Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/8cnSuhotf0R_GiqfO60PS2-yv7s.roa
File:                     8cnSuhotf0R_GiqfO60PS2-yv7s.roa (raw, json)
Hash identifier:          zYquDAe5VAGwhz2+HY4Hdvnes/mlGrPbwWMjpJBOPPE=
Subject key identifier:   F1:C9:D2:BA:1A:2D:7F:44:7F:1A:2A:9F:3B:AD:0F:4B:6F:B2:BF:BB
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01873AD25063B68DA096B84F541BC35211BF
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/8cnSuhotf0R_GiqfO60PS2-yv7s.roa
Signing time:             Sat 01 Apr 2023 03:17:54 +0000
ROA not before:           Sat 01 Apr 2023 03:17:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:3a:d2:50:63:b6:8d:a0:96:b8:4f:54:1b:c3:52:11:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  1 03:17:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f1c9d2ba1a2d7f447f1a2a9f3bad0f4b6fb2bfbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:71:ec:d1:7b:1c:6a:85:90:81:cf:58:57:ca:
                    f6:41:95:df:96:c9:11:c5:98:7d:4f:ee:a8:1b:56:
                    8a:ba:a1:c0:f1:8f:2b:f0:80:06:e3:3c:71:bd:fd:
                    8d:5f:e8:71:ad:db:1c:dc:10:87:ad:49:79:17:ef:
                    c3:46:e9:2a:0f:46:42:62:ba:6e:b2:69:fd:4f:87:
                    fd:cb:d5:ea:5f:13:ca:e6:9d:f8:f3:da:06:0b:de:
                    3d:9c:be:1c:3e:34:71:82:46:21:0b:25:8d:97:0a:
                    2e:a9:ad:38:13:3b:fc:d4:a8:ec:e4:78:8d:0d:5f:
                    89:ab:56:e0:9a:96:9b:fb:89:96:5e:46:55:a7:fa:
                    23:74:14:f0:98:ce:12:be:86:8a:93:41:61:ba:89:
                    e7:ff:6c:b2:1d:14:b4:96:7f:d5:90:f7:e3:14:01:
                    f9:12:7a:5e:31:62:ff:9d:87:69:ab:ff:03:3f:d8:
                    02:fb:3c:b2:5d:f4:eb:69:a1:41:db:ae:9f:33:85:
                    b4:06:c6:e2:96:37:0f:4f:0a:ef:66:97:e3:59:97:
                    95:36:85:1d:71:a5:e5:57:65:54:c0:82:0a:6b:ac:
                    0d:6b:99:65:d9:0d:45:32:74:c5:22:04:54:5d:06:
                    18:de:6b:ee:a1:92:bb:8b:fb:e4:fc:84:25:b1:25:
                    4b:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:C9:D2:BA:1A:2D:7F:44:7F:1A:2A:9F:3B:AD:0F:4B:6F:B2:BF:BB
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/8cnSuhotf0R_GiqfO60PS2-yv7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:4a:57:30:d3:29:7c:5b:85:ab:84:41:c9:d4:8d:f0:99:bd:
         a6:aa:34:5b:f8:0a:59:23:76:7a:fe:24:f3:9f:19:69:8d:a7:
         5f:f5:85:2f:8c:42:b1:48:2d:00:d4:71:a8:84:bc:07:ed:fb:
         48:2c:06:86:81:c7:0a:c5:c4:5b:d1:bc:f1:c8:99:a9:2b:5c:
         de:e4:00:e2:2e:c5:5b:bf:7c:b6:05:9b:7d:26:aa:a9:f8:e7:
         e8:33:74:00:6c:1c:8a:72:32:ba:f6:1b:e3:af:d2:16:2d:79:
         78:93:2c:99:19:f0:ad:93:05:00:2c:13:54:f9:6b:50:6d:af:
         f8:00:14:4e:3a:ff:a1:db:96:60:58:61:19:db:54:42:cc:2a:
         28:02:1a:71:dc:35:0a:1d:aa:7b:d1:74:8e:58:fc:4f:79:a1:
         de:11:30:a9:6f:3d:7f:da:ad:8a:f7:8f:ae:17:a6:f5:5c:6f:
         df:09:49:72:91:05:c5:79:36:68:8c:af:95:cf:be:15:4c:64:
         f2:4b:01:96:4a:3a:f1:f1:5c:a3:e6:d3:ed:e3:f2:06:91:32:
         e5:23:f8:33:db:5a:28:8b:44:a4:87:83:eb:3e:41:46:de:97:
         a9:0b:24:bf:e8:88:e9:57:4f:c1:8c:8f:2b:fa:83:81:8d:c0:
         29:b7:d9:fe
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYc60lBjto2glrhPVBvDUhG/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDAxMDMxNzU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWM5ZDJiYTFhMmQ3ZjQ0N2YxYTJhOWYzYmFkMGY0YjZmYjJiZmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArXHs0XscaoWQgc9YV8r2QZXflskR
xZh9T+6oG1aKuqHA8Y8r8IAG4zxxvf2NX+hxrdsc3BCHrUl5F+/DRukqD0ZCYrpu
smn9T4f9y9XqXxPK5p3489oGC949nL4cPjRxgkYhCyWNlwouqa04Ezv81Kjs5HiN
DV+Jq1bgmpab+4mWXkZVp/ojdBTwmM4SvoaKk0Fhuonn/2yyHRS0ln/VkPfjFAH5
EnpeMWL/nYdpq/8DP9gC+zyyXfTraaFB266fM4W0BsbiljcPTwrvZpfjWZeVNoUd
caXlV2VUwIIKa6wNa5ll2Q1FMnTFIgRUXQYY3mvuoZK7i/vk/IQlsSVLHQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPHJ0roaLX9EfxoqnzutD0tvsr+7MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvOGNuU3Vob3RmMFJfR2lxZk82MFBTMi15djdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEtKVzDTKXxbhauEQcnU
jfCZvaaqNFv4Clkjdnr+JPOfGWmNp1/1hS+MQrFILQDUcaiEvAft+0gsBoaBxwrF
xFvRvPHImakrXN7kAOIuxVu/fLYFm30mqqn45+gzdABsHIpyMrr2G+Ov0hYteXiT
LJkZ8K2TBQAsE1T5a1Btr/gAFE46/6HblmBYYRnbVELMKigCGnHcNQodqnvRdI5Y
/E95od4RMKlvPX/arYr3j64XpvVcb98JSXKRBcV5NmiMr5XPvhVMZPJLAZZKOvHx
XKPm0+3j8gaRMuUj+DPbWiiLRKSHg+s+QUbel6kLJL/oiOlXT8GMjyv6g4GNwCm3
2f4=
-----END CERTIFICATE-----