Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/6fS68dZzZa-Pnn8ISLdDDkFye68.roa
File:                     6fS68dZzZa-Pnn8ISLdDDkFye68.roa (raw, json)
Hash identifier:          jkFLPJP+NORQWl0QrVnnCQvu00j8i+wq70mpXgzgSpY=
Subject key identifier:   E9:F4:BA:F1:D6:73:65:AF:8F:9E:7F:08:48:B7:43:0E:41:72:7B:AF
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187955AB1468805E107033FA0FAD571DE1C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/6fS68dZzZa-Pnn8ISLdDDkFye68.roa
Signing time:             Tue 18 Apr 2023 17:12:41 +0000
ROA not before:           Tue 18 Apr 2023 17:12:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:95:5a:b1:46:88:05:e1:07:03:3f:a0:fa:d5:71:de:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 18 17:12:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e9f4baf1d67365af8f9e7f0848b7430e41727baf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d8:5a:2a:33:39:42:2e:72:ba:e4:06:44:e7:
                    9b:ee:03:b9:25:95:b2:97:ce:e1:72:06:ca:43:c7:
                    f8:ba:be:51:e0:9a:73:25:e7:54:a0:41:8c:82:c8:
                    1c:87:5e:6d:d2:91:c4:02:d4:77:3a:db:4c:ea:c7:
                    42:47:d8:be:98:7b:fe:9c:21:b3:3d:0e:ff:af:2e:
                    11:18:cb:14:99:49:3c:f3:c6:59:2f:22:83:1b:a4:
                    d8:3a:b7:54:db:9e:97:df:f3:31:a4:07:27:79:dc:
                    eb:88:8d:ab:58:c5:ab:35:29:b5:c2:4f:df:64:b2:
                    3f:1b:d0:0e:d6:a3:be:5e:6a:c3:23:5a:21:71:fc:
                    3d:3e:0e:65:74:af:c7:ae:59:19:f4:01:74:da:3a:
                    25:97:57:37:06:eb:e1:de:3c:66:fe:9b:4f:d0:81:
                    7e:0e:b9:47:4e:3b:3c:00:8c:02:31:6c:60:19:f4:
                    12:04:9e:6a:f2:58:58:76:f2:41:5c:c3:5a:53:35:
                    41:02:f3:d8:ab:23:71:91:e6:2e:c4:12:9f:62:83:
                    da:99:c8:79:06:26:f9:9b:bf:6a:18:fb:23:b2:91:
                    c6:f9:35:64:be:03:3b:90:03:de:24:35:83:55:66:
                    3b:7c:c5:4d:56:38:7c:63:aa:3b:21:54:d9:de:d1:
                    12:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:F4:BA:F1:D6:73:65:AF:8F:9E:7F:08:48:B7:43:0E:41:72:7B:AF
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/6fS68dZzZa-Pnn8ISLdDDkFye68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         24:9b:1c:82:45:18:bd:27:aa:f0:c7:95:5d:a8:5c:86:10:34:
         44:37:87:46:2c:a6:03:0d:b0:59:fb:de:24:0f:4e:9d:e0:19:
         f7:ef:a5:81:e1:53:59:86:50:2c:b0:23:98:a3:ae:25:33:ef:
         dd:67:84:8a:90:f1:4f:8b:a4:c2:3a:9d:d0:c0:40:fd:92:b8:
         e1:82:3a:06:d7:72:f6:a1:5c:5e:3e:2c:a0:8d:70:bc:25:84:
         bb:82:51:5f:99:bb:4a:0b:af:c1:d9:36:d5:be:a5:e3:00:53:
         f9:e5:78:33:8a:9c:0c:8e:b4:91:64:2d:e3:89:ea:33:9b:b2:
         d6:28:cf:d0:dd:62:44:aa:44:58:95:7e:35:18:42:e0:b7:a6:
         fb:f0:e5:f1:f5:31:ee:65:d7:2c:a8:64:80:6a:ed:71:e8:22:
         03:9d:02:75:29:e4:b4:5b:a2:06:98:d2:2c:5e:26:04:a9:42:
         62:d3:22:ec:c9:12:b2:ae:e0:d2:ed:81:7a:f2:19:2d:a1:ae:
         9c:18:f2:0f:65:97:a7:e7:73:79:00:49:4d:92:39:8a:fc:b0:
         eb:26:76:4a:81:c7:b6:0a:30:20:c6:19:b0:03:07:7d:86:ec:
         7f:c0:17:af:bd:20:25:34:63:db:c4:e1:33:d2:c1:53:39:8a:
         42:ef:ba:a1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYeVWrFGiAXhBwM/oPrVcd4cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDE4MTcxMjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWY0YmFmMWQ2NzM2NWFmOGY5ZTdmMDg0OGI3NDMwZTQxNzI3YmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdhaKjM5Qi5yuuQGROeb7gO5JZWy
l87hcgbKQ8f4ur5R4JpzJedUoEGMgsgch15t0pHEAtR3OttM6sdCR9i+mHv+nCGz
PQ7/ry4RGMsUmUk888ZZLyKDG6TYOrdU256X3/MxpAcnedzriI2rWMWrNSm1wk/f
ZLI/G9AO1qO+XmrDI1ohcfw9Pg5ldK/HrlkZ9AF02joll1c3Buvh3jxm/ptP0IF+
DrlHTjs8AIwCMWxgGfQSBJ5q8lhYdvJBXMNaUzVBAvPYqyNxkeYuxBKfYoPamch5
Bib5m79qGPsjspHG+TVkvgM7kAPeJDWDVWY7fMVNVjh8Y6o7IVTZ3tESXwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOn0uvHWc2Wvj55/CEi3Qw5BcnuvMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNmZTNjhkWnpaYS1Qbm44SVNMZEREa0Z5ZTY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACSbHIJFGL0nqvDHlV2o
XIYQNEQ3h0YspgMNsFn73iQPTp3gGffvpYHhU1mGUCywI5ijriUz791nhIqQ8U+L
pMI6ndDAQP2SuOGCOgbXcvahXF4+LKCNcLwlhLuCUV+Zu0oLr8HZNtW+peMAU/nl
eDOKnAyOtJFkLeOJ6jObstYoz9DdYkSqRFiVfjUYQuC3pvvw5fH1Me5l1yyoZIBq
7XHoIgOdAnUp5LRbogaY0ixeJgSpQmLTIuzJErKu4NLtgXryGS2hrpwY8g9ll6fn
c3kASU2SOYr8sOsmdkqBx7YKMCDGGbADB32G7H/AF6+9ICU0Y9vE4TPSwVM5ikLv
uqE=
-----END CERTIFICATE-----