Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/4YhZZ8M-p6qKRg8XW2oYfvvVG-Y.roa
File:                     4YhZZ8M-p6qKRg8XW2oYfvvVG-Y.roa (raw, json)
Hash identifier:          jnSeAmwx+bgYCPqlfjTrDJ5Pb33qYxceJo2a5j96+eg=
Subject key identifier:   E1:88:59:67:C3:3E:A7:AA:8A:46:0F:17:5B:6A:18:7E:FB:D5:1B:E6
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018753790E2E3D6E6953E0E7136CEF798E02
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/4YhZZ8M-p6qKRg8XW2oYfvvVG-Y.roa
Signing time:             Wed 05 Apr 2023 22:10:54 +0000
ROA not before:           Wed 05 Apr 2023 22:10:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:53:79:0e:2e:3d:6e:69:53:e0:e7:13:6c:ef:79:8e:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  5 22:10:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e1885967c33ea7aa8a460f175b6a187efbd51be6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:be:7c:ef:26:64:41:5a:a9:ea:f0:da:65:2d:
                    7d:81:88:1c:88:15:04:36:1e:89:81:0b:3f:7f:cc:
                    1e:79:b2:81:26:97:ef:0f:d1:55:02:bd:7f:7b:16:
                    f6:1d:30:56:18:88:a0:bf:8c:a6:08:6f:03:e2:79:
                    d6:2b:56:26:ed:80:9d:12:fa:96:17:89:d7:68:7c:
                    4a:a4:92:04:9b:eb:19:c8:46:b2:73:33:65:db:2f:
                    7f:40:10:58:71:cd:61:85:03:42:1a:f3:5d:af:00:
                    66:fe:4a:18:c9:7f:d5:e7:7a:67:ad:12:67:2d:a2:
                    cc:81:51:35:cc:60:f5:a5:92:5b:27:2f:a8:11:93:
                    90:b1:fd:23:5c:b3:50:01:19:78:d5:d3:f4:e4:dd:
                    9b:fc:7a:4e:0d:6e:ae:6d:0b:e1:ac:d6:44:6f:da:
                    e4:04:aa:66:ce:9f:2d:54:36:ff:8d:e1:6b:99:cd:
                    ce:02:77:57:07:ad:5d:39:95:72:30:8e:21:8e:3a:
                    48:de:ed:b6:c6:db:a9:1b:63:05:36:61:64:02:be:
                    db:b8:17:d3:2c:ce:7e:5d:ff:0c:ce:d8:61:06:ea:
                    fb:fb:91:48:4f:14:aa:f8:2d:70:1c:fa:0a:4c:2a:
                    5a:ce:8f:96:c8:b4:b5:86:15:25:e2:10:50:01:48:
                    4d:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:88:59:67:C3:3E:A7:AA:8A:46:0F:17:5B:6A:18:7E:FB:D5:1B:E6
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/4YhZZ8M-p6qKRg8XW2oYfvvVG-Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:2c:e9:a1:25:4c:02:f3:ee:d3:d9:57:11:75:99:c5:84:49:
         ba:14:80:dc:2b:41:79:66:00:bb:c6:b2:b5:18:7f:db:2c:6a:
         cb:b9:bf:6d:78:8d:96:e3:a2:a6:c2:52:ad:0d:d6:e8:2f:85:
         0e:10:3b:f3:38:12:e4:3d:23:1d:3e:92:cb:ff:b5:29:45:33:
         65:3c:6a:98:ff:b9:34:3b:33:e4:73:01:a1:36:64:32:88:c7:
         29:cb:7c:49:79:3d:7c:08:cb:41:cf:fd:29:7d:67:4a:35:78:
         ec:da:71:b6:e8:99:22:92:bd:30:d8:ea:b5:4b:3f:a9:dd:98:
         75:da:0a:af:b3:d0:54:55:29:b0:38:4c:8d:58:17:0f:68:7d:
         4e:5d:59:60:dc:3c:8b:9d:10:8f:2c:3c:8b:f8:07:b5:ff:17:
         5b:07:75:bb:28:7c:2c:26:96:c1:6f:71:58:10:67:e6:98:3b:
         17:6b:f3:30:e4:86:35:5a:9b:be:7d:1c:c8:37:0d:df:33:ec:
         17:80:53:fc:fd:9a:77:a2:f3:f1:ab:c4:53:af:63:a1:50:77:
         94:d5:41:1e:b2:8f:2c:a3:3f:ff:26:c2:21:f9:13:69:ec:98:
         71:29:3e:a8:55:b0:d9:14:c4:3f:ee:c8:46:7a:38:8f:48:73:
         32:63:42:78
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdTeQ4uPW5pU+DnE2zveY4CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDA1MjIxMDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTg4NTk2N2MzM2VhN2FhOGE0NjBmMTc1YjZhMTg3ZWZiZDUxYmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgr587yZkQVqp6vDaZS19gYgciBUE
Nh6JgQs/f8weebKBJpfvD9FVAr1/exb2HTBWGIigv4ymCG8D4nnWK1Ym7YCdEvqW
F4nXaHxKpJIEm+sZyEayczNl2y9/QBBYcc1hhQNCGvNdrwBm/koYyX/V53pnrRJn
LaLMgVE1zGD1pZJbJy+oEZOQsf0jXLNQARl41dP05N2b/HpODW6ubQvhrNZEb9rk
BKpmzp8tVDb/jeFrmc3OAndXB61dOZVyMI4hjjpI3u22xtupG2MFNmFkAr7buBfT
LM5+Xf8MzthhBur7+5FITxSq+C1wHPoKTCpazo+WyLS1hhUl4hBQAUhNYwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOGIWWfDPqeqikYPF1tqGH771RvmMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNFloWlo4TS1wNnFLUmc4WFcyb1lmdnZWRy1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHAs6aElTALz7tPZVxF1
mcWESboUgNwrQXlmALvGsrUYf9ssasu5v214jZbjoqbCUq0N1ugvhQ4QO/M4EuQ9
Ix0+ksv/tSlFM2U8apj/uTQ7M+RzAaE2ZDKIxynLfEl5PXwIy0HP/Sl9Z0o1eOza
cbbomSKSvTDY6rVLP6ndmHXaCq+z0FRVKbA4TI1YFw9ofU5dWWDcPIudEI8sPIv4
B7X/F1sHdbsofCwmlsFvcVgQZ+aYOxdr8zDkhjVam759HMg3Dd8z7BeAU/z9mnei
8/GrxFOvY6FQd5TVQR6yjyyjP/8mwiH5E2nsmHEpPqhVsNkUxD/uyEZ6OI9IczJj
Qng=
-----END CERTIFICATE-----