Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/6om3oMPNTI3PTLKcZ242fttHmUY.roa
File:                     6om3oMPNTI3PTLKcZ242fttHmUY.roa (raw, json)
Hash identifier:          avQtnd8stdYK6pqVGwtRxFdYxAx2prpnOxeEJLSPi04=
Subject key identifier:   EA:89:B7:A0:C3:CD:4C:8D:CF:4C:B2:9C:67:6E:36:7E:DB:47:99:46
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018764349F2BF23F8E6E0AF4B6763D231668
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/6om3oMPNTI3PTLKcZ242fttHmUY.roa
Signing time:             Sun 09 Apr 2023 04:09:42 +0000
ROA not before:           Sun 09 Apr 2023 04:09:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:64:34:9f:2b:f2:3f:8e:6e:0a:f4:b6:76:3d:23:16:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  9 04:09:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ea89b7a0c3cd4c8dcf4cb29c676e367edb479946
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:d5:f7:05:ea:b5:70:a9:f2:7a:6a:b2:bd:a2:
                    54:97:4c:d9:f7:a2:ee:e6:ec:a6:35:f7:97:fa:df:
                    72:81:2d:35:f4:c9:4a:87:6b:6f:5d:c0:b7:e0:08:
                    a5:e8:ba:2c:a8:0e:c6:c7:11:c3:d3:73:80:e8:e8:
                    ca:2a:e7:ec:f8:f7:96:11:b1:a2:cf:e2:c3:10:14:
                    e3:82:fb:03:14:65:65:6b:d9:f6:bf:35:9e:2d:21:
                    2a:0c:ef:0d:b0:3d:41:71:40:1d:13:31:2d:c0:76:
                    16:7a:6b:f8:b4:d3:6c:02:55:ce:8a:1a:d5:65:51:
                    d4:96:ee:81:9f:d5:3b:31:bf:98:ad:08:82:b3:a4:
                    b2:c2:b7:53:8b:c0:ee:ca:24:9d:14:0d:36:16:31:
                    37:b4:a7:84:31:3a:b0:db:63:4a:9d:99:ef:5c:99:
                    4a:75:47:60:82:ab:a9:74:b7:c8:47:38:59:6a:c1:
                    64:e6:e7:60:b1:9e:e1:85:eb:b7:35:0f:24:1c:f0:
                    36:c4:1f:6a:49:44:58:cb:13:ad:8f:c9:9b:95:99:
                    f0:05:3b:cd:fb:df:64:36:53:95:5f:8a:c1:06:4c:
                    ba:66:5e:e1:c9:3c:60:09:93:3d:c9:3d:72:21:32:
                    f2:75:c7:a4:4d:f8:81:b2:39:d4:bb:2e:36:52:b1:
                    05:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:89:B7:A0:C3:CD:4C:8D:CF:4C:B2:9C:67:6E:36:7E:DB:47:99:46
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/6om3oMPNTI3PTLKcZ242fttHmUY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         73:c2:4a:6f:cf:84:83:6a:20:35:c0:63:2c:07:44:b7:61:54:
         23:dd:2d:0e:2a:78:ee:55:b7:f1:47:24:dd:9e:8f:ee:1a:6e:
         6e:f9:95:19:66:5f:fd:57:d3:85:db:9a:d8:5b:21:4f:ec:dc:
         81:b5:0e:26:0d:39:86:a4:16:f1:49:db:01:3d:02:97:91:9d:
         2c:a1:14:0e:ac:66:24:53:2b:db:41:04:3e:c4:19:5a:d3:71:
         cd:b0:4b:ca:0e:c5:98:55:26:bb:f4:d7:c3:97:63:1f:9f:58:
         80:26:3b:78:7a:ac:0b:38:53:96:a6:68:80:93:4b:6f:6a:b6:
         4a:cf:91:46:f4:98:f2:a9:f7:01:76:da:b1:e0:9b:07:af:f7:
         9e:24:90:4e:94:d9:84:71:77:14:f6:b9:3f:cb:73:0b:22:79:
         98:01:4f:93:7b:a4:59:ec:a9:6a:34:aa:4b:6c:c2:fb:9a:7d:
         00:5a:ac:94:3e:6b:c9:fb:0d:f5:9d:e9:96:2e:f0:c8:aa:e5:
         95:9e:65:57:ca:53:9f:10:49:26:44:21:d1:c0:60:8b:37:9a:
         31:42:56:cf:74:51:da:da:8e:b7:da:4d:05:e4:8c:f3:eb:2b:
         47:16:f9:ea:b7:db:61:a7:13:6e:f7:7a:3f:25:fe:8a:78:17:
         76:5e:80:99
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdkNJ8r8j+Obgr0tnY9IxZoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDA5MDQwOTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTg5YjdhMGMzY2Q0YzhkY2Y0Y2IyOWM2NzZlMzY3ZWRiNDc5OTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhNX3Beq1cKnyemqyvaJUl0zZ96Lu
5uymNfeX+t9ygS019MlKh2tvXcC34Ail6LosqA7GxxHD03OA6OjKKufs+PeWEbGi
z+LDEBTjgvsDFGVla9n2vzWeLSEqDO8NsD1BcUAdEzEtwHYWemv4tNNsAlXOihrV
ZVHUlu6Bn9U7Mb+YrQiCs6SywrdTi8DuyiSdFA02FjE3tKeEMTqw22NKnZnvXJlK
dUdggqupdLfIRzhZasFk5udgsZ7hheu3NQ8kHPA2xB9qSURYyxOtj8mblZnwBTvN
+99kNlOVX4rBBky6Zl7hyTxgCZM9yT1yITLydcekTfiBsjnUuy42UrEFiwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOqJt6DDzUyNz0yynGduNn7bR5lGMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNm9tM29NUE5USTNQVExLY1oyNDJmdHRIbVVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHPCSm/PhINqIDXAYywH
RLdhVCPdLQ4qeO5Vt/FHJN2ej+4abm75lRlmX/1X04XbmthbIU/s3IG1DiYNOYak
FvFJ2wE9ApeRnSyhFA6sZiRTK9tBBD7EGVrTcc2wS8oOxZhVJrv018OXYx+fWIAm
O3h6rAs4U5amaICTS29qtkrPkUb0mPKp9wF22rHgmwev954kkE6U2YRxdxT2uT/L
cwsieZgBT5N7pFnsqWo0qktswvuafQBarJQ+a8n7DfWd6ZYu8Miq5ZWeZVfKU58Q
SSZEIdHAYIs3mjFCVs90UdrajrfaTQXkjPPrK0cW+eq322GnE273ej8l/op4F3Ze
gJk=
-----END CERTIFICATE-----