Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/8Qm9ATWUuoSu1MdgF9RoXhJ6qkw.roa
File:                     8Qm9ATWUuoSu1MdgF9RoXhJ6qkw.roa (raw, json)
Hash identifier:          mBZ1Q60jybfvMWpYbZi7D17V3JFCWGIrVmDPpp5WtUQ=
Subject key identifier:   F1:09:BD:01:35:94:BA:84:AE:D4:C7:60:17:D4:68:5E:12:7A:AA:4C
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187E11689AE9271C50A2A90989C447FCF9B
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/8Qm9ATWUuoSu1MdgF9RoXhJ6qkw.roa
Signing time:             Wed 03 May 2023 10:09:23 +0000
ROA not before:           Wed 03 May 2023 10:09:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:e1:16:89:ae:92:71:c5:0a:2a:90:98:9c:44:7f:cf:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  3 10:09:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f109bd013594ba84aed4c76017d4685e127aaa4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:a4:e4:15:e4:fd:05:bb:89:40:be:be:4a:b5:
                    9f:a1:dc:81:6b:0d:78:11:f1:03:96:63:ce:41:62:
                    6c:61:09:46:0c:51:4e:45:36:09:ce:67:2a:61:83:
                    f2:ec:e2:58:fb:ae:a1:b7:2d:74:05:cb:7e:8d:20:
                    13:2e:91:ad:32:e1:d4:95:f2:cf:96:08:fb:f1:fc:
                    94:c6:a0:31:02:f9:6d:84:e7:90:2f:b4:1e:a6:0c:
                    ce:83:2d:23:7f:f6:15:44:b1:15:7c:0f:b1:d2:e8:
                    ba:2d:50:cb:46:3c:e1:ad:d9:62:19:ba:af:42:75:
                    e6:a3:ec:68:f6:c3:dc:dc:da:99:bf:ad:af:d3:cb:
                    99:6d:97:22:8b:9f:71:cd:2d:59:42:b5:f1:12:19:
                    8d:3b:60:12:c6:a6:dd:f7:c3:ce:74:81:46:07:93:
                    9f:4b:02:7b:f8:69:dc:82:b7:97:aa:7e:2a:b1:3a:
                    d2:b2:c6:81:d2:24:77:f1:a5:b9:c1:9a:8d:5d:f9:
                    07:ee:13:70:a5:92:e5:ba:d5:c5:f5:ae:66:c4:af:
                    1c:e9:44:d9:45:f4:ca:b6:30:fb:d1:78:1f:7b:0f:
                    bc:83:d6:57:0d:2d:8e:48:e4:58:2c:78:12:49:fa:
                    e2:79:7a:62:ca:bf:95:b0:ce:12:2f:a3:bc:b2:5c:
                    db:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:09:BD:01:35:94:BA:84:AE:D4:C7:60:17:D4:68:5E:12:7A:AA:4C
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/8Qm9ATWUuoSu1MdgF9RoXhJ6qkw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         84:a0:87:b1:b9:57:e2:7c:0b:23:d0:01:1c:2a:db:0f:eb:39:
         be:13:36:5a:f5:ae:62:ed:dd:ef:03:f7:0e:4a:b8:7d:4c:dd:
         e2:82:ed:29:07:6e:c8:58:9f:89:cd:86:67:e2:63:36:45:57:
         42:50:6b:e8:bd:eb:6f:b6:f0:fa:32:22:a3:52:ce:ab:1f:c5:
         6f:55:99:54:c0:65:39:43:d8:d4:08:6e:cf:a5:c7:b8:8d:dc:
         f8:84:8c:74:af:0e:c7:c9:32:de:25:a2:93:3e:a0:40:01:db:
         42:2e:01:d9:c0:f3:f4:da:91:56:af:53:0e:67:5e:0e:47:a1:
         54:2c:f0:8a:87:db:ac:3e:51:75:89:3a:94:9a:79:81:da:d7:
         db:5a:55:4e:99:9c:c2:6c:c9:e0:c9:fd:25:06:1a:ac:1d:da:
         98:fb:4d:7c:04:4b:93:0e:b4:6b:79:d9:e7:88:29:e6:2a:b1:
         0c:cc:72:b4:e7:e4:40:cf:75:d8:11:8b:76:c0:69:fd:0e:07:
         83:3d:93:56:23:4e:ef:63:b9:6d:0a:d4:13:53:6c:d2:ef:44:
         91:78:86:f1:7f:f2:3c:aa:aa:27:14:12:07:47:f5:8f:dc:bc:
         4a:ac:72:d1:fc:44:af:e3:e0:fa:bc:11:a5:04:8d:49:c9:10:
         09:51:cf:10
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfhFomuknHFCiqQmJxEf8+bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTAzMTAwOTIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTA5YmQwMTM1OTRiYTg0YWVkNGM3NjAxN2Q0Njg1ZTEyN2FhYTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk6TkFeT9BbuJQL6+SrWfodyBaw14
EfEDlmPOQWJsYQlGDFFORTYJzmcqYYPy7OJY+66hty10Bct+jSATLpGtMuHUlfLP
lgj78fyUxqAxAvlthOeQL7QepgzOgy0jf/YVRLEVfA+x0ui6LVDLRjzhrdliGbqv
QnXmo+xo9sPc3NqZv62v08uZbZcii59xzS1ZQrXxEhmNO2ASxqbd98POdIFGB5Of
SwJ7+GncgreXqn4qsTrSssaB0iR38aW5wZqNXfkH7hNwpZLlutXF9a5mxK8c6UTZ
RfTKtjD70Xgfew+8g9ZXDS2OSORYLHgSSfrieXpiyr+VsM4SL6O8slzbtwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPEJvQE1lLqErtTHYBfUaF4SeqpMMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvOFFtOUFUV1V1b1N1MU1kZ0Y5Um9YaEo2cWt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAISgh7G5V+J8CyPQARwq
2w/rOb4TNlr1rmLt3e8D9w5KuH1M3eKC7SkHbshYn4nNhmfiYzZFV0JQa+i962+2
8PoyIqNSzqsfxW9VmVTAZTlD2NQIbs+lx7iN3PiEjHSvDsfJMt4lopM+oEAB20Iu
AdnA8/TakVavUw5nXg5HoVQs8IqH26w+UXWJOpSaeYHa19taVU6ZnMJsyeDJ/SUG
Gqwd2pj7TXwES5MOtGt52eeIKeYqsQzMcrTn5EDPddgRi3bAaf0OB4M9k1YjTu9j
uW0K1BNTbNLvRJF4hvF/8jyqqicUEgdH9Y/cvEqsctH8RK/j4Pq8EaUEjUnJEAlR
zxA=
-----END CERTIFICATE-----