4:b0:e0:47:
                    a9:09:12:18:d7:e9:82:19:73:34:28:f3:c0:d1:95:
                    ec:e1:69:05:68:80:de:bb:06:51:29:e6:55:2e:c7:
                    27:52:fa:72:55:bd:f4:00:30:67:f0:66:79:d5:e3:
                    fc:e9:0e:a2:e2:15:35:46:6e:1e:82:a3:3a:98:b5:
                    b6:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:14:70:2B:70:D0:C5:39:C0:CA:5F:76:17:B3:09:29:8E:01:F1:42
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2xRwK3DQxTnAyl92F7MJKY4B8UI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2a:e8:db:e4:5b:d8:8f:44:f6:53:43:4d:dd:41:12:e7:45:2f:
         01:a9:98:1e:3e:72:96:c2:89:c4:5b:e2:17:e4:e0:86:2f:b9:
         df:1e:64:24:a5:de:3a:51:63:6c:de:2f:db:06:5e:bd:ce:00:
         1d:93:a6:b9:4a:e3:09:32:9f:1a:ae:6e:5d:a8:08:ef:9e:44:
         64:e6:9b:07:38:e0:f3:44:03:93:67:71:70:e3:f1:b9:cd:29:
         da:7c:80:7e:f9:7d:01:25:69:87:fe:c1:c2:74:48:11:75:6f:
         a5:e1:e1:9e:3d:57:2a:e7:6c:ca:78:71:fb:d6:f8:e4:ef:e7:
         de:0e:dd:d7:0c:c9:d8:5a:7d:e3:f9:37:a5:ad:67:2d:73:22:
         ea:43:02:d4:4a:ea:83:7d:08:76:68:ab:7a:55:e2:34:69:67:
         11:b2:ab:37:6e:0f:90:51:1d:64:f6:c0:96:49:d9:b1:a3:48:
         f0:49:85:ac:e6:c6:bd:d9:c2:34:be:74:10:48:d6:80:ad:53:
         73:d8:dc:bb:17:5e:22:67:f1:2c:14:d5:99:af:1c:b7:61:84:
         d8:47:7a:1d:99:58:fe:21:00:da:db:12:cc:ba:ea:ab:24:af:
         89:92:31:dc:a4:c6:03:69:2d:37:c8:f6:e5:d1:3a:23:4e:5f:
         b1:11:8d:23
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcgYbYCdjyGTXc9sJzZGkW3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI3MDAwNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjE0NzAyYjcwZDBjNTM5YzBjYTVmNzYxN2IzMDkyOThlMDFmMTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh9dkErbs4Qin0Ksp2HRaIphQeIv3
owKBnck2fwxLtEeIVZfRS0OFKG2AMM40cTrEKclXJ6Yl+jo5KmjEPiyD7UmTGGJ6
bjS5cDk/AggBNn8plreX6b4uGeuGs6bqFcbgiJuYsh39k4qTPie6NgoSN9OiW1ZA
Cr4ICOHbIR1gJ31V84NtK42nh1S13BP38q7aHxz6r4I+8v9jzsh2HFarG/izbXIv
y4L2k6rbvlliSPzsJBmRXXkJMfNhRX+MRbSw4EepCRIY1+mCGXM0KPPA0ZXs4WkF
aIDeuwZRKeZVLscnUvpyVb30ADBn8GZ51eP86Q6i4hU1Rm4egqM6mLW2gwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNsUcCtw0MU5wMpfdhezCSmOAfFCMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMnhSd0szRFF4VG5BeWw5MkY3TUpLWTRCOFVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACro2+Rb2I9E9lNDTd1B
EudFLwGpmB4+cpbCicRb4hfk4IYvud8eZCSl3jpRY2zeL9sGXr3OAB2TprlK4wky
nxqubl2oCO+eRGTmmwc44PNEA5NncXDj8bnNKdp8gH75fQElaYf+wcJ0SBF1b6Xh
4Z49VyrnbMp4cfvW+OTv594O3dcMydhafeP5N6WtZy1zIupDAtRK6oN9CHZoq3pV
4jRpZxGyqzduD5BRHWT2wJZJ2bGjSPBJhazmxr3ZwjS+dBBI1oCtU3PY3LsXXiJn
8SwU1ZmvHLdhhNhHeh2ZWP4hANrbEsy66qskr4mSMdykxgNpLTfI9uXROiNOX7ER
jSM=
-----END CERTIFICATE-----