Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/5dvb0ZjGitI8nmO6n-48rA6lMLQ.roa
File:                     5dvb0ZjGitI8nmO6n-48rA6lMLQ.roa (raw, json)
Hash identifier:          lE2QCcQfdHSCMaytQuV39clPhF3M+lvSctga6ApbTSw=
Subject key identifier:   E5:DB:DB:D1:98:C6:8A:D2:3C:9E:63:BA:9F:EE:3C:AC:0E:A5:30:B4
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186F8AF0E66FBA92CA7032E982D2D3AB6D1
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/5dvb0ZjGitI8nmO6n-48rA6lMLQ.roa
Signing time:             Sun 19 Mar 2023 07:04:27 +0000
ROA not before:           Sun 19 Mar 2023 07:04:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:f8ae:dfae/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:f8:af:0e:66:fb:a9:2c:a7:03:2e:98:2d:2d:3a:b6:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 19 07:04:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e5dbdbd198c68ad23c9e63ba9fee3cac0ea530b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:67:e7:f9:12:f8:24:ca:22:7e:f5:05:46:d5:
                    af:76:1d:af:76:bc:dc:ae:3f:a7:10:da:ef:67:4e:
                    f9:e9:ac:fb:d4:ee:72:96:04:2c:32:81:e8:8a:01:
                    f7:0a:4c:71:77:31:dd:26:3d:f6:50:b0:49:7b:51:
                    5e:62:8e:a0:12:69:00:0c:19:24:88:01:0f:72:21:
                    57:02:1b:59:e7:74:68:5e:21:5b:82:cd:5e:a6:e2:
                    9e:2c:a2:53:f0:4f:29:ef:c4:eb:3d:b3:a4:60:81:
                    09:ef:7b:11:77:7e:57:92:fe:36:af:6d:14:3a:af:
                    8b:27:3c:0f:9d:1f:d3:66:45:b8:6b:6f:fe:f3:8f:
                    3f:5e:4c:8d:d7:c1:d5:6d:45:e1:0d:4b:8e:55:6c:
                    fd:9d:c9:ac:a1:fb:1e:31:d9:4b:3e:dd:2f:be:e5:
                    fd:94:78:3e:57:5c:f5:43:cf:a3:62:bb:e6:e7:b4:
                    dd:89:d8:33:62:0f:4f:97:9f:1a:74:e5:a5:fe:46:
                    ec:af:47:1e:fb:69:18:9b:02:6f:04:32:c5:c3:21:
                    0e:53:3d:61:f8:58:de:d4:24:6a:21:e6:9f:91:9f:
                    c0:53:29:7d:71:aa:68:ef:0c:8d:0d:91:fd:57:6b:
                    4f:2e:16:a4:ec:76:52:f9:c4:ee:30:05:6a:87:ef:
                    90:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:DB:DB:D1:98:C6:8A:D2:3C:9E:63:BA:9F:EE:3C:AC:0E:A5:30:B4
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/5dvb0ZjGitI8nmO6n-48rA6lMLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         89:45:38:dc:82:78:ca:8e:f8:71:ff:f7:4b:f7:d1:9d:85:1c:
         79:a7:a5:f7:28:00:b5:a1:fe:73:fa:88:34:15:51:c5:4d:ff:
         fa:62:37:b1:f8:bb:56:27:77:d5:aa:b2:d0:91:7d:1e:6a:b8:
         55:11:13:99:41:cb:4d:c9:65:87:6e:6c:8c:20:26:f5:b5:fe:
         fd:2d:e1:df:70:f6:04:7a:d9:8f:e4:93:2d:2e:25:10:1b:c1:
         30:fe:35:12:60:5d:3e:ab:a9:9d:2c:25:71:41:cc:c4:cc:da:
         6c:c9:00:fb:c2:4d:ee:96:ab:d7:d4:3e:59:4c:2c:ee:29:84:
         5b:91:b1:04:22:58:47:77:c6:53:ed:18:94:76:c6:01:52:a7:
         c0:bc:06:bf:36:c5:16:9d:42:44:a8:a7:98:e3:0f:ab:77:87:
         77:ee:ee:ca:6f:69:c8:b3:d8:e1:ad:d7:34:11:a5:1b:60:46:
         0d:b2:40:ac:8c:f0:29:76:75:40:65:4e:1e:30:d5:05:a0:5b:
         4b:43:f1:ea:27:f2:88:67:20:c0:67:b2:34:ca:80:96:04:a0:
         27:7a:4c:56:0d:e7:dc:c3:ae:5f:4e:36:2a:5d:41:a7:5d:90:
         fc:08:52:89:9a:b0:3f:c1:8a:20:a1:c8:f7:79:9a:23:c3:44:
         15:2e:58:19
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYb4rw5m+6kspwMumC0tOrbRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzE5MDcwNDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWRiZGJkMTk4YzY4YWQyM2M5ZTYzYmE5ZmVlM2NhYzBlYTUzMGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2fn+RL4JMoifvUFRtWvdh2vdrzc
rj+nENrvZ0756az71O5ylgQsMoHoigH3CkxxdzHdJj32ULBJe1FeYo6gEmkADBkk
iAEPciFXAhtZ53RoXiFbgs1epuKeLKJT8E8p78TrPbOkYIEJ73sRd35Xkv42r20U
Oq+LJzwPnR/TZkW4a2/+848/XkyN18HVbUXhDUuOVWz9ncmsofseMdlLPt0vvuX9
lHg+V1z1Q8+jYrvm57TdidgzYg9Pl58adOWl/kbsr0ce+2kYmwJvBDLFwyEOUz1h
+Fje1CRqIeafkZ/AUyl9capo7wyNDZH9V2tPLhak7HZS+cTuMAVqh++QPQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOXb29GYxorSPJ5jup/uPKwOpTC0MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNWR2YjBaakdpdEk4bm1PNm4tNDhyQTZsTUxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIlFONyCeMqO+HH/90v3
0Z2FHHmnpfcoALWh/nP6iDQVUcVN//piN7H4u1Ynd9WqstCRfR5quFURE5lBy03J
ZYdubIwgJvW1/v0t4d9w9gR62Y/kky0uJRAbwTD+NRJgXT6rqZ0sJXFBzMTM2mzJ
APvCTe6Wq9fUPllMLO4phFuRsQQiWEd3xlPtGJR2xgFSp8C8Br82xRadQkSop5jj
D6t3h3fu7spvaciz2OGt1zQRpRtgRg2yQKyM8Cl2dUBlTh4w1QWgW0tD8eon8ohn
IMBnsjTKgJYEoCd6TFYN59zDrl9ONipdQaddkPwIUomasD/BiiChyPd5miPDRBUu
WBk=
-----END CERTIFICATE-----