Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/6GY7ZlY7rrsJpNzurG2SJPrDLaQ.roa
File:                     6GY7ZlY7rrsJpNzurG2SJPrDLaQ.roa (raw, json)
Hash identifier:          DnSTs/FgLtfMuTvIed6nZeR0i7b02bH5gzidOLxwK/I=
Subject key identifier:   E8:66:3B:66:56:3B:AE:BB:09:A4:DC:EE:AC:6D:92:24:FA:C3:2D:A4
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187FB44E77195FBC3A5F8699F6E76EF5678
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/6GY7ZlY7rrsJpNzurG2SJPrDLaQ.roa
Signing time:             Mon 08 May 2023 12:10:09 +0000
ROA not before:           Mon 08 May 2023 12:10:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:fb:44:e7:71:95:fb:c3:a5:f8:69:9f:6e:76:ef:56:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  8 12:10:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e8663b66563baebb09a4dceeac6d9224fac32da4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:89:24:be:49:b4:20:e5:93:5f:b6:40:c4:4b:
                    1a:e6:08:49:f1:a8:22:fe:f9:4c:c6:81:76:74:23:
                    43:b1:a6:a6:94:33:b3:0c:9d:07:db:6c:49:00:05:
                    06:49:d9:63:ba:39:2d:77:d4:d9:6a:1f:e3:4d:74:
                    d7:65:be:4c:a3:98:05:60:12:a9:54:c5:e5:04:18:
                    ec:d6:66:50:95:df:95:e8:40:84:84:e0:c5:c7:55:
                    e4:e1:da:f0:51:d7:69:9e:bf:cc:20:7d:2d:eb:f2:
                    dd:13:d1:59:8d:46:80:30:03:5c:08:4a:18:6c:81:
                    af:12:60:45:1c:7e:ce:1c:0b:9d:4f:d4:44:a3:dd:
                    a0:9b:9c:b2:30:20:45:b1:cd:6f:11:01:b6:28:e8:
                    cb:7c:4a:b2:5d:62:1f:de:16:ed:ac:80:e8:58:1c:
                    62:06:2f:c3:4d:46:d1:07:28:87:1c:60:d2:2d:fe:
                    4f:36:b3:5e:4d:20:58:d7:4b:87:17:63:66:4d:7f:
                    5a:b5:44:ee:3a:49:db:c0:ac:16:73:70:e8:4d:5e:
                    30:cc:a7:63:39:a9:c0:16:7b:20:ec:c2:f3:77:b0:
                    f3:04:7f:04:ae:87:89:0a:84:0c:48:f1:f6:f8:bd:
                    a5:d3:c1:1c:ff:33:ab:2d:49:df:c7:db:c0:2f:c9:
                    33:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:66:3B:66:56:3B:AE:BB:09:A4:DC:EE:AC:6D:92:24:FA:C3:2D:A4
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/6GY7ZlY7rrsJpNzurG2SJPrDLaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         66:9f:36:7e:5c:f2:00:58:4e:7d:3a:26:95:25:65:9b:df:3e:
         4d:76:1c:f8:4d:78:43:16:d0:54:d6:19:50:f9:08:5f:43:85:
         02:3f:f5:35:f0:f1:1d:e1:db:0d:95:17:1f:00:b3:d0:79:92:
         ba:bc:f4:a5:2f:3d:28:58:b8:13:a5:31:83:5e:2e:ba:17:3a:
         95:2f:55:bc:ee:2e:ff:9e:0f:74:03:98:c1:a0:9c:af:84:f7:
         54:7b:31:c9:b9:51:47:f0:9f:76:78:d3:d7:fe:0c:84:39:43:
         bf:76:94:c5:40:49:2f:53:41:64:82:84:31:ba:1a:8e:61:90:
         88:08:1e:79:96:74:05:e5:e0:2a:f8:9c:7b:f3:d3:10:89:bb:
         6f:23:35:f4:1e:f0:32:59:45:09:01:17:e1:fe:ef:cf:0d:21:
         b1:38:c9:9a:0e:e3:38:d4:b5:0c:5c:07:f2:67:de:f2:b0:5e:
         7b:bf:31:e9:11:88:9e:76:06:5a:a9:b8:24:fd:1e:63:20:1c:
         b7:fa:2c:b5:eb:a3:07:b3:45:c9:9e:42:92:5d:a3:52:53:77:
         47:ea:b8:80:3c:08:ed:13:a4:8c:e3:5e:58:c0:f0:20:b0:f5:
         63:c8:5b:46:9e:3e:ad:55:5a:0d:47:a7:21:26:8b:f6:92:f2:
         00:3e:67:76
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYf7ROdxlfvDpfhpn25271Z4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA4MTIxMDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODY2M2I2NjU2M2JhZWJiMDlhNGRjZWVhYzZkOTIyNGZhYzMyZGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxYkkvkm0IOWTX7ZAxEsa5ghJ8agi
/vlMxoF2dCNDsaamlDOzDJ0H22xJAAUGSdljujktd9TZah/jTXTXZb5Mo5gFYBKp
VMXlBBjs1mZQld+V6ECEhODFx1Xk4drwUddpnr/MIH0t6/LdE9FZjUaAMANcCEoY
bIGvEmBFHH7OHAudT9REo92gm5yyMCBFsc1vEQG2KOjLfEqyXWIf3hbtrIDoWBxi
Bi/DTUbRByiHHGDSLf5PNrNeTSBY10uHF2NmTX9atUTuOknbwKwWc3DoTV4wzKdj
OanAFnsg7MLzd7DzBH8EroeJCoQMSPH2+L2l08Ec/zOrLUnfx9vAL8kzGwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOhmO2ZWO667CaTc7qxtkiT6wy2kMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNkdZN1psWTdycnNKcE56dXJHMlNKUHJETGFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGafNn5c8gBYTn06JpUl
ZZvfPk12HPhNeEMW0FTWGVD5CF9DhQI/9TXw8R3h2w2VFx8As9B5krq89KUvPShY
uBOlMYNeLroXOpUvVbzuLv+eD3QDmMGgnK+E91R7Mcm5UUfwn3Z409f+DIQ5Q792
lMVASS9TQWSChDG6Go5hkIgIHnmWdAXl4Cr4nHvz0xCJu28jNfQe8DJZRQkBF+H+
788NIbE4yZoO4zjUtQxcB/Jn3vKwXnu/MekRiJ52BlqpuCT9HmMgHLf6LLXrowez
RcmeQpJdo1JTd0fquIA8CO0TpIzjXljA8CCw9WPIW0aePq1VWg1HpyEmi/aS8gA+
Z3Y=
-----END CERTIFICATE-----