Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/5N8dtVtASGoGZmruqH9tJ_tsShM.roa
File:                     5N8dtVtASGoGZmruqH9tJ_tsShM.roa (raw, json)
Hash identifier:          cpOuaqnuM7qT+5Fz9fz7D75LBhuakHGrtBoStLfopGM=
Subject key identifier:   E4:DF:1D:B5:5B:40:48:6A:06:66:6A:EE:A8:7F:6D:27:FB:6C:4A:13
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01877294D216E0BACBAC495C1B1D58912ED3
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/5N8dtVtASGoGZmruqH9tJ_tsShM.roa
Signing time:             Tue 11 Apr 2023 23:09:28 +0000
ROA not before:           Tue 11 Apr 2023 23:09:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:72:94:d2:16:e0:ba:cb:ac:49:5c:1b:1d:58:91:2e:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 11 23:09:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e4df1db55b40486a06666aeea87f6d27fb6c4a13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:a5:45:ed:13:df:9f:a8:a8:84:90:1d:1f:63:
                    20:e9:fb:3e:11:aa:e2:e7:f0:ef:ae:b1:57:bc:69:
                    c8:f4:74:ef:cb:07:6c:67:55:f8:54:34:de:4e:42:
                    f0:1e:43:85:e9:e8:66:e6:b4:cc:f8:31:73:ee:5e:
                    11:8a:d4:5a:45:85:1b:b6:a4:e8:4e:49:ae:d8:a9:
                    53:55:ec:01:35:0d:e3:15:50:fb:f9:78:ed:94:be:
                    e6:6e:c2:ef:f3:05:97:11:9b:29:7b:f2:42:e0:97:
                    92:de:30:38:d3:5f:67:b6:07:e7:6b:c0:f1:81:ea:
                    f4:f6:58:91:b3:89:6d:4b:c2:d0:fb:30:27:80:0a:
                    fd:60:03:72:98:12:1a:c9:27:00:f3:14:52:8e:b4:
                    66:ae:fd:78:43:7d:48:d0:4a:af:c7:9a:e6:c0:f9:
                    c7:bf:85:c1:ac:6b:71:e3:67:a5:cc:ee:71:8a:96:
                    2d:e4:0e:5a:00:21:40:6a:47:18:5b:17:ce:bf:c7:
                    90:41:94:71:98:00:8f:77:2c:08:09:c6:94:69:69:
                    45:a9:a7:61:29:74:cd:89:e9:be:bb:51:a3:f0:a0:
                    e1:d6:8a:9d:4a:75:e2:92:6f:e7:83:7d:38:71:a6:
                    52:35:ae:cd:81:70:6f:35:15:58:03:a6:b1:6a:f8:
                    e9:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:DF:1D:B5:5B:40:48:6A:06:66:6A:EE:A8:7F:6D:27:FB:6C:4A:13
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/5N8dtVtASGoGZmruqH9tJ_tsShM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:66:06:88:21:11:0a:b4:19:96:2b:7b:de:8e:73:c4:5b:15:
         3d:e2:25:84:24:b7:55:42:2e:36:f0:ac:2a:05:76:ca:da:71:
         dc:2c:90:39:68:87:0e:63:75:20:b4:f0:59:0b:bb:8d:75:fd:
         73:3f:af:b4:25:1a:e2:b2:1d:2e:3c:03:69:89:9d:e7:d0:92:
         15:4a:fa:db:4c:a5:6f:5d:ef:0f:f7:24:4e:30:ac:3c:0f:88:
         c9:c2:7f:61:b6:9c:7e:a3:20:c3:d8:8f:ea:53:13:69:d7:6a:
         96:cb:5d:15:17:da:dc:3f:81:3e:4e:41:36:1b:1d:48:e1:bb:
         cd:37:96:aa:eb:3d:05:cc:72:e0:cd:0b:d2:d8:1a:07:cc:63:
         2d:53:47:9c:16:56:76:b3:fe:6f:79:5c:18:83:41:b8:38:75:
         e4:24:23:93:b8:fe:3b:4a:af:9e:df:59:bf:9c:65:04:91:81:
         74:8e:a8:24:cb:70:d5:5e:90:54:a5:e2:38:8c:08:e4:cb:22:
         19:6b:14:6b:e6:f7:06:09:0e:fe:30:6d:f4:ed:4b:8d:46:7b:
         3a:83:a1:03:e0:70:7f:7b:99:ef:4b:ac:e9:b0:0c:f6:c5:68:
         eb:5d:eb:91:40:6e:4a:1b:06:94:fb:62:c9:0b:a5:4d:41:c5:
         65:43:37:30
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdylNIW4LrLrElcGx1YkS7TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDExMjMwOTI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGRmMWRiNTViNDA0ODZhMDY2NjZhZWVhODdmNmQyN2ZiNmM0YTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtqVF7RPfn6iohJAdH2Mg6fs+Eari
5/DvrrFXvGnI9HTvywdsZ1X4VDTeTkLwHkOF6ehm5rTM+DFz7l4RitRaRYUbtqTo
Tkmu2KlTVewBNQ3jFVD7+XjtlL7mbsLv8wWXEZspe/JC4JeS3jA4019ntgfna8Dx
ger09liRs4ltS8LQ+zAngAr9YANymBIayScA8xRSjrRmrv14Q31I0Eqvx5rmwPnH
v4XBrGtx42elzO5xipYt5A5aACFAakcYWxfOv8eQQZRxmACPdywICcaUaWlFqadh
KXTNiem+u1Gj8KDh1oqdSnXikm/ng304caZSNa7NgXBvNRVYA6axavjpaQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOTfHbVbQEhqBmZq7qh/bSf7bEoTMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNU44ZHRWdEFTR29HWm1ydXFIOXRKX3RzU2hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAApmBoghEQq0GZYre96O
c8RbFT3iJYQkt1VCLjbwrCoFdsracdwskDlohw5jdSC08FkLu411/XM/r7QlGuKy
HS48A2mJnefQkhVK+ttMpW9d7w/3JE4wrDwPiMnCf2G2nH6jIMPYj+pTE2nXapbL
XRUX2tw/gT5OQTYbHUjhu803lqrrPQXMcuDNC9LYGgfMYy1TR5wWVnaz/m95XBiD
Qbg4deQkI5O4/jtKr57fWb+cZQSRgXSOqCTLcNVekFSl4jiMCOTLIhlrFGvm9wYJ
Dv4wbfTtS41GezqDoQPgcH97me9LrOmwDPbFaOtd65FAbkobBpT7YskLpU1BxWVD
NzA=
-----END CERTIFICATE-----