Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/44sIPGjcoWJSI0mDPxuHkpuTgD0.roa
File:                     44sIPGjcoWJSI0mDPxuHkpuTgD0.roa (raw, json)
Hash identifier:          +kxStuNOumXLWsVPW5mdaF09cIWdZYv4ZSFPLz/8/rM=
Subject key identifier:   E3:8B:08:3C:68:DC:A1:62:52:23:49:83:3F:1B:87:92:9B:93:80:3D
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186FF925C5DF2066C0CD94E08CEC75E2AF5
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/44sIPGjcoWJSI0mDPxuHkpuTgD0.roa
Signing time:             Mon 20 Mar 2023 15:10:27 +0000
ROA not before:           Mon 20 Mar 2023 15:10:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:ff:92:5c:5d:f2:06:6c:0c:d9:4e:08:ce:c7:5e:2a:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 20 15:10:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e38b083c68dca162522349833f1b87929b93803d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:ad:9e:c6:b4:e3:04:ea:f2:3b:8b:6b:c5:60:
                    4a:a4:a9:33:3e:9f:fb:84:51:e3:1d:36:6c:c5:d5:
                    53:75:7c:b6:59:1e:93:16:c2:dc:bf:86:11:b5:20:
                    12:52:0e:83:bc:c4:92:46:fa:77:46:c5:73:f5:65:
                    12:14:e7:0a:23:5a:8b:ad:cd:02:28:10:3e:8d:aa:
                    88:c2:e1:4a:bb:ec:26:37:16:fc:4a:39:95:f8:a6:
                    a7:06:a2:92:26:91:70:74:90:94:64:33:28:36:b3:
                    0e:9a:da:36:48:23:95:5e:fe:bc:2c:7c:c8:64:21:
                    a1:fa:94:37:99:d7:d2:02:83:dd:5a:4f:05:c0:4e:
                    01:0a:a0:8c:1a:ef:60:33:30:64:88:e9:71:1d:72:
                    51:9c:c3:0e:ef:a3:77:c8:61:65:d5:32:54:1e:9d:
                    8f:d9:12:9f:73:6e:28:71:ea:d3:15:d7:6e:34:b6:
                    de:87:6e:fd:d6:d0:a8:0c:9b:34:74:d3:13:40:61:
                    e4:30:06:f6:48:f5:d2:0a:ed:38:22:cd:c3:fe:44:
                    b5:ee:56:85:c4:28:6b:8a:74:95:71:b8:c0:c5:e2:
                    dd:ef:f5:76:b9:0d:8d:cb:a0:bb:1e:db:7d:55:df:
                    d7:8c:77:4d:6c:a0:44:46:6d:a0:63:f9:c7:cc:1a:
                    d0:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:8B:08:3C:68:DC:A1:62:52:23:49:83:3F:1B:87:92:9B:93:80:3D
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/44sIPGjcoWJSI0mDPxuHkpuTgD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         6b:81:c4:49:36:39:f3:14:11:08:7a:3f:e4:c3:31:99:02:6f:
         5e:50:13:16:37:0d:25:95:d3:04:33:4b:26:26:82:44:50:6c:
         4a:bb:a1:7e:f5:a6:c1:a9:c8:e3:7d:8a:4f:fb:92:20:d5:89:
         aa:22:aa:6c:5e:3b:ab:9f:a5:01:c1:54:59:45:cc:99:ee:83:
         bd:ef:a7:6f:ce:cb:d7:fa:3a:99:19:89:ad:82:77:0d:f5:88:
         c5:54:73:9f:a9:85:ed:2c:2a:19:7d:3c:45:49:81:5e:eb:8e:
         bb:31:37:4a:a2:34:65:e9:1b:ef:d4:1b:93:ee:96:c5:86:be:
         6d:05:f3:28:4e:3d:8a:5d:1f:99:c6:0d:79:c9:d3:3e:3c:c4:
         c6:3e:fe:9b:61:2b:ec:88:75:fa:71:5f:0a:43:c0:e9:fc:a5:
         6e:1e:c2:ea:38:9e:60:6a:49:d2:a7:15:6d:50:72:42:47:06:
         25:0a:2c:8d:d5:24:5b:bb:a6:36:e7:80:0b:ad:c2:d2:83:b4:
         2a:89:73:92:ba:9b:e7:bf:be:41:57:50:b4:14:8d:cb:e7:2e:
         79:e2:c8:e0:67:e1:81:99:44:bc:a4:e9:78:c3:00:3e:c8:08:
         e3:59:2f:db:6f:27:3c:05:b6:cd:a6:e9:69:bf:22:e0:a4:33:
         8f:bc:6c:fc
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYb/klxd8gZsDNlOCM7HXir1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzIwMTUxMDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzhiMDgzYzY4ZGNhMTYyNTIyMzQ5ODMzZjFiODc5MjliOTM4MDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlK2exrTjBOryO4trxWBKpKkzPp/7
hFHjHTZsxdVTdXy2WR6TFsLcv4YRtSASUg6DvMSSRvp3RsVz9WUSFOcKI1qLrc0C
KBA+jaqIwuFKu+wmNxb8SjmV+KanBqKSJpFwdJCUZDMoNrMOmto2SCOVXv68LHzI
ZCGh+pQ3mdfSAoPdWk8FwE4BCqCMGu9gMzBkiOlxHXJRnMMO76N3yGFl1TJUHp2P
2RKfc24ocerTFdduNLbeh2791tCoDJs0dNMTQGHkMAb2SPXSCu04Is3D/kS17laF
xChrinSVcbjAxeLd7/V2uQ2Ny6C7Htt9Vd/XjHdNbKBERm2gY/nHzBrQRQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOOLCDxo3KFiUiNJgz8bh5Kbk4A9MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNDRzSVBHamNvV0pTSTBtRFB4dUhrcHVUZ0QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGuBxEk2OfMUEQh6P+TD
MZkCb15QExY3DSWV0wQzSyYmgkRQbEq7oX71psGpyON9ik/7kiDViaoiqmxeO6uf
pQHBVFlFzJnug73vp2/Oy9f6OpkZia2Cdw31iMVUc5+phe0sKhl9PEVJgV7rjrsx
N0qiNGXpG+/UG5PulsWGvm0F8yhOPYpdH5nGDXnJ0z48xMY+/pthK+yIdfpxXwpD
wOn8pW4ewuo4nmBqSdKnFW1QckJHBiUKLI3VJFu7pjbngAutwtKDtCqJc5K6m+e/
vkFXULQUjcvnLnniyOBn4YGZRLyk6XjDAD7ICONZL9tvJzwFts2m6Wm/IuCkM4+8
bPw=
-----END CERTIFICATE-----