Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3-d0Is_QtHgqTPhIXG71Ht8H1ZY.roa
File:                     3-d0Is_QtHgqTPhIXG71Ht8H1ZY.roa (raw, json)
Hash identifier:          6RkLQk81eFVDkAtAAS/9MGu8ZY1lW8YUKorJk4PrqCY=
Subject key identifier:   DF:E7:74:22:CF:D0:B4:78:2A:4C:F8:48:5C:6E:F5:1E:DF:07:D5:96
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01873EDA1D6CC28CBDE55EFC1C9E879F844A
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3-d0Is_QtHgqTPhIXG71Ht8H1ZY.roa
Signing time:             Sat 01 Apr 2023 22:04:54 +0000
ROA not before:           Sat 01 Apr 2023 22:04:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:187:3ed9:87a5/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:3e:da:1d:6c:c2:8c:bd:e5:5e:fc:1c:9e:87:9f:84:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  1 22:04:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dfe77422cfd0b4782a4cf8485c6ef51edf07d596
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:96:27:d1:ce:5a:72:b1:93:ca:96:58:d6:c9:
                    92:76:d0:65:3d:3d:e2:a2:88:43:f2:a9:ba:49:d3:
                    2f:29:19:83:d9:fc:47:2e:6f:8e:d8:b3:7e:c1:1a:
                    f7:f4:53:c0:5e:5b:5d:34:c4:51:d1:c3:0b:7b:f3:
                    9d:75:a7:cd:51:ab:27:fd:01:8b:f8:5a:4f:45:f0:
                    8f:46:94:f8:1e:1f:f7:0b:5a:3a:45:c6:3e:f4:2c:
                    e6:38:d6:96:3d:85:ac:15:e4:e1:4c:b2:04:a9:dd:
                    6b:35:0a:83:8d:63:34:49:f2:8f:d6:f3:73:60:02:
                    8f:d2:23:46:02:30:f9:2b:49:28:55:b5:8b:a6:80:
                    d2:ce:45:9d:cd:49:26:4d:3b:a4:04:46:80:7f:32:
                    54:74:ba:5c:bb:6a:ef:aa:76:56:a8:59:3d:a3:57:
                    63:15:ac:64:c9:9c:dc:b1:9a:4f:09:b7:23:56:07:
                    28:5c:60:66:bc:01:e4:ff:ab:99:ea:10:57:49:54:
                    5c:be:55:da:d8:a6:12:61:b1:78:a2:f4:4b:47:ec:
                    85:cd:d6:fe:89:c7:32:39:10:f0:94:9d:d6:45:34:
                    b5:21:82:6b:5f:e3:9e:08:c7:7f:ce:20:53:0e:61:
                    b6:13:7d:4b:5a:e2:4a:36:ed:d9:c3:5d:b6:10:c5:
                    fd:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:E7:74:22:CF:D0:B4:78:2A:4C:F8:48:5C:6E:F5:1E:DF:07:D5:96
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3-d0Is_QtHgqTPhIXG71Ht8H1ZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:4e:0c:59:91:9d:83:be:97:6a:20:04:fc:34:5f:b4:bc:87:
         28:2f:9a:c6:72:6a:e9:fa:74:3f:a5:97:f6:90:27:ce:a0:42:
         2d:cf:39:ba:b8:65:77:d5:70:d2:07:27:b2:a6:ed:fc:00:1e:
         f9:91:9f:b1:cd:f9:d4:93:ed:04:b7:b1:e0:44:1f:c6:ea:50:
         03:91:53:60:5c:a9:3f:b7:38:b2:6d:a3:20:0f:5f:36:a7:d1:
         a4:1a:fd:e6:de:55:d9:e8:46:52:19:54:a0:4a:fa:cb:4b:70:
         57:84:b9:2f:ec:c1:27:fe:2e:34:f5:0f:44:c3:9a:a3:81:10:
         fa:28:90:0f:c3:57:bf:bb:ac:f5:ad:84:1e:ff:34:97:99:c1:
         9f:f0:61:43:fb:6f:d2:e4:99:b2:bc:a7:ce:2a:6c:fa:15:ce:
         e0:7a:3a:17:f7:38:84:2d:1b:2f:7c:4f:44:13:72:cd:e1:07:
         74:c2:0c:5d:ce:3e:eb:f9:f6:86:59:2b:60:39:ed:c6:0a:bd:
         4e:6a:8e:2b:27:78:af:a1:81:75:4f:52:d2:41:87:cf:2c:c4:
         86:43:53:e5:1d:2b:7e:f1:25:26:f0:7f:b7:a4:5d:84:d3:63:
         66:1e:79:05:e7:86:0b:f5:9e:a8:7a:09:b2:32:61:bd:f9:1b:
         4c:f8:ed:9b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYc+2h1swoy95V78HJ6Hn4RKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDAxMjIwNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmU3NzQyMmNmZDBiNDc4MmE0Y2Y4NDg1YzZlZjUxZWRmMDdkNTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ZYn0c5acrGTypZY1smSdtBlPT3i
oohD8qm6SdMvKRmD2fxHLm+O2LN+wRr39FPAXltdNMRR0cMLe/OddafNUasn/QGL
+FpPRfCPRpT4Hh/3C1o6RcY+9CzmONaWPYWsFeThTLIEqd1rNQqDjWM0SfKP1vNz
YAKP0iNGAjD5K0koVbWLpoDSzkWdzUkmTTukBEaAfzJUdLpcu2rvqnZWqFk9o1dj
FaxkyZzcsZpPCbcjVgcoXGBmvAHk/6uZ6hBXSVRcvlXa2KYSYbF4ovRLR+yFzdb+
iccyORDwlJ3WRTS1IYJrX+OeCMd/ziBTDmG2E31LWuJKNu3Zw122EMX9uQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFN/ndCLP0LR4Kkz4SFxu9R7fB9WWMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMy1kMElzX1F0SGdxVFBoSVhHNzFIdDhIMVpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAI1ODFmRnYO+l2ogBPw0
X7S8hygvmsZyaun6dD+ll/aQJ86gQi3PObq4ZXfVcNIHJ7Km7fwAHvmRn7HN+dST
7QS3seBEH8bqUAORU2BcqT+3OLJtoyAPXzan0aQa/ebeVdnoRlIZVKBK+stLcFeE
uS/swSf+LjT1D0TDmqOBEPookA/DV7+7rPWthB7/NJeZwZ/wYUP7b9LkmbK8p84q
bPoVzuB6Ohf3OIQtGy98T0QTcs3hB3TCDF3OPuv59oZZK2A57cYKvU5qjisneK+h
gXVPUtJBh88sxIZDU+UdK37xJSbwf7ekXYTTY2YeeQXnhgv1nqh6CbIyYb35G0z4
7Zs=
-----END CERTIFICATE-----