Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/6iQKopAYZhFl4bZs5hvAPe_rFMU.roa
File:                     6iQKopAYZhFl4bZs5hvAPe_rFMU.roa (raw, json)
Hash identifier:          37DhsfS8mFMGLHAB35tk3X/XEq2dRCcrrutAhHkfeUQ=
Subject key identifier:   EA:24:0A:A2:90:18:66:11:65:E1:B6:6C:E6:1B:C0:3D:EF:EB:14:C5
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186DDA66205E1A5071DD8A2433D20AD6B8D
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/6iQKopAYZhFl4bZs5hvAPe_rFMU.roa
Signing time:             Tue 14 Mar 2023 01:05:14 +0000
ROA not before:           Tue 14 Mar 2023 01:05:14 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:dda5:9bad/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:dd:a6:62:05:e1:a5:07:1d:d8:a2:43:3d:20:ad:6b:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 14 01:05:14 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ea240aa29018661165e1b66ce61bc03defeb14c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:09:f0:29:71:f3:f9:d3:7c:36:ed:da:8a:a4:
                    ff:10:4e:43:ee:e1:bc:aa:01:5b:68:05:fd:65:db:
                    c8:16:dc:f1:60:1a:29:99:d7:d8:bd:ce:0f:23:8b:
                    99:c1:4f:96:80:1f:8f:c5:22:bb:cb:f6:d7:5d:bc:
                    c6:52:2b:26:bf:8a:da:81:5f:32:1e:35:a1:a5:b1:
                    54:12:8f:7f:32:99:60:72:e2:8d:b1:54:7c:af:71:
                    14:b1:25:36:04:8a:f8:a7:dc:93:15:95:76:a4:0f:
                    bf:e1:30:cb:de:04:60:89:c6:14:7c:c7:a0:e6:53:
                    3f:2d:ab:16:62:ce:cb:a3:31:90:b7:c4:0f:54:af:
                    c0:c5:87:95:d1:17:fa:08:fc:41:d1:83:6d:43:32:
                    34:cb:2f:33:82:c3:92:61:45:28:8a:cb:38:af:55:
                    38:ef:6a:30:73:a1:4b:b8:51:3a:49:9d:ca:aa:d2:
                    1e:b9:a0:a8:cd:f6:fa:82:a9:7a:25:ba:88:91:02:
                    22:f0:c2:cc:18:aa:7a:d2:95:2d:74:fa:a7:58:f4:
                    05:19:98:1a:b0:f6:0b:df:b3:62:e9:9c:a2:d0:29:
                    ba:21:a7:0d:f4:26:7c:02:a0:7c:02:40:b0:71:f9:
                    48:f5:2f:7d:ff:da:20:7d:d6:54:81:0b:76:3e:0c:
                    71:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:24:0A:A2:90:18:66:11:65:E1:B6:6C:E6:1B:C0:3D:EF:EB:14:C5
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/6iQKopAYZhFl4bZs5hvAPe_rFMU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         b1:0f:c2:48:cb:0c:12:3e:a0:3c:d9:11:92:a1:d3:c5:fc:39:
         70:6d:09:e1:12:eb:38:90:f3:84:17:ee:01:5f:2c:e4:9a:96:
         8b:f1:80:11:54:56:4f:39:65:25:38:b5:75:1d:b6:15:e3:1e:
         4f:84:8f:20:c3:20:7a:21:84:04:d7:10:49:2b:98:61:43:6f:
         cc:bf:ea:72:e4:af:10:a6:bf:f6:98:62:c3:a3:f8:12:b2:c9:
         25:3c:16:81:06:b9:81:ea:88:49:88:8b:4d:f7:a5:f4:b6:b4:
         76:68:7b:d1:c0:5b:60:e3:ca:3b:39:6d:31:d8:55:06:5f:d1:
         0f:29:8d:0d:16:17:7d:ad:35:6e:19:85:ef:22:e3:d2:83:a0:
         2c:55:0f:4a:c3:d1:4f:b2:55:aa:17:13:79:b6:f5:80:73:2c:
         f2:1c:0c:f3:ca:e0:78:1e:73:13:a8:99:df:e8:0c:25:5e:a3:
         78:7b:b9:a6:97:3a:43:87:69:e6:29:7a:05:92:7d:35:ce:b2:
         aa:f0:94:8e:ea:ff:37:61:bf:20:58:f6:95:d9:c8:90:15:00:
         68:38:85:14:45:5a:e8:26:f1:51:cd:55:d9:b2:d1:28:fc:52:
         93:e6:4a:87:4c:b5:39:f6:66:a4:53:bd:38:6a:8e:1d:55:1e:
         6e:ae:ae:b0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbdpmIF4aUHHdiiQz0grWuNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzE0MDEwNTE0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTI0MGFhMjkwMTg2NjExNjVlMWI2NmNlNjFiYzAzZGVmZWIxNGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjQnwKXHz+dN8Nu3aiqT/EE5D7uG8
qgFbaAX9ZdvIFtzxYBopmdfYvc4PI4uZwU+WgB+PxSK7y/bXXbzGUismv4ragV8y
HjWhpbFUEo9/MplgcuKNsVR8r3EUsSU2BIr4p9yTFZV2pA+/4TDL3gRgicYUfMeg
5lM/LasWYs7LozGQt8QPVK/AxYeV0Rf6CPxB0YNtQzI0yy8zgsOSYUUoiss4r1U4
72owc6FLuFE6SZ3KqtIeuaCozfb6gql6JbqIkQIi8MLMGKp60pUtdPqnWPQFGZga
sPYL37Ni6Zyi0Cm6IacN9CZ8AqB8AkCwcflI9S99/9ogfdZUgQt2PgxxwQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOokCqKQGGYRZeG2bOYbwD3v6xTFMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNmlRS29wQVlaaEZsNGJaczVodkFQZV9yRk1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBALEPwkjLDBI+oDzZEZKh
08X8OXBtCeES6ziQ84QX7gFfLOSalovxgBFUVk85ZSU4tXUdthXjHk+EjyDDIHoh
hATXEEkrmGFDb8y/6nLkrxCmv/aYYsOj+BKyySU8FoEGuYHqiEmIi033pfS2tHZo
e9HAW2Djyjs5bTHYVQZf0Q8pjQ0WF32tNW4Zhe8i49KDoCxVD0rD0U+yVaoXE3m2
9YBzLPIcDPPK4HgecxOomd/oDCVeo3h7uaaXOkOHaeYpegWSfTXOsqrwlI7q/zdh
vyBY9pXZyJAVAGg4hRRFWugm8VHNVdmy0Sj8UpPmSodMtTn2ZqRTvThqjh1VHm6u
rrA=
-----END CERTIFICATE-----