Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/60FESxQ4HXu2COB5v8c6okdftuY.roa
File:                     60FESxQ4HXu2COB5v8c6okdftuY.roa (raw, json)
Hash identifier:          md/NgUiPDZT5lqmV9V4POcbgP3+rfrQsRwHLwsnNybU=
Subject key identifier:   EB:41:44:4B:14:38:1D:7B:B6:08:E0:79:BF:C7:3A:A2:47:5F:B6:E6
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01876F27F553F4077E695C7A82AE74918D12
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/60FESxQ4HXu2COB5v8c6okdftuY.roa
Signing time:             Tue 11 Apr 2023 07:11:42 +0000
ROA not before:           Tue 11 Apr 2023 07:11:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:6f:27:f5:53:f4:07:7e:69:5c:7a:82:ae:74:91:8d:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 11 07:11:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=eb41444b14381d7bb608e079bfc73aa2475fb6e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:7f:59:ff:c0:47:83:1d:e5:3f:be:91:68:08:
                    e2:41:23:12:8f:67:2b:d8:80:ed:09:cf:cc:0f:d3:
                    83:6c:1d:6b:0b:ec:8f:e4:24:5b:cb:d6:e5:cd:49:
                    ae:bc:7d:e6:55:47:2f:45:1d:45:61:35:46:d3:e1:
                    a1:11:1a:72:1b:24:39:93:59:f4:9c:90:ef:01:97:
                    e7:60:9e:8a:28:68:dc:49:64:ed:72:5f:f1:7a:44:
                    90:06:c4:ca:74:15:a1:28:26:19:59:38:d6:8b:eb:
                    d0:f6:c6:fa:fc:c8:ed:9d:44:07:39:d5:5d:84:78:
                    15:48:9e:6e:64:2a:56:1b:00:bd:98:6f:39:f4:7e:
                    f8:cc:0c:e3:b5:ea:fc:05:80:17:a4:81:e0:6a:1e:
                    78:bc:fc:0d:d1:cc:60:49:9f:70:34:49:ed:e8:7f:
                    40:55:fc:cb:ab:4d:11:38:df:e8:ad:9b:28:e2:f3:
                    5b:d9:51:99:67:18:17:36:11:3c:66:1f:9a:de:fe:
                    98:ba:ed:aa:21:00:05:3e:c3:da:d7:e8:69:d4:13:
                    2b:f9:9f:d7:ec:33:88:cf:61:dd:ad:0f:d9:8a:ce:
                    21:85:a7:c0:d4:2f:fb:7f:9a:8e:8d:00:19:7c:2b:
                    5f:e5:a8:72:10:4f:6a:a6:a3:d2:3a:ae:50:15:d3:
                    11:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:41:44:4B:14:38:1D:7B:B6:08:E0:79:BF:C7:3A:A2:47:5F:B6:E6
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/60FESxQ4HXu2COB5v8c6okdftuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         78:50:a3:4c:c2:80:b0:d0:54:ff:7d:37:97:27:99:ca:87:60:
         76:00:81:69:62:0d:df:d7:ad:00:79:2a:55:5b:37:74:8a:c4:
         76:14:b7:12:0c:42:c5:28:93:38:b1:4d:11:73:b8:93:30:42:
         de:20:d7:54:b1:7b:2b:26:b0:b3:ff:60:40:37:7b:c1:ce:ee:
         68:9e:6a:08:78:e4:db:cd:ef:5d:5f:e4:cc:66:67:0c:2a:21:
         34:8c:fe:1e:47:97:68:c4:bc:ee:33:e2:06:f4:a6:d4:8e:cc:
         37:e1:2a:d3:ee:5e:55:ae:f4:cf:6e:7d:66:f7:6e:ad:bf:a9:
         99:64:de:24:21:94:cf:44:75:db:24:cd:86:94:17:48:6f:f0:
         77:6b:ec:b0:5b:c0:87:1a:b0:f1:e1:f2:56:0a:8b:93:14:d4:
         2f:59:ee:8c:ab:0b:4d:6b:4b:44:85:ce:cf:48:ca:4c:4e:b0:
         35:bd:bc:8a:52:e7:16:4c:0c:5b:c5:28:48:e8:14:44:17:e6:
         1d:5e:4b:91:e5:7b:c1:1a:87:42:6f:8e:3b:fd:4d:0f:c4:78:
         bf:3b:ce:ea:70:ba:ed:a9:22:78:78:96:cc:b2:68:cf:e0:c0:
         98:89:30:f6:bb:ef:1b:34:0a:f4:46:60:a4:c0:4e:50:ff:76:
         49:b0:b3:f1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdvJ/VT9Ad+aVx6gq50kY0SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDExMDcxMTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjQxNDQ0YjE0MzgxZDdiYjYwOGUwNzliZmM3M2FhMjQ3NWZiNmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhX9Z/8BHgx3lP76RaAjiQSMSj2cr
2IDtCc/MD9ODbB1rC+yP5CRby9blzUmuvH3mVUcvRR1FYTVG0+GhERpyGyQ5k1n0
nJDvAZfnYJ6KKGjcSWTtcl/xekSQBsTKdBWhKCYZWTjWi+vQ9sb6/MjtnUQHOdVd
hHgVSJ5uZCpWGwC9mG859H74zAzjter8BYAXpIHgah54vPwN0cxgSZ9wNEnt6H9A
VfzLq00RON/orZso4vNb2VGZZxgXNhE8Zh+a3v6Yuu2qIQAFPsPa1+hp1BMr+Z/X
7DOIz2HdrQ/Zis4hhafA1C/7f5qOjQAZfCtf5ahyEE9qpqPSOq5QFdMRkQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOtBREsUOB17tgjgeb/HOqJHX7bmMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNjBGRVN4UTRIWHUyQ09CNXY4YzZva2RmdHVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHhQo0zCgLDQVP99N5cn
mcqHYHYAgWliDd/XrQB5KlVbN3SKxHYUtxIMQsUokzixTRFzuJMwQt4g11Sxeysm
sLP/YEA3e8HO7mieagh45NvN711f5MxmZwwqITSM/h5Hl2jEvO4z4gb0ptSOzDfh
KtPuXlWu9M9ufWb3bq2/qZlk3iQhlM9EddskzYaUF0hv8Hdr7LBbwIcasPHh8lYK
i5MU1C9Z7oyrC01rS0SFzs9IykxOsDW9vIpS5xZMDFvFKEjoFEQX5h1eS5Hle8Ea
h0Jvjjv9TQ/EeL87zupwuu2pInh4lsyyaM/gwJiJMPa77xs0CvRGYKTATlD/dkmw
s/E=
-----END CERTIFICATE-----