Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/4EBxfrEeYDtrNE2OqU6YKw8ZpJw.roa
File:                     4EBxfrEeYDtrNE2OqU6YKw8ZpJw.roa (raw, json)
Hash identifier:          YtjzVVaDUgTSUTF5bGL7yrlsMIDwQsL/VSvMzO1yIPk=
Subject key identifier:   E0:40:71:7E:B1:1E:60:3B:6B:34:4D:8E:A9:4E:98:2B:0F:19:A4:9C
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186E0AEF4F995D10A4612924277316026B3
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/4EBxfrEeYDtrNE2OqU6YKw8ZpJw.roa
Signing time:             Tue 14 Mar 2023 15:13:27 +0000
ROA not before:           Tue 14 Mar 2023 15:13:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:e0:ae:f4:f9:95:d1:0a:46:12:92:42:77:31:60:26:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 14 15:13:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e040717eb11e603b6b344d8ea94e982b0f19a49c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:36:93:2f:90:8e:0b:34:62:d7:97:8a:11:1d:
                    1f:70:35:49:04:f1:0f:24:69:bd:ef:ce:29:7b:b9:
                    84:6e:04:9d:18:41:c4:ce:9b:9f:27:43:fe:fb:ff:
                    2a:e8:8d:d6:0b:b2:c8:50:19:46:c0:c8:97:dc:0b:
                    06:5d:a5:98:eb:00:ab:9a:f9:b2:f6:46:bb:5d:e8:
                    99:67:51:c6:2c:ca:17:4c:0d:85:aa:e1:4b:ee:2e:
                    06:3a:88:4b:5d:79:9c:a7:50:ad:da:0a:8c:e0:06:
                    ec:e4:7c:2c:60:67:63:ff:7e:1b:b5:73:65:2a:9b:
                    e7:0f:d2:e5:a5:f7:b3:03:79:87:81:f2:f9:e8:c6:
                    d1:4a:e8:ae:03:97:7c:b2:60:71:c9:ae:95:62:57:
                    d7:26:88:21:78:ad:ae:71:ff:6e:cb:9c:6f:67:ab:
                    c8:3f:39:5c:17:00:e7:f2:e8:02:af:29:e5:81:7b:
                    a0:60:d3:83:72:96:d8:9f:96:04:0a:71:7b:a0:ca:
                    67:58:6d:68:eb:b8:85:77:65:5e:75:5e:53:1f:94:
                    b2:13:4f:55:fc:46:41:61:17:db:9f:6a:13:83:54:
                    7a:3a:62:83:f5:b0:79:1a:ed:77:fd:c0:a5:09:bc:
                    9d:69:b0:c5:ab:f4:75:67:b5:90:30:84:50:cb:da:
                    17:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:40:71:7E:B1:1E:60:3B:6B:34:4D:8E:A9:4E:98:2B:0F:19:A4:9C
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/4EBxfrEeYDtrNE2OqU6YKw8ZpJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         72:c5:2a:7d:4a:42:0b:95:39:0c:dd:04:2f:dd:8b:88:40:97:
         11:f8:ac:72:b4:83:e5:4d:23:8a:50:e3:a8:d6:66:ba:82:63:
         86:10:ab:3c:e6:bb:84:6a:52:01:4f:9f:72:46:fc:3b:ec:09:
         8f:fb:13:18:0f:d6:d9:32:2b:82:ce:8c:92:51:68:1d:93:e5:
         f3:cb:59:41:63:d1:51:42:74:f1:ea:ed:2f:d4:2a:a0:bb:de:
         cf:4a:f4:0a:33:0e:f0:83:90:1d:2f:2f:00:cb:cd:8c:4c:35:
         70:1c:65:52:71:55:17:51:48:bf:b4:32:d0:28:62:42:9a:2d:
         5e:60:7b:8f:99:f1:d0:20:ea:b2:87:6c:d9:12:1a:7d:8d:9c:
         57:73:b3:98:89:aa:b9:a9:b5:53:52:ae:22:a6:78:5e:80:21:
         aa:a5:dc:1f:14:21:1c:ad:9b:82:41:98:b4:ce:ec:11:83:21:
         14:50:2c:87:8d:56:ed:8d:15:d3:1e:03:d3:9d:4d:6b:c5:35:
         9e:0e:c1:b5:51:51:79:77:da:e9:92:7a:04:8e:fc:4e:47:3d:
         d6:d4:92:47:74:89:a8:6c:ea:c4:f4:56:29:16:71:53:7b:b8:
         2e:b9:c6:28:26:8f:20:32:27:e6:8f:c3:67:94:a4:df:7e:62:
         fc:b2:f9:0b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbgrvT5ldEKRhKSQncxYCazMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzE0MTUxMzI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDQwNzE3ZWIxMWU2MDNiNmIzNDRkOGVhOTRlOTgyYjBmMTlhNDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzaTL5COCzRi15eKER0fcDVJBPEP
JGm9784pe7mEbgSdGEHEzpufJ0P++/8q6I3WC7LIUBlGwMiX3AsGXaWY6wCrmvmy
9ka7XeiZZ1HGLMoXTA2FquFL7i4GOohLXXmcp1Ct2gqM4Abs5HwsYGdj/34btXNl
KpvnD9LlpfezA3mHgfL56MbRSuiuA5d8smBxya6VYlfXJogheK2ucf9uy5xvZ6vI
PzlcFwDn8ugCrynlgXugYNODcpbYn5YECnF7oMpnWG1o67iFd2VedV5TH5SyE09V
/EZBYRfbn2oTg1R6OmKD9bB5Gu13/cClCbydabDFq/R1Z7WQMIRQy9oX/QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOBAcX6xHmA7azRNjqlOmCsPGaScMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNEVCeGZyRWVZRHRyTkUyT3FVNllLdzhacEp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHLFKn1KQguVOQzdBC/d
i4hAlxH4rHK0g+VNI4pQ46jWZrqCY4YQqzzmu4RqUgFPn3JG/DvsCY/7ExgP1tky
K4LOjJJRaB2T5fPLWUFj0VFCdPHq7S/UKqC73s9K9AozDvCDkB0vLwDLzYxMNXAc
ZVJxVRdRSL+0MtAoYkKaLV5ge4+Z8dAg6rKHbNkSGn2NnFdzs5iJqrmptVNSriKm
eF6AIaql3B8UIRytm4JBmLTO7BGDIRRQLIeNVu2NFdMeA9OdTWvFNZ4OwbVRUXl3
2umSegSO/E5HPdbUkkd0iahs6sT0VikWcVN7uC65xigmjyAyJ+aPw2eUpN9+Yvyy
+Qs=
-----END CERTIFICATE-----