Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/4Ic2-kbC8DYWHNjM4QvTPn8-_1U.roa
File:                     4Ic2-kbC8DYWHNjM4QvTPn8-_1U.roa (raw, json)
Hash identifier:          TJTGqJub4hP/eDWD29t2z+DaA+88b9KRDANtNCK7ZQ4=
Subject key identifier:   E0:87:36:FA:46:C2:F0:36:16:1C:D8:CC:E1:0B:D3:3E:7F:3E:FF:55
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01874FD3365FFF7DD33763BB031490469B73
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/4Ic2-kbC8DYWHNjM4QvTPn8-_1U.roa
Signing time:             Wed 05 Apr 2023 05:10:54 +0000
ROA not before:           Wed 05 Apr 2023 05:10:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:4f:d3:36:5f:ff:7d:d3:37:63:bb:03:14:90:46:9b:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  5 05:10:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e08736fa46c2f036161cd8cce10bd33e7f3eff55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:e5:55:87:a3:ab:4b:67:b0:77:33:f3:ae:04:
                    a1:93:a6:0e:1d:49:01:d9:11:12:70:51:2a:0c:5a:
                    4f:ef:11:18:0f:25:c7:32:ca:0f:4c:57:60:9b:7e:
                    ae:c2:1d:c3:5f:db:35:5d:47:92:45:78:ff:65:40:
                    ba:dd:6c:c6:e3:56:bb:97:71:2d:91:c8:6f:c9:0d:
                    3a:6d:11:49:26:49:2d:ec:24:ec:f8:a0:e7:c1:1f:
                    75:b5:15:3d:b7:1c:02:22:0f:30:b0:b6:41:d3:a9:
                    0e:39:3c:5c:9a:b2:6e:4a:ec:bf:75:d7:76:f5:e4:
                    cc:42:74:45:e2:11:e8:66:c3:fe:11:6e:13:f0:21:
                    f9:dc:6a:49:53:be:c3:ed:85:94:6f:f9:91:06:09:
                    08:23:42:b5:ab:a0:0a:ce:8c:71:64:0a:84:f1:fe:
                    24:56:18:e8:aa:8e:69:aa:7a:c1:50:bc:78:a4:fd:
                    18:46:c8:d0:12:2d:50:1f:e0:b2:8d:81:b2:65:7f:
                    68:16:0c:d5:81:30:1a:e9:7c:ec:1b:f6:fc:1c:8d:
                    52:b9:ed:b3:77:6e:8b:e0:db:0c:33:dd:f8:ef:4f:
                    b9:de:96:2a:e5:a8:3c:16:cf:fc:39:5c:1c:e9:bc:
                    cf:5c:31:f1:e7:53:50:cd:74:8a:8b:02:f7:a4:b0:
                    87:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:87:36:FA:46:C2:F0:36:16:1C:D8:CC:E1:0B:D3:3E:7F:3E:FF:55
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/4Ic2-kbC8DYWHNjM4QvTPn8-_1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         73:c4:11:9f:c7:74:af:da:dd:29:d9:e8:8e:68:b9:6a:3d:c8:
         98:45:fe:ce:51:0a:cf:bb:c2:53:c7:4d:b8:e3:6b:bb:44:35:
         99:0c:0e:0a:1d:d7:5e:48:41:29:6e:86:bc:01:7d:8c:fb:4c:
         b4:8b:76:7a:1f:df:8d:8a:47:23:d5:0c:f5:6f:f6:69:83:d2:
         44:c6:7a:16:25:3a:32:26:42:85:25:e7:ba:f6:c1:52:4a:1a:
         f2:8d:91:fc:03:7c:6b:d7:25:14:58:3f:93:d2:17:43:f4:40:
         08:79:34:93:6f:2a:07:ac:f3:cf:51:0e:a8:c7:5d:05:1d:7b:
         75:35:d7:19:76:56:a8:76:47:d0:bc:42:3b:f1:cc:83:32:c9:
         df:a2:f4:a6:4d:84:46:51:93:9f:bb:7d:3b:fd:f5:b7:71:41:
         d8:f1:5e:8d:9e:f3:91:65:85:46:b5:94:08:bb:08:be:93:f5:
         d4:fa:8e:e9:fc:86:88:e8:04:89:18:3f:b5:40:d6:17:09:b1:
         b1:28:44:26:43:82:46:82:e1:a8:5b:70:7c:de:8e:ad:03:a5:
         48:45:8e:e5:75:85:f5:b8:61:f1:27:65:eb:49:36:75:f6:e6:
         ae:1d:82:05:e8:fe:2c:65:dc:9d:7f:b0:2d:2d:33:01:ff:0f:
         f4:53:aa:56
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdP0zZf/33TN2O7AxSQRptzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDA1MDUxMDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDg3MzZmYTQ2YzJmMDM2MTYxY2Q4Y2NlMTBiZDMzZTdmM2VmZjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOVVh6OrS2ewdzPzrgShk6YOHUkB
2REScFEqDFpP7xEYDyXHMsoPTFdgm36uwh3DX9s1XUeSRXj/ZUC63WzG41a7l3Et
kchvyQ06bRFJJkkt7CTs+KDnwR91tRU9txwCIg8wsLZB06kOOTxcmrJuSuy/ddd2
9eTMQnRF4hHoZsP+EW4T8CH53GpJU77D7YWUb/mRBgkII0K1q6AKzoxxZAqE8f4k
Vhjoqo5pqnrBULx4pP0YRsjQEi1QH+CyjYGyZX9oFgzVgTAa6XzsG/b8HI1Sue2z
d26L4NsMM93470+53pYq5ag8Fs/8OVwc6bzPXDHx51NQzXSKiwL3pLCHYwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOCHNvpGwvA2FhzYzOEL0z5/Pv9VMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNEljMi1rYkM4RFlXSE5qTTRRdlRQbjgtXzFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHPEEZ/HdK/a3SnZ6I5o
uWo9yJhF/s5RCs+7wlPHTbjja7tENZkMDgod115IQSluhrwBfYz7TLSLdnof342K
RyPVDPVv9mmD0kTGehYlOjImQoUl57r2wVJKGvKNkfwDfGvXJRRYP5PSF0P0QAh5
NJNvKges889RDqjHXQUde3U11xl2Vqh2R9C8QjvxzIMyyd+i9KZNhEZRk5+7fTv9
9bdxQdjxXo2e85FlhUa1lAi7CL6T9dT6jun8hojoBIkYP7VA1hcJsbEoRCZDgkaC
4ahbcHzejq0DpUhFjuV1hfW4YfEnZetJNnX25q4dggXo/ixl3J1/sC0tMwH/D/RT
qlY=
-----END CERTIFICATE-----