Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/5zHid8gtSa1G9aQi_Ppia1N32xg.roa
File:                     5zHid8gtSa1G9aQi_Ppia1N32xg.roa (raw, json)
Hash identifier:          U6a4KL2jSa+XDzpn9YYbauQZDGt76JRcrxpefKpNoPs=
Subject key identifier:   E7:31:E2:77:C8:2D:49:AD:46:F5:A4:22:FC:FA:62:6B:53:77:DB:18
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01873CBEDEE49554BD6752D96C014FD00F7A
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/5zHid8gtSa1G9aQi_Ppia1N32xg.roa
Signing time:             Sat 01 Apr 2023 12:15:54 +0000
ROA not before:           Sat 01 Apr 2023 12:15:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:3c:be:de:e4:95:54:bd:67:52:d9:6c:01:4f:d0:0f:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  1 12:15:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e731e277c82d49ad46f5a422fcfa626b5377db18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:bf:75:58:1b:94:73:fc:37:a1:e5:2b:e8:ae:
                    48:19:b0:d7:e0:c6:e7:b9:84:2b:75:eb:be:d6:59:
                    2c:fe:b9:f9:89:1e:09:2b:41:89:f2:9b:5c:11:56:
                    4b:57:a4:3a:5c:33:54:66:93:37:24:7e:1d:b9:dd:
                    97:eb:86:62:c8:ac:1c:96:b4:36:72:f2:c9:b0:21:
                    0a:34:8d:77:ef:fc:59:12:af:1e:b0:8e:a4:4c:d1:
                    cb:a4:f2:29:94:2e:f7:b2:9d:9d:fb:7f:ac:cb:d2:
                    22:35:6f:6c:3e:5a:8d:52:5f:d0:48:61:32:2e:13:
                    04:42:89:13:6a:bd:70:a6:62:97:fd:51:31:35:fb:
                    9b:6c:a7:4d:62:66:79:e9:a7:bb:66:f7:f9:bb:36:
                    ee:ea:5e:3a:ac:9a:55:18:13:a9:b3:db:ee:18:b5:
                    c4:a1:5d:e9:65:6e:6f:c5:44:f5:9f:2b:c4:f3:d5:
                    33:d7:45:85:40:b8:c3:71:46:54:40:9e:7b:94:e0:
                    f1:e0:00:a5:b2:fe:c2:27:13:92:e1:fc:07:eb:22:
                    7a:3c:41:2b:81:d3:7e:e8:ae:1d:4e:a6:69:3a:a6:
                    c8:f2:bb:e3:1d:26:9f:1d:dd:57:53:98:d1:de:8c:
                    9c:59:d3:99:db:1a:cc:b1:84:95:7f:3c:3e:a5:74:
                    45:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:31:E2:77:C8:2D:49:AD:46:F5:A4:22:FC:FA:62:6B:53:77:DB:18
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/5zHid8gtSa1G9aQi_Ppia1N32xg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         9d:d1:59:55:1f:63:36:cc:d0:f0:a6:90:89:af:b0:eb:5d:95:
         95:32:03:29:68:d1:e7:8f:ce:d8:3e:df:a6:d4:fc:30:08:e5:
         b9:fd:43:a5:d4:72:f6:68:96:03:79:eb:a5:6e:76:cc:a9:ee:
         05:83:02:8a:dd:45:d1:49:01:a2:c0:22:46:ea:c2:4a:35:b6:
         af:7e:af:d4:7f:5a:ab:fb:72:db:dc:bf:d5:3f:67:ca:8c:87:
         d7:de:2d:d7:18:7f:f1:69:e4:e5:47:37:a4:d5:48:5c:35:5d:
         42:31:62:64:4a:44:af:8a:ec:0a:a5:8e:4a:30:1d:2d:53:e3:
         f7:33:f8:a3:3a:99:66:4d:26:07:07:81:c2:28:b5:00:42:c5:
         85:97:69:35:f4:75:c1:37:9f:7d:3a:67:d0:b1:8a:80:8a:82:
         9f:46:2a:5e:4f:4e:01:95:8f:89:fe:6c:f9:a2:95:9b:fe:4c:
         07:02:57:5c:1d:35:74:a4:c7:f3:92:1e:6a:ea:a2:d0:90:b7:
         0c:ef:00:82:75:bb:06:2a:1f:3f:94:a1:57:c5:05:62:07:0e:
         5f:97:c8:38:fc:49:57:ec:cb:6b:c2:75:79:bc:02:fa:01:c9:
         68:7c:df:8e:d6:5f:c1:2f:af:3c:cd:5c:e0:5f:a0:d0:ca:6c:
         c2:1e:6c:cf
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYc8vt7klVS9Z1LZbAFP0A96MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDAxMTIxNTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzMxZTI3N2M4MmQ0OWFkNDZmNWE0MjJmY2ZhNjI2YjUzNzdkYjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm791WBuUc/w3oeUr6K5IGbDX4Mbn
uYQrdeu+1lks/rn5iR4JK0GJ8ptcEVZLV6Q6XDNUZpM3JH4dud2X64ZiyKwclrQ2
cvLJsCEKNI137/xZEq8esI6kTNHLpPIplC73sp2d+3+sy9IiNW9sPlqNUl/QSGEy
LhMEQokTar1wpmKX/VExNfubbKdNYmZ56ae7Zvf5uzbu6l46rJpVGBOps9vuGLXE
oV3pZW5vxUT1nyvE89Uz10WFQLjDcUZUQJ57lODx4AClsv7CJxOS4fwH6yJ6PEEr
gdN+6K4dTqZpOqbI8rvjHSafHd1XU5jR3oycWdOZ2xrMsYSVfzw+pXRFAQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOcx4nfILUmtRvWkIvz6YmtTd9sYMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNXpIaWQ4Z3RTYTFHOWFRaV9QcGlhMU4zMnhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJ3RWVUfYzbM0PCmkImv
sOtdlZUyAylo0eePztg+36bU/DAI5bn9Q6XUcvZolgN566Vudsyp7gWDAordRdFJ
AaLAIkbqwko1tq9+r9R/Wqv7ctvcv9U/Z8qMh9feLdcYf/Fp5OVHN6TVSFw1XUIx
YmRKRK+K7AqljkowHS1T4/cz+KM6mWZNJgcHgcIotQBCxYWXaTX0dcE3n306Z9Cx
ioCKgp9GKl5PTgGVj4n+bPmilZv+TAcCV1wdNXSkx/OSHmrqotCQtwzvAIJ1uwYq
Hz+UoVfFBWIHDl+XyDj8SVfsy2vCdXm8AvoByWh8347WX8EvrzzNXOBfoNDKbMIe
bM8=
-----END CERTIFICATE-----