Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/6gaGW4oIvDjukcdONUra6-KA8M8.roa
File:                     6gaGW4oIvDjukcdONUra6-KA8M8.roa (raw, json)
Hash identifier:          07sEzFQbhr9Bs9/xKep/6nqP8PkITNLOqk0iyPe+b+g=
Subject key identifier:   EA:06:86:5B:8A:08:BC:38:EE:91:C7:4E:35:4A:DA:EB:E2:80:F0:CF
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187DDDE8F942DCFA0B6D988AEF00CAF96ED
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/6gaGW4oIvDjukcdONUra6-KA8M8.roa
Signing time:             Tue 02 May 2023 19:09:23 +0000
ROA not before:           Tue 02 May 2023 19:09:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:dd:de:8f:94:2d:cf:a0:b6:d9:88:ae:f0:0c:af:96:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  2 19:09:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ea06865b8a08bc38ee91c74e354adaebe280f0cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:b4:76:4c:bc:6a:f5:a7:ec:ee:8a:3a:75:fd:
                    bc:44:bc:96:4d:8d:5a:68:4d:3f:15:6f:b6:a2:83:
                    6a:66:ad:f1:e5:9e:55:de:55:37:d6:ef:e3:1d:17:
                    b3:e5:77:c2:4e:a2:fc:96:bc:63:34:80:e4:c9:fe:
                    a8:bf:1d:9d:86:dd:8a:cb:03:f6:21:c8:44:27:98:
                    1f:3b:be:ba:b1:db:ae:18:02:fc:3f:75:98:7a:39:
                    5d:52:90:a1:87:aa:7d:01:0b:88:d0:5a:a4:cb:e6:
                    e7:45:a2:28:6e:40:b2:4e:f9:ff:db:c8:1c:73:d2:
                    cc:97:29:21:64:0d:e8:af:42:30:e0:4d:a6:4a:cc:
                    d9:cf:9b:3b:63:f7:f8:cb:31:d3:a9:34:82:21:fc:
                    d3:67:6d:bf:bf:74:5d:36:18:13:9b:ea:cb:d9:f2:
                    6d:fb:79:ef:c4:53:1b:3e:92:d3:78:93:f5:11:08:
                    5f:db:e2:2e:8b:89:f6:50:73:25:e8:57:c9:ad:8b:
                    de:5a:a1:a6:9a:8b:ad:84:d9:16:77:a1:8e:cb:97:
                    7e:63:af:17:99:0f:da:9a:bf:5a:3e:47:a9:0e:f5:
                    7e:54:90:fa:f3:a8:34:64:44:b7:d9:ec:3d:11:d3:
                    2f:2d:d1:cb:a7:dc:62:92:7f:5e:2e:b4:f0:b5:06:
                    fc:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:06:86:5B:8A:08:BC:38:EE:91:C7:4E:35:4A:DA:EB:E2:80:F0:CF
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/6gaGW4oIvDjukcdONUra6-KA8M8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         3a:fd:ae:2e:21:e0:6e:c1:d0:dd:3b:89:f4:88:c8:38:80:f8:
         6a:26:ea:db:b3:8d:8d:f4:ed:9b:cb:da:21:fa:90:a1:f0:11:
         e6:88:d2:9d:62:36:9a:22:c5:d0:8e:75:be:52:b0:55:66:e8:
         ba:62:e5:a2:9d:bf:51:b4:dd:92:47:df:44:c2:7c:b9:d2:7d:
         53:14:c1:60:63:3a:9f:78:fe:2e:18:c8:e5:33:e2:9b:4e:74:
         79:b3:52:eb:5b:82:b3:14:ff:49:c0:14:e4:42:ba:d9:2f:fc:
         8d:82:b8:2f:b1:3a:b5:d9:80:ad:ce:db:69:9f:a9:76:48:ae:
         bd:2e:5f:38:0c:c2:85:e2:1b:4e:13:df:96:95:8b:4d:9b:3c:
         36:64:cd:ff:33:9c:f4:81:94:af:68:fd:4a:29:b7:dd:7e:f8:
         20:33:3d:fc:0d:c1:75:03:11:16:c8:3b:03:17:a5:e8:7f:7a:
         5d:76:5c:36:a7:52:90:73:cf:5d:6b:35:f1:b0:83:49:02:c4:
         bf:5c:b8:b6:22:52:e2:2d:7e:f6:43:ec:6e:59:ff:3f:ca:1c:
         85:4a:c8:db:a5:cd:06:f9:3f:49:6b:f5:38:17:31:d9:4a:6e:
         6a:a7:ac:82:f7:54:91:4a:3a:50:af:92:a2:4f:bf:f3:88:c8:
         70:33:1b:96
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfd3o+ULc+gttmIrvAMr5btMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTAyMTkwOTIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTA2ODY1YjhhMDhiYzM4ZWU5MWM3NGUzNTRhZGFlYmUyODBmMGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi7R2TLxq9afs7oo6df28RLyWTY1a
aE0/FW+2ooNqZq3x5Z5V3lU31u/jHRez5XfCTqL8lrxjNIDkyf6ovx2dht2KywP2
IchEJ5gfO766sduuGAL8P3WYejldUpChh6p9AQuI0Fqky+bnRaIobkCyTvn/28gc
c9LMlykhZA3or0Iw4E2mSszZz5s7Y/f4yzHTqTSCIfzTZ22/v3RdNhgTm+rL2fJt
+3nvxFMbPpLTeJP1EQhf2+Iui4n2UHMl6FfJrYveWqGmmouthNkWd6GOy5d+Y68X
mQ/amr9aPkepDvV+VJD686g0ZES32ew9EdMvLdHLp9xikn9eLrTwtQb8wwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOoGhluKCLw47pHHTjVK2uvigPDPMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNmdhR1c0b0l2RGp1a2NkT05VcmE2LUtBOE04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADr9ri4h4G7B0N07ifSI
yDiA+Gom6tuzjY307ZvL2iH6kKHwEeaI0p1iNpoixdCOdb5SsFVm6Lpi5aKdv1G0
3ZJH30TCfLnSfVMUwWBjOp94/i4YyOUz4ptOdHmzUutbgrMU/0nAFORCutkv/I2C
uC+xOrXZgK3O22mfqXZIrr0uXzgMwoXiG04T35aVi02bPDZkzf8znPSBlK9o/Uop
t91++CAzPfwNwXUDERbIOwMXpeh/el12XDanUpBzz11rNfGwg0kCxL9cuLYiUuIt
fvZD7G5Z/z/KHIVKyNulzQb5P0lr9TgXMdlKbmqnrIL3VJFKOlCvkqJPv/OIyHAz
G5Y=
-----END CERTIFICATE-----