Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/5Ho3wjMqBtNDpzerNvpySD2tCPI.roa
File:                     5Ho3wjMqBtNDpzerNvpySD2tCPI.roa (raw, json)
Hash identifier:          LPR5ZhSZAm9Ajkzb9hnfH713b3RosfQvdELZwkTJ8+A=
Subject key identifier:   E4:7A:37:C2:33:2A:06:D3:43:A7:37:AB:36:FA:72:48:3D:AD:08:F2
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01875C7B138F4D94B55EB0D4E36FD074122C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/5Ho3wjMqBtNDpzerNvpySD2tCPI.roa
Signing time:             Fri 07 Apr 2023 16:09:42 +0000
ROA not before:           Fri 07 Apr 2023 16:09:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:5c:7b:13:8f:4d:94:b5:5e:b0:d4:e3:6f:d0:74:12:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  7 16:09:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e47a37c2332a06d343a737ab36fa72483dad08f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:5b:22:11:c3:f8:ca:a2:a9:07:83:0d:f7:d8:
                    9d:80:f6:97:c6:1f:79:32:eb:16:46:92:37:38:b5:
                    b0:19:41:f7:4c:ae:e6:b0:c9:5c:18:46:1c:67:9d:
                    cb:29:0d:12:34:cd:e7:ce:4b:6e:47:3d:b4:a7:da:
                    50:d8:70:52:13:4d:f7:72:8a:a1:95:3b:dc:8b:a6:
                    b7:62:a1:5f:55:31:29:d6:dc:49:3a:3c:ae:c2:3a:
                    7b:1f:93:0d:7f:a9:5a:7e:87:1e:a5:15:11:8f:f5:
                    7c:21:07:3f:e8:00:7e:d1:1a:41:14:44:5c:fa:73:
                    da:f9:0b:c7:0b:50:c5:3a:ce:30:9d:72:02:7c:a7:
                    b8:bf:a0:3a:05:52:72:03:5e:fa:ce:e9:cd:43:2f:
                    df:81:e6:ad:40:b5:78:a1:08:2e:59:4d:40:ae:c9:
                    ea:8f:8e:41:ad:fa:34:e8:cc:13:68:2d:e9:64:5b:
                    3e:78:5d:37:70:57:4b:e8:be:67:77:e0:56:af:34:
                    3e:58:06:61:c8:7d:83:49:76:fd:0f:0f:d7:cc:76:
                    79:46:5a:81:7a:95:3e:ca:c8:ef:d5:bf:02:3d:e9:
                    51:31:f2:60:73:6f:37:fe:3a:46:93:2d:9a:60:51:
                    80:d1:60:3f:45:87:e2:42:c9:a5:31:ab:f6:b6:75:
                    42:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:7A:37:C2:33:2A:06:D3:43:A7:37:AB:36:FA:72:48:3D:AD:08:F2
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/5Ho3wjMqBtNDpzerNvpySD2tCPI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         79:29:3d:98:e2:e3:98:d7:df:45:6d:9d:8d:6c:fa:34:aa:5a:
         40:9e:5b:2e:ac:a0:ee:82:0a:8f:97:cd:b4:15:52:6a:92:4b:
         2b:6c:e2:d7:e0:be:de:56:f2:f7:15:07:e9:ed:02:8b:9c:05:
         c8:bb:73:f7:d0:15:c0:ab:62:96:44:8f:89:71:20:28:2b:96:
         69:57:e0:23:c4:3f:b6:68:a8:c6:06:63:b5:9f:03:34:fc:d6:
         18:c8:a5:9d:8b:9f:b1:55:2a:94:87:aa:87:80:ab:2e:05:53:
         6f:72:81:c1:9b:36:0f:e0:18:09:28:59:22:40:5d:d9:59:88:
         9a:63:1d:ca:25:90:fb:45:2c:39:bc:e4:32:2d:89:7f:ad:85:
         4f:96:07:e9:1d:92:47:b1:55:09:88:e6:69:ef:63:83:eb:96:
         b2:57:c7:e4:6b:fb:28:04:5f:ac:d2:ac:29:b7:e5:91:8b:6a:
         0a:25:fd:ac:bf:ee:fc:8a:96:9d:ed:61:30:61:85:77:2a:9d:
         89:69:5d:7b:e5:a3:6a:24:67:e3:45:0d:a1:17:6d:1b:1d:1b:
         f4:13:4e:cc:37:d9:33:e5:cb:c0:fe:99:ab:b1:32:18:02:66:
         ab:53:63:3b:f5:ae:ec:7f:d7:1b:6b:ff:58:86:21:20:e7:68:
         5b:ad:81:c1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdcexOPTZS1XrDU42/QdBIsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDA3MTYwOTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDdhMzdjMjMzMmEwNmQzNDNhNzM3YWIzNmZhNzI0ODNkYWQwOGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiVsiEcP4yqKpB4MN99idgPaXxh95
MusWRpI3OLWwGUH3TK7msMlcGEYcZ53LKQ0SNM3nzktuRz20p9pQ2HBSE033coqh
lTvci6a3YqFfVTEp1txJOjyuwjp7H5MNf6lafocepRURj/V8IQc/6AB+0RpBFERc
+nPa+QvHC1DFOs4wnXICfKe4v6A6BVJyA176zunNQy/fgeatQLV4oQguWU1Arsnq
j45Brfo06MwTaC3pZFs+eF03cFdL6L5nd+BWrzQ+WAZhyH2DSXb9Dw/XzHZ5RlqB
epU+ysjv1b8CPelRMfJgc283/jpGky2aYFGA0WA/RYfiQsmlMav2tnVChwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOR6N8IzKgbTQ6c3qzb6ckg9rQjyMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNUhvM3dqTXFCdE5EcHplck52cHlTRDJ0Q1BJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHkpPZji45jX30VtnY1s
+jSqWkCeWy6soO6CCo+XzbQVUmqSSyts4tfgvt5W8vcVB+ntAoucBci7c/fQFcCr
YpZEj4lxICgrlmlX4CPEP7ZoqMYGY7WfAzT81hjIpZ2Ln7FVKpSHqoeAqy4FU29y
gcGbNg/gGAkoWSJAXdlZiJpjHcolkPtFLDm85DItiX+thU+WB+kdkkexVQmI5mnv
Y4PrlrJXx+Rr+ygEX6zSrCm35ZGLagol/ay/7vyKlp3tYTBhhXcqnYlpXXvlo2ok
Z+NFDaEXbRsdG/QTTsw32TPly8D+mauxMhgCZqtTYzv1rux/1xtr/1iGISDnaFut
gcE=
-----END CERTIFICATE-----