Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/4IByl355xcCAdOaXgev5Lst9Oko.roa
File:                     4IByl355xcCAdOaXgev5Lst9Oko.roa (raw, json)
Hash identifier:          wd8RE9C7uLnVH4VcjzzOUvZQatjOtnjpdVxxERfIQCs=
Subject key identifier:   E0:80:72:97:7E:79:C5:C0:80:74:E6:97:81:EB:F9:2E:CB:7D:3A:4A
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018730B7D36B40FC8814C957763F9E1A5507
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/4IByl355xcCAdOaXgev5Lst9Oko.roa
Signing time:             Thu 30 Mar 2023 04:12:46 +0000
ROA not before:           Thu 30 Mar 2023 04:12:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:30:b7:d3:6b:40:fc:88:14:c9:57:76:3f:9e:1a:55:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 30 04:12:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e08072977e79c5c08074e69781ebf92ecb7d3a4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:1b:c9:83:a7:1a:97:b7:f1:7e:2c:12:81:16:
                    39:aa:4e:5e:5e:56:09:62:8b:7a:ec:84:f8:5b:2e:
                    ea:e0:89:22:d0:07:7e:2c:3b:31:db:7b:4d:77:14:
                    87:24:8d:23:b5:b8:7b:3e:a4:5b:eb:ee:c6:d8:73:
                    37:ba:84:09:2c:80:a0:ff:98:6b:f7:74:15:01:6a:
                    39:97:9d:04:da:4a:31:29:ba:c6:51:2a:38:8d:f1:
                    eb:32:e0:39:4c:7d:a5:b3:b4:b3:41:bc:dc:22:88:
                    f6:f6:2e:4a:c5:ad:a5:f3:fd:e0:a4:2f:7f:4d:56:
                    c1:1c:c7:29:51:5d:42:5d:f4:f8:83:87:2f:ce:b0:
                    00:77:0e:a6:4b:7b:ad:b3:c3:18:1d:b7:bf:71:77:
                    05:2c:52:3b:8d:f9:5e:55:54:9b:2e:f1:da:c5:13:
                    21:f4:cc:10:6f:a3:9f:b5:7c:a7:99:e3:3e:db:23:
                    45:99:d3:a2:d7:15:d2:4d:e0:a0:89:b5:32:20:98:
                    fe:81:9e:7c:55:41:1f:84:70:30:df:38:f4:6f:c8:
                    cc:20:f9:25:c8:88:16:ff:52:c7:62:08:d4:c1:35:
                    fb:a4:5b:84:43:9c:e8:68:2c:6a:ee:83:e8:86:ca:
                    de:00:f9:4f:db:35:f6:3a:d1:b8:23:17:9d:d9:ef:
                    2b:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:80:72:97:7E:79:C5:C0:80:74:E6:97:81:EB:F9:2E:CB:7D:3A:4A
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/4IByl355xcCAdOaXgev5Lst9Oko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:f5:7b:27:f9:15:ad:eb:4d:3b:57:02:d0:b1:bc:1e:ac:e0:
         3c:be:ab:f3:9f:e7:50:a6:a5:4b:6a:b3:c5:21:bd:ed:2d:13:
         4d:61:38:30:5c:5e:09:88:c6:c9:52:29:15:7e:5e:fc:81:f4:
         a1:5f:ff:8c:8a:42:80:dc:61:88:a7:88:8f:04:81:6b:67:bb:
         5f:dc:4e:9f:5f:de:64:3c:c7:d7:e9:54:d1:41:67:0a:1d:35:
         3c:a7:2c:35:0b:c7:d4:f1:13:aa:0e:06:83:be:c6:cb:f7:43:
         f1:5d:d1:be:78:69:0a:0b:3d:d9:6e:46:3b:2e:5d:b0:7b:43:
         74:b3:b1:fb:d6:0e:95:28:3b:34:4a:f6:cf:9b:21:63:3f:b3:
         64:0b:19:c9:58:31:f1:63:57:f8:c9:95:12:51:80:c5:49:0d:
         56:3e:a2:ad:67:4e:ad:de:d5:10:d0:77:00:22:b6:10:fe:67:
         14:0b:85:92:0f:7f:de:07:da:09:d4:f4:28:3f:13:dd:c9:3f:
         d3:9b:78:f9:ae:4f:20:2c:8b:ba:cf:12:eb:9f:0e:f9:cc:c7:
         4e:cb:f9:a9:95:d9:e2:a2:11:36:0e:8f:c6:dd:4c:87:fa:59:
         a5:e4:b4:c0:0b:bd:52:a8:2c:4a:7e:fc:a3:c3:f2:10:17:e4:
         6a:a3:16:22
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcwt9NrQPyIFMlXdj+eGlUHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzMwMDQxMjQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDgwNzI5NzdlNzljNWMwODA3NGU2OTc4MWViZjkyZWNiN2QzYTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnRvJg6cal7fxfiwSgRY5qk5eXlYJ
Yot67IT4Wy7q4Iki0Ad+LDsx23tNdxSHJI0jtbh7PqRb6+7G2HM3uoQJLICg/5hr
93QVAWo5l50E2koxKbrGUSo4jfHrMuA5TH2ls7SzQbzcIoj29i5Kxa2l8/3gpC9/
TVbBHMcpUV1CXfT4g4cvzrAAdw6mS3uts8MYHbe/cXcFLFI7jfleVVSbLvHaxRMh
9MwQb6OftXynmeM+2yNFmdOi1xXSTeCgibUyIJj+gZ58VUEfhHAw3zj0b8jMIPkl
yIgW/1LHYgjUwTX7pFuEQ5zoaCxq7oPohsreAPlP2zX2OtG4Ixed2e8rRQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOCAcpd+ecXAgHTml4Hr+S7LfTpKMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNElCeWwzNTV4Y0NBZE9hWGdldjVMc3Q5T2tvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAH/1eyf5Fa3rTTtXAtCx
vB6s4Dy+q/Of51CmpUtqs8Uhve0tE01hODBcXgmIxslSKRV+XvyB9KFf/4yKQoDc
YYiniI8EgWtnu1/cTp9f3mQ8x9fpVNFBZwodNTynLDULx9TxE6oOBoO+xsv3Q/Fd
0b54aQoLPdluRjsuXbB7Q3SzsfvWDpUoOzRK9s+bIWM/s2QLGclYMfFjV/jJlRJR
gMVJDVY+oq1nTq3e1RDQdwAithD+ZxQLhZIPf94H2gnU9Cg/E93JP9ObePmuTyAs
i7rPEuufDvnMx07L+amV2eKiETYOj8bdTIf6WaXktMALvVKoLEp+/KPD8hAX5Gqj
FiI=
-----END CERTIFICATE-----