Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/6Atgw8a_HNfx8383aqJxjfP1t4c.roa
File:                     6Atgw8a_HNfx8383aqJxjfP1t4c.roa (raw, json)
Hash identifier:          +vjwwEMGe+XQxuxib7CJ1jlMdjy0vfgyMBTfeltPB0Q=
Subject key identifier:   E8:0B:60:C3:C6:BF:1C:D7:F1:F3:7F:37:6A:A2:71:8D:F3:F5:B7:87
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01874C662254BF0479198FCF7F29D820EF66
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/6Atgw8a_HNfx8383aqJxjfP1t4c.roa
Signing time:             Tue 04 Apr 2023 13:12:54 +0000
ROA not before:           Tue 04 Apr 2023 13:12:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:4c:66:22:54:bf:04:79:19:8f:cf:7f:29:d8:20:ef:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  4 13:12:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e80b60c3c6bf1cd7f1f37f376aa2718df3f5b787
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:17:82:a9:f2:35:e9:43:38:9e:ee:39:dd:64:
                    e4:a2:61:e4:00:69:6e:d5:a5:8d:ba:c1:6a:b9:85:
                    d9:7d:6e:88:eb:8c:e3:16:12:d6:12:fb:eb:ca:cd:
                    68:a6:f9:6d:d5:ca:f5:07:a3:fa:d8:0d:60:b1:d9:
                    4b:e6:50:cc:f4:1e:3f:dd:d6:67:71:99:ea:d9:99:
                    0f:de:27:8f:77:ae:af:89:60:b6:9a:7a:c4:97:63:
                    0d:66:75:d7:25:31:5f:78:84:41:65:34:3f:b4:bb:
                    98:7f:49:3d:42:45:f9:fb:86:f0:b2:76:c3:05:42:
                    4f:71:d5:22:b7:9a:a4:42:00:3a:8a:b1:b1:f7:b0:
                    b1:6a:cc:f0:b5:d5:ee:63:3e:36:5f:1f:ae:cf:8a:
                    dd:a6:f3:31:27:5b:e7:6d:70:1c:09:dd:8f:7c:4e:
                    30:bd:6d:ac:28:8e:84:6e:c0:b2:66:87:98:fe:65:
                    44:3e:ce:0e:df:09:31:2c:be:e2:e6:58:7e:b8:1e:
                    dc:fb:ef:f1:33:d7:01:a7:23:44:00:c9:cb:39:14:
                    ab:4e:6c:fb:11:59:ce:b9:ec:90:e6:f0:ea:59:f5:
                    ae:a1:8a:9e:6f:29:01:48:0d:d4:fa:26:87:dd:30:
                    9c:3c:a3:10:1b:bb:69:ee:02:24:91:2f:ef:f8:ef:
                    bb:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:0B:60:C3:C6:BF:1C:D7:F1:F3:7F:37:6A:A2:71:8D:F3:F5:B7:87
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/6Atgw8a_HNfx8383aqJxjfP1t4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         08:2b:be:0d:a1:71:a1:42:68:77:9b:9a:45:ce:b5:7d:8c:a1:
         4f:08:07:d8:9d:00:21:95:3b:01:7d:b0:c6:28:dd:80:d2:e5:
         0a:3c:76:49:d3:a5:c4:1c:6a:a8:eb:45:f2:85:3d:8d:6a:ca:
         36:64:c8:e0:17:a9:df:c6:53:dc:b3:13:d8:e0:8c:49:10:37:
         72:d1:04:06:25:f9:5a:27:0a:ff:aa:f5:38:0c:cb:97:61:36:
         c6:03:0a:aa:d4:cc:cc:1d:2c:2d:73:3e:94:09:0e:9b:87:f7:
         c7:81:61:32:f4:e4:81:f8:5c:37:b4:a9:72:eb:07:15:24:78:
         f6:c1:0b:ca:21:10:58:79:4b:0e:22:b5:a7:16:73:b7:9a:d8:
         9c:e0:18:b0:ab:3f:3d:38:ef:37:61:13:45:ba:dd:e8:9f:d7:
         db:5d:37:2c:1e:8e:db:6a:a7:01:18:06:f1:99:e7:36:00:57:
         6c:40:03:1d:44:4c:f7:38:34:c1:03:22:c9:35:b9:77:91:db:
         39:bd:03:e6:9d:50:da:f4:86:1d:ea:38:0a:5a:c1:d1:2e:e7:
         39:b3:ae:dc:de:6c:93:d3:eb:40:02:c8:dd:85:07:a7:ab:8b:
         11:dc:3c:69:4a:f7:39:01:51:90:c0:bf:fc:f4:68:8a:01:fa:
         3e:ef:15:37
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdMZiJUvwR5GY/PfynYIO9mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDA0MTMxMjU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODBiNjBjM2M2YmYxY2Q3ZjFmMzdmMzc2YWEyNzE4ZGYzZjViNzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1heCqfI16UM4nu453WTkomHkAGlu
1aWNusFquYXZfW6I64zjFhLWEvvrys1opvlt1cr1B6P62A1gsdlL5lDM9B4/3dZn
cZnq2ZkP3iePd66viWC2mnrEl2MNZnXXJTFfeIRBZTQ/tLuYf0k9QkX5+4bwsnbD
BUJPcdUit5qkQgA6irGx97CxaszwtdXuYz42Xx+uz4rdpvMxJ1vnbXAcCd2PfE4w
vW2sKI6EbsCyZoeY/mVEPs4O3wkxLL7i5lh+uB7c++/xM9cBpyNEAMnLORSrTmz7
EVnOueyQ5vDqWfWuoYqebykBSA3U+iaH3TCcPKMQG7tp7gIkkS/v+O+7rwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOgLYMPGvxzX8fN/N2qicY3z9beHMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNkF0Z3c4YV9ITmZ4ODM4M2FxSnhqZlAxdDRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAgrvg2hcaFCaHebmkXO
tX2MoU8IB9idACGVOwF9sMYo3YDS5Qo8dknTpcQcaqjrRfKFPY1qyjZkyOAXqd/G
U9yzE9jgjEkQN3LRBAYl+VonCv+q9TgMy5dhNsYDCqrUzMwdLC1zPpQJDpuH98eB
YTL05IH4XDe0qXLrBxUkePbBC8ohEFh5Sw4itacWc7ea2JzgGLCrPz047zdhE0W6
3eif19tdNywejttqpwEYBvGZ5zYAV2xAAx1ETPc4NMEDIsk1uXeR2zm9A+adUNr0
hh3qOApawdEu5zmzrtzebJPT60ACyN2FB6erixHcPGlK9zkBUZDAv/z0aIoB+j7v
FTc=
-----END CERTIFICATE-----