Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2yp8AOWHM2iIUClgzqyH9pebTR0.roa
File:                     2yp8AOWHM2iIUClgzqyH9pebTR0.roa (raw, json)
Hash identifier:          jMAxJP1bfhPRut6MHEY93Qdfjv84Q4CVl6f4ftDJtGs=
Subject key identifier:   DB:2A:7C:00:E5:87:33:68:88:50:29:60:CE:AC:87:F6:97:9B:4D:1D
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01874E4D329D7D908F3B5A8E63E12C233AA3
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2yp8AOWHM2iIUClgzqyH9pebTR0.roa
Signing time:             Tue 04 Apr 2023 22:04:54 +0000
ROA not before:           Tue 04 Apr 2023 22:04:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4e4c:9e05/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:4e:4d:32:9d:7d:90:8f:3b:5a:8e:63:e1:2c:23:3a:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  4 22:04:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=db2a7c00e587336888502960ceac87f6979b4d1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:d8:44:b7:f5:a0:41:ab:32:db:bd:a4:0d:10:
                    e2:c2:40:45:df:f9:a3:d6:40:21:2d:a5:28:b6:b5:
                    85:d8:c5:ec:f2:f9:77:98:27:97:fb:66:fe:70:5a:
                    10:eb:b6:a4:a0:1a:5c:f9:98:12:68:31:f1:dd:8c:
                    50:3d:de:ec:30:10:0d:77:00:b2:67:ec:b3:d6:61:
                    29:6b:c8:25:16:0d:e1:09:50:08:14:38:15:c9:e1:
                    71:91:9a:05:4d:9e:30:34:b2:16:c3:48:43:f1:37:
                    b7:48:af:49:27:e9:b8:86:37:3c:a8:e2:6d:fa:c4:
                    4c:d0:eb:48:ad:4d:b4:9c:5f:6f:51:b6:7b:80:31:
                    0f:3b:3c:1d:63:80:bd:20:b7:ec:bf:a1:48:92:fd:
                    11:b1:53:5d:8e:87:0b:34:b8:ed:44:59:0d:65:b4:
                    d7:19:15:56:fd:6f:8b:79:44:68:a2:0d:d8:a9:e2:
                    7d:9b:21:10:47:7c:01:03:c2:d3:90:ee:4d:5a:e9:
                    83:b4:a3:98:ec:7f:d1:c5:ba:8a:d0:97:d5:fd:ea:
                    2a:5b:f7:c8:fa:5c:2c:4f:97:70:77:a3:98:0e:ac:
                    a8:9f:46:fd:d4:b7:b0:c7:ae:36:ed:3b:c7:f9:48:
                    d6:9b:91:72:fe:d1:da:75:f4:8f:de:37:27:b6:d7:
                    80:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:2A:7C:00:E5:87:33:68:88:50:29:60:CE:AC:87:F6:97:9B:4D:1D
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2yp8AOWHM2iIUClgzqyH9pebTR0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:94:3b:f1:c8:c0:f4:46:f7:ba:50:d8:24:57:09:ab:d9:bb:
         4b:25:7b:69:2d:dc:5b:03:77:06:86:12:a0:6f:fd:c2:52:de:
         e7:2b:33:82:b2:b7:c3:28:10:36:24:c0:c2:14:a1:93:af:83:
         9f:14:b9:d5:a6:9c:cd:b8:6e:5e:f2:da:06:e5:99:93:e3:7b:
         7f:b8:7f:ee:80:fa:43:f5:a5:5a:f2:84:f9:79:88:da:05:a5:
         03:2c:53:40:71:ee:3e:b8:34:ca:c6:57:82:aa:d8:03:fb:30:
         ec:5d:fa:ae:cb:bd:57:75:2c:d9:bf:40:66:92:37:8a:48:f0:
         81:8f:18:78:e5:6b:42:1e:1a:87:76:56:64:76:d0:b8:10:ed:
         1a:9e:f5:90:8f:7a:08:06:60:fc:85:ed:6b:37:6d:77:2f:94:
         07:14:85:8c:f8:41:ff:9e:1b:73:21:9e:6b:3d:41:e3:4e:45:
         ac:64:5c:69:c1:db:7d:1b:0a:b2:a6:67:e0:78:27:52:9d:bf:
         3f:7b:65:c6:bd:ca:7d:86:84:2c:13:c5:6e:1f:8c:a2:2d:01:
         c5:bf:2a:f5:0e:18:52:6e:5b:4f:08:b6:5b:e5:06:46:10:c3:
         09:84:69:8e:91:89:2f:a1:57:3d:59:13:9b:b4:d4:b6:9a:35:
         6f:95:89:8c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdOTTKdfZCPO1qOY+EsIzqjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDA0MjIwNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjJhN2MwMGU1ODczMzY4ODg1MDI5NjBjZWFjODdmNjk3OWI0ZDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkdhEt/WgQasy272kDRDiwkBF3/mj
1kAhLaUotrWF2MXs8vl3mCeX+2b+cFoQ67akoBpc+ZgSaDHx3YxQPd7sMBANdwCy
Z+yz1mEpa8glFg3hCVAIFDgVyeFxkZoFTZ4wNLIWw0hD8Te3SK9JJ+m4hjc8qOJt
+sRM0OtIrU20nF9vUbZ7gDEPOzwdY4C9ILfsv6FIkv0RsVNdjocLNLjtRFkNZbTX
GRVW/W+LeURoog3YqeJ9myEQR3wBA8LTkO5NWumDtKOY7H/RxbqK0JfV/eoqW/fI
+lwsT5dwd6OYDqyon0b91Lewx6427TvH+UjWm5Fy/tHadfSP3jcntteA0QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNsqfADlhzNoiFApYM6sh/aXm00dMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMnlwOEFPV0hNMmlJVUNsZ3pxeUg5cGViVFIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHqUO/HIwPRG97pQ2CRX
CavZu0sle2kt3FsDdwaGEqBv/cJS3ucrM4Kyt8MoEDYkwMIUoZOvg58UudWmnM24
bl7y2gblmZPje3+4f+6A+kP1pVryhPl5iNoFpQMsU0Bx7j64NMrGV4Kq2AP7MOxd
+q7LvVd1LNm/QGaSN4pI8IGPGHjla0IeGod2VmR20LgQ7Rqe9ZCPeggGYPyF7Ws3
bXcvlAcUhYz4Qf+eG3Mhnms9QeNORaxkXGnB230bCrKmZ+B4J1Kdvz97Zca9yn2G
hCwTxW4fjKItAcW/KvUOGFJuW08ItlvlBkYQwwmEaY6RiS+hVz1ZE5u01LaaNW+V
iYw=
-----END CERTIFICATE-----