Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/56PGwUfBr9yzqoBKxaxSns9vNr0.roa
File:                     56PGwUfBr9yzqoBKxaxSns9vNr0.roa (raw, json)
Hash identifier:          7O4nV0jslohvahG/9VUOLKHUjtRZjUSEy4IOwBoVq9I=
Subject key identifier:   E7:A3:C6:C1:47:C1:AF:DC:B3:AA:80:4A:C5:AC:52:9E:CF:6F:36:BD
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01881797E0E9B0B338C271965BE136A50397
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/56PGwUfBr9yzqoBKxaxSns9vNr0.roa
Signing time:             Sun 14 May 2023 00:10:09 +0000
ROA not before:           Sun 14 May 2023 00:10:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:17:97:e0:e9:b0:b3:38:c2:71:96:5b:e1:36:a5:03:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 14 00:10:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e7a3c6c147c1afdcb3aa804ac5ac529ecf6f36bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:38:1e:85:44:6b:50:bd:72:a4:67:b0:23:c2:
                    14:7a:5e:c4:f5:28:33:2e:85:47:b8:e6:b8:dc:9b:
                    df:9c:31:59:c7:f5:6c:b4:f2:ff:53:7e:3f:32:98:
                    da:24:f1:87:a0:a0:2d:14:68:17:10:aa:3a:a7:8e:
                    66:04:7a:88:71:13:2f:34:a0:47:27:43:e1:32:cd:
                    38:62:31:0d:9f:4c:a6:5f:5b:d2:89:cb:4e:68:0b:
                    3e:96:75:21:3c:7b:e4:9a:77:4b:0e:3c:ed:23:4a:
                    53:57:89:0d:ea:86:0e:a9:bd:2b:63:34:79:ff:ee:
                    e3:20:9d:42:4d:0f:59:45:a1:da:2b:09:e1:53:07:
                    4c:29:89:a4:7d:6c:92:6b:99:19:07:af:33:d3:aa:
                    b7:b9:51:24:f4:c4:54:72:54:e8:d2:ff:f1:67:66:
                    82:89:34:06:25:9d:5e:53:e3:1e:33:00:7f:92:fa:
                    06:76:ed:dd:ca:d2:24:1d:00:d3:50:08:26:a2:ab:
                    79:5c:99:35:79:60:b7:5f:34:e8:30:4c:49:27:52:
                    46:d4:af:f1:c3:3c:8d:27:de:4e:ac:34:19:a2:ec:
                    ff:19:ba:59:a9:94:0e:69:41:d8:69:ee:db:5c:a2:
                    ae:f4:d0:bf:86:cc:82:72:d0:53:df:81:1a:22:2f:
                    8a:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:A3:C6:C1:47:C1:AF:DC:B3:AA:80:4A:C5:AC:52:9E:CF:6F:36:BD
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/56PGwUfBr9yzqoBKxaxSns9vNr0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a5:b3:c5:dc:ab:78:02:f2:22:ca:4c:b2:bc:06:a6:46:33:01:
         63:aa:46:08:55:2e:9e:34:51:93:02:1c:05:b9:7c:e0:1e:91:
         c3:62:23:65:b1:59:3b:dc:c7:30:3f:05:84:77:13:ab:76:02:
         6b:8d:67:e0:ef:c8:a4:88:db:63:e0:6b:2b:d5:a5:42:4f:a7:
         95:47:22:26:a9:0d:6c:98:c8:71:35:d7:12:eb:0c:99:bd:f5:
         aa:ad:01:d1:b7:e5:6e:05:71:55:13:31:56:9e:01:72:3b:08:
         d7:a3:92:65:3b:c6:fd:62:e2:c4:83:1c:dc:2c:2f:50:d1:31:
         d2:d4:5e:aa:22:1d:3d:5e:3e:0a:ff:80:4f:33:b4:02:38:cd:
         3e:53:93:e3:e9:f2:32:1d:dd:8c:dd:c7:27:53:fe:d8:2b:c5:
         28:75:a3:19:7b:6d:6e:87:1c:3c:01:75:17:48:d9:e1:06:44:
         40:01:c6:96:b2:1c:89:18:7d:14:5d:ce:48:92:cb:e0:b0:aa:
         c0:c5:eb:db:42:39:ce:ae:fa:68:df:e4:cd:61:f7:f7:e6:de:
         a5:1d:d9:c4:e4:f1:da:6a:31:2d:b2:76:ed:6c:dc:87:e5:96:
         72:26:8a:85:26:e4:a8:04:f2:fe:d3:05:64:a9:67:f5:c9:33:
         72:a6:07:40
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgXl+DpsLM4wnGWW+E2pQOXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTE0MDAxMDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2EzYzZjMTQ3YzFhZmRjYjNhYTgwNGFjNWFjNTI5ZWNmNmYzNmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnDgehURrUL1ypGewI8IUel7E9Sgz
LoVHuOa43JvfnDFZx/VstPL/U34/MpjaJPGHoKAtFGgXEKo6p45mBHqIcRMvNKBH
J0PhMs04YjENn0ymX1vSictOaAs+lnUhPHvkmndLDjztI0pTV4kN6oYOqb0rYzR5
/+7jIJ1CTQ9ZRaHaKwnhUwdMKYmkfWySa5kZB68z06q3uVEk9MRUclTo0v/xZ2aC
iTQGJZ1eU+MeMwB/kvoGdu3dytIkHQDTUAgmoqt5XJk1eWC3XzToMExJJ1JG1K/x
wzyNJ95OrDQZouz/GbpZqZQOaUHYae7bXKKu9NC/hsyCctBT34EaIi+KwwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOejxsFHwa/cs6qASsWsUp7Pbza9MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNTZQR3dVZkJyOXl6cW9CS3hheFNuczl2TnIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKWzxdyreALyIspMsrwG
pkYzAWOqRghVLp40UZMCHAW5fOAekcNiI2WxWTvcxzA/BYR3E6t2AmuNZ+DvyKSI
22PgayvVpUJPp5VHIiapDWyYyHE11xLrDJm99aqtAdG35W4FcVUTMVaeAXI7CNej
kmU7xv1i4sSDHNwsL1DRMdLUXqoiHT1ePgr/gE8ztAI4zT5Tk+Pp8jId3YzdxydT
/tgrxSh1oxl7bW6HHDwBdRdI2eEGREABxpayHIkYfRRdzkiSy+CwqsDF69tCOc6u
+mjf5M1h9/fm3qUd2cTk8dpqMS2ydu1s3IfllnImioUm5KgE8v7TBWSpZ/XJM3Km
B0A=
-----END CERTIFICATE-----