Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/64XET3mf0JLH3R8aRqAlohetIEI.roa
File:                     64XET3mf0JLH3R8aRqAlohetIEI.roa (raw, json)
Hash identifier:          9q6mUlGlUSnJkLZSj/g4XzjrDwLGlrp/j3YMNMVkTmE=
Subject key identifier:   EB:85:C4:4F:79:9F:D0:92:C7:DD:1F:1A:46:A0:25:A2:17:AD:20:42
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018773DE697EF085F4D466FD9B29616A4604
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/64XET3mf0JLH3R8aRqAlohetIEI.roa
Signing time:             Wed 12 Apr 2023 05:09:28 +0000
ROA not before:           Wed 12 Apr 2023 05:09:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:73:de:69:7e:f0:85:f4:d4:66:fd:9b:29:61:6a:46:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 12 05:09:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=eb85c44f799fd092c7dd1f1a46a025a217ad2042
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:e6:75:61:d9:27:a0:3e:d1:9c:5f:8e:68:d9:
                    e0:2a:03:c3:f5:24:76:fc:5c:86:ab:95:f6:b1:ef:
                    43:48:1c:eb:17:fd:5c:52:a5:54:14:9c:a4:51:8c:
                    2e:2e:76:7c:db:aa:49:ae:2e:21:20:3e:e1:30:67:
                    19:8b:aa:4b:3e:51:c2:a2:9e:87:7f:8b:c2:63:47:
                    fd:b1:50:40:ba:71:04:45:a3:03:a3:b4:16:0e:46:
                    97:e8:d7:6b:be:36:85:2f:02:b8:07:36:8a:21:d4:
                    70:7f:78:e4:7a:a1:86:df:42:b9:2c:86:f8:39:76:
                    07:6f:26:ec:69:d5:79:ec:15:8f:41:b4:e9:cb:16:
                    79:d1:c5:3d:d1:1e:56:40:61:d1:f1:64:8a:ab:fa:
                    17:9e:bd:e0:f6:92:24:fa:07:06:c5:b3:12:ce:b3:
                    7c:ec:74:49:44:6c:38:39:ce:d8:19:41:bd:76:91:
                    14:d2:64:7c:ea:0f:c7:85:65:1e:c3:4f:d5:00:05:
                    ec:f1:19:7b:b7:dc:54:b5:b3:4e:89:38:b1:a6:86:
                    b6:82:63:78:d1:8e:0e:c2:d8:d2:74:40:8c:70:2c:
                    eb:53:08:f2:7f:ba:68:8d:42:78:2f:4a:22:3a:95:
                    d7:a4:4c:88:9d:c1:cf:08:56:78:1b:20:2d:84:50:
                    d4:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:85:C4:4F:79:9F:D0:92:C7:DD:1F:1A:46:A0:25:A2:17:AD:20:42
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/64XET3mf0JLH3R8aRqAlohetIEI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:20:2a:c4:df:a2:5d:1e:76:3f:57:b6:4e:49:ea:07:f6:82:
         7c:2d:6e:3c:62:db:bb:52:ad:c4:c9:e8:af:b9:39:7c:7d:44:
         3f:65:cc:36:51:ef:8c:6f:ea:a4:2c:09:a8:67:73:aa:63:05:
         7e:00:ce:51:1e:ce:87:63:c1:cb:c2:1c:1e:2d:7c:19:66:37:
         61:aa:fb:3e:fb:29:6c:a9:9b:bf:bb:6d:71:cd:16:4a:7b:ce:
         88:01:2b:be:b0:bb:3d:29:66:eb:5c:4b:fe:c3:28:bb:14:34:
         3d:2f:08:b1:36:0c:b6:06:fb:c0:0a:59:4f:9b:c8:b5:a0:9c:
         94:2b:bf:ba:17:5c:77:17:2a:79:10:62:67:4b:56:98:48:b9:
         48:aa:c8:fb:da:f6:a3:9a:a4:5a:67:fc:39:86:dc:ee:b9:05:
         17:69:ca:24:b8:11:4f:e8:27:54:32:29:2c:8e:77:eb:85:8e:
         e5:a9:b7:05:a1:80:1c:31:6f:e1:46:2f:7e:1f:5b:ec:36:49:
         ec:ae:27:cf:9a:8d:70:76:17:72:4e:f1:46:29:f5:0f:0b:67:
         18:5d:69:51:db:8f:ff:6c:4a:6e:44:f4:b5:21:19:39:30:28:
         30:c6:c6:9d:15:d0:61:16:dd:af:7c:8b:91:a7:03:a7:12:73:
         de:ba:e4:5c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdz3ml+8IX01Gb9mylhakYEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDEyMDUwOTI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjg1YzQ0Zjc5OWZkMDkyYzdkZDFmMWE0NmEwMjVhMjE3YWQyMDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqeZ1YdknoD7RnF+OaNngKgPD9SR2
/FyGq5X2se9DSBzrF/1cUqVUFJykUYwuLnZ826pJri4hID7hMGcZi6pLPlHCop6H
f4vCY0f9sVBAunEERaMDo7QWDkaX6NdrvjaFLwK4BzaKIdRwf3jkeqGG30K5LIb4
OXYHbybsadV57BWPQbTpyxZ50cU90R5WQGHR8WSKq/oXnr3g9pIk+gcGxbMSzrN8
7HRJRGw4Oc7YGUG9dpEU0mR86g/HhWUew0/VAAXs8Rl7t9xUtbNOiTixpoa2gmN4
0Y4OwtjSdECMcCzrUwjyf7pojUJ4L0oiOpXXpEyIncHPCFZ4GyAthFDUdQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOuFxE95n9CSx90fGkagJaIXrSBCMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNjRYRVQzbWYwSkxIM1I4YVJxQWxvaGV0SUVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHwgKsTfol0edj9Xtk5J
6gf2gnwtbjxi27tSrcTJ6K+5OXx9RD9lzDZR74xv6qQsCahnc6pjBX4AzlEezodj
wcvCHB4tfBlmN2Gq+z77KWypm7+7bXHNFkp7zogBK76wuz0pZutcS/7DKLsUND0v
CLE2DLYG+8AKWU+byLWgnJQrv7oXXHcXKnkQYmdLVphIuUiqyPva9qOapFpn/DmG
3O65BRdpyiS4EU/oJ1QyKSyOd+uFjuWptwWhgBwxb+FGL34fW+w2SeyuJ8+ajXB2
F3JO8UYp9Q8LZxhdaVHbj/9sSm5E9LUhGTkwKDDGxp0V0GEW3a98i5GnA6cSc966
5Fw=
-----END CERTIFICATE-----