Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/6ajTYFK7MgJQMPkLz7LebKeTwuo.roa
File:                     6ajTYFK7MgJQMPkLz7LebKeTwuo.roa (raw, json)
Hash identifier:          j/XwThKKkAa+RUgzMq9MIZzli4EUQMmMBKrCF5GTIEc=
Subject key identifier:   E9:A8:D3:60:52:BB:32:02:50:30:F9:0B:CF:B2:DE:6C:A7:93:C2:EA
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187A6844EBA902B699DA1FEC249B6A307E7
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/6ajTYFK7MgJQMPkLz7LebKeTwuo.roa
Signing time:             Sat 22 Apr 2023 01:11:41 +0000
ROA not before:           Sat 22 Apr 2023 01:11:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:a6:84:4e:ba:90:2b:69:9d:a1:fe:c2:49:b6:a3:07:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 22 01:11:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e9a8d36052bb32025030f90bcfb2de6ca793c2ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:41:8c:dc:3e:e2:39:71:a7:87:d9:3b:09:1d:
                    ef:b5:ff:b7:73:31:98:c4:0f:c6:55:48:07:74:7c:
                    16:42:53:64:57:9c:24:7a:f2:05:29:a7:a1:f6:a5:
                    ef:1f:0f:d0:aa:45:33:b9:68:b3:8c:59:a4:18:cd:
                    ac:13:ec:51:ff:23:23:82:3a:4a:6f:d9:33:80:1a:
                    09:7f:d3:38:4b:68:d1:0f:14:59:d6:3b:40:d9:91:
                    78:26:34:51:d8:97:0e:ce:75:68:6b:e9:8a:60:bc:
                    5b:26:a1:bf:e7:da:54:f1:ee:a9:1c:c1:8f:2a:ae:
                    6f:69:37:b4:fd:63:88:38:0f:89:6b:46:68:6f:0d:
                    32:f1:d6:4c:2d:10:af:aa:f8:d2:0f:13:9b:60:ee:
                    a1:42:c7:18:5c:1c:4f:6b:2d:2d:c0:46:a5:da:b6:
                    72:3e:c6:18:73:08:b3:12:4f:d3:62:85:26:10:61:
                    72:e6:c8:21:38:df:9c:cb:74:ea:72:68:cf:7d:0c:
                    d4:d4:31:6c:26:01:4a:fa:16:ab:0c:76:e0:36:81:
                    10:7a:39:2b:43:66:c1:89:6b:cb:b6:a8:fb:d9:b2:
                    39:3c:0b:62:77:b2:0c:fd:26:9b:54:d4:14:4f:19:
                    10:a1:e3:dd:60:ac:9d:9f:09:b6:b9:6c:82:12:25:
                    91:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:A8:D3:60:52:BB:32:02:50:30:F9:0B:CF:B2:DE:6C:A7:93:C2:EA
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/6ajTYFK7MgJQMPkLz7LebKeTwuo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         77:d3:36:34:be:92:15:0c:7a:19:75:6f:a2:50:dd:49:4e:62:
         22:1c:99:34:bb:ff:31:3f:ed:14:5e:72:95:88:09:8a:83:f0:
         1c:fe:94:ce:94:f2:8e:66:8a:a7:73:fb:69:e4:f8:f8:ba:bb:
         72:91:b2:ad:9a:f5:90:c6:26:b1:f5:41:b5:6f:04:d9:af:0c:
         91:c7:00:15:09:04:ac:6e:8d:e4:90:79:3e:e8:24:27:e3:39:
         03:af:db:58:68:2f:14:f2:9f:9c:00:d1:35:45:35:f0:50:cf:
         1d:1c:23:6d:89:3d:00:fc:51:05:f8:8c:1c:c2:07:3e:b7:5c:
         55:bf:3b:f1:a4:11:a6:42:9c:9d:54:f2:b6:7a:70:f8:f6:76:
         53:2d:25:40:32:39:16:1c:4c:d1:f4:80:a8:cb:02:8c:63:d8:
         a4:ed:01:40:f1:f0:74:49:db:1b:32:47:55:65:b6:ef:99:b0:
         23:2b:46:4d:46:d4:0a:8e:4e:63:1d:86:3c:eb:2d:fb:bd:c1:
         82:3b:f7:d5:d9:63:0d:b7:ce:bb:0b:32:3e:fb:de:ab:d6:fe:
         fc:ed:c8:61:6e:b8:59:46:0a:54:a6:3c:c8:54:73:c8:cc:4e:
         d6:ad:11:44:57:eb:cd:0d:01:60:b8:0a:1f:8c:80:e1:be:a7:
         80:d4:62:52
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYemhE66kCtpnaH+wkm2owfnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDIyMDExMTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWE4ZDM2MDUyYmIzMjAyNTAzMGY5MGJjZmIyZGU2Y2E3OTNjMmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgUGM3D7iOXGnh9k7CR3vtf+3czGY
xA/GVUgHdHwWQlNkV5wkevIFKaeh9qXvHw/QqkUzuWizjFmkGM2sE+xR/yMjgjpK
b9kzgBoJf9M4S2jRDxRZ1jtA2ZF4JjRR2JcOznVoa+mKYLxbJqG/59pU8e6pHMGP
Kq5vaTe0/WOIOA+Ja0Zobw0y8dZMLRCvqvjSDxObYO6hQscYXBxPay0twEal2rZy
PsYYcwizEk/TYoUmEGFy5sghON+cy3TqcmjPfQzU1DFsJgFK+harDHbgNoEQejkr
Q2bBiWvLtqj72bI5PAtid7IM/SabVNQUTxkQoePdYKydnwm2uWyCEiWRvQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOmo02BSuzICUDD5C8+y3mynk8LqMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNmFqVFlGSzdNZ0pRTVBrTHo3TGViS2VUd3VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHfTNjS+khUMehl1b6JQ
3UlOYiIcmTS7/zE/7RRecpWICYqD8Bz+lM6U8o5miqdz+2nk+Pi6u3KRsq2a9ZDG
JrH1QbVvBNmvDJHHABUJBKxujeSQeT7oJCfjOQOv21hoLxTyn5wA0TVFNfBQzx0c
I22JPQD8UQX4jBzCBz63XFW/O/GkEaZCnJ1U8rZ6cPj2dlMtJUAyORYcTNH0gKjL
Aoxj2KTtAUDx8HRJ2xsyR1Vltu+ZsCMrRk1G1AqOTmMdhjzrLfu9wYI799XZYw23
zrsLMj773qvW/vztyGFuuFlGClSmPMhUc8jMTtatEURX680NAWC4Ch+MgOG+p4DU
YlI=
-----END CERTIFICATE-----