Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/8iYzQwF1pp3fTIvxZoLdJBQw1uA.roa
File:                     8iYzQwF1pp3fTIvxZoLdJBQw1uA.roa (raw, json)
Hash identifier:          Mld4p61sbMNGUI3rUd6ec8RVlun4ebVPjo+2TXcHCBs=
Subject key identifier:   F2:26:33:43:01:75:A6:9D:DF:4C:8B:F1:66:82:DD:24:14:30:D6:E0
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01877CA9E49F6CD3E4DECCF38CD55CEEA6E5
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/8iYzQwF1pp3fTIvxZoLdJBQw1uA.roa
Signing time:             Thu 13 Apr 2023 22:08:41 +0000
ROA not before:           Thu 13 Apr 2023 22:08:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:7c:a9:e4:9f:6c:d3:e4:de:cc:f3:8c:d5:5c:ee:a6:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 13 22:08:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f22633430175a69ddf4c8bf16682dd241430d6e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:58:39:ed:91:c4:8b:37:bf:0a:90:a8:d9:15:
                    92:30:15:c1:0e:f7:3e:17:47:e3:f1:b7:32:c3:11:
                    11:c1:c2:05:ae:4b:c6:13:30:43:c5:1e:35:14:8c:
                    0e:c8:28:b7:e7:2f:89:47:22:ae:48:41:2d:57:9a:
                    d8:15:08:27:0f:e0:52:51:62:bb:a7:c1:9d:14:c0:
                    3c:6a:0e:67:eb:34:37:d1:5b:9a:f5:ec:8a:02:c7:
                    24:64:1e:a6:c6:6e:0a:a4:ed:1c:60:cb:24:4c:e3:
                    64:f7:dd:51:93:10:b3:a4:b0:a9:d8:41:b9:86:1d:
                    69:ee:a5:24:dc:52:27:be:6b:98:1d:8b:19:cf:a8:
                    39:d4:8e:4b:d0:4c:8f:c8:19:a1:d4:c3:32:41:34:
                    52:a9:cf:97:69:35:d4:eb:3f:73:96:5a:d0:4d:37:
                    f7:92:cb:f2:71:cd:b4:f1:94:de:8b:34:5f:94:78:
                    e3:2a:6b:f7:a8:db:fc:0a:72:95:c4:73:53:2e:66:
                    4b:d8:ce:b2:42:32:21:e7:1e:0e:4b:04:2b:7a:75:
                    45:ac:2a:ac:ab:0a:f5:f5:a2:00:5b:09:73:ee:24:
                    b0:10:91:99:95:ff:da:b9:4a:62:be:4c:61:ed:2c:
                    cb:99:04:11:27:07:ca:43:a5:a3:52:2d:b4:8e:92:
                    68:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:26:33:43:01:75:A6:9D:DF:4C:8B:F1:66:82:DD:24:14:30:D6:E0
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/8iYzQwF1pp3fTIvxZoLdJBQw1uA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         7d:15:e3:f3:c1:71:1f:61:2f:53:ab:c1:d0:f2:4a:c2:47:6c:
         35:66:b3:08:fc:ff:3d:5b:7a:15:2c:00:9d:b5:90:7f:91:68:
         ad:76:d2:86:2d:40:50:01:2e:c8:b8:90:b3:b5:79:59:f1:d8:
         73:82:e6:d7:ac:d0:6d:6a:30:c0:9d:14:2c:1f:df:0d:34:94:
         6a:73:d7:76:08:b3:64:d5:1a:68:f3:45:ae:3a:b2:9a:5f:c1:
         a7:24:bd:ab:2a:f7:1d:91:a0:60:c6:0e:77:88:d4:a5:54:f4:
         4e:1f:87:e3:90:fc:0d:de:a9:67:32:12:e8:aa:a8:41:41:a4:
         d0:00:37:fc:42:ac:2d:88:61:ad:85:07:39:2a:44:06:a7:5c:
         50:3a:79:ef:8d:dd:73:57:e4:f3:23:52:9c:af:2d:cd:cb:7d:
         de:1e:cb:b1:ce:27:a5:31:94:2c:b0:09:4e:b0:72:1b:24:e5:
         52:d8:92:79:b0:3e:74:38:3a:d7:9b:3d:d1:d4:1f:17:04:5c:
         53:29:df:c7:14:e7:83:f5:ce:55:5b:40:20:c6:ef:51:90:8c:
         1f:c7:e4:05:e9:6a:3b:f3:5b:92:64:a0:f5:12:97:ba:97:22:
         d5:6f:a6:07:8b:5f:7c:57:98:14:a5:52:ee:04:64:b9:14:21:
         63:12:28:fd
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYd8qeSfbNPk3szzjNVc7qblMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDEzMjIwODQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjI2MzM0MzAxNzVhNjlkZGY0YzhiZjE2NjgyZGQyNDE0MzBkNmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmFg57ZHEize/CpCo2RWSMBXBDvc+
F0fj8bcywxERwcIFrkvGEzBDxR41FIwOyCi35y+JRyKuSEEtV5rYFQgnD+BSUWK7
p8GdFMA8ag5n6zQ30Vua9eyKAsckZB6mxm4KpO0cYMskTONk991RkxCzpLCp2EG5
hh1p7qUk3FInvmuYHYsZz6g51I5L0EyPyBmh1MMyQTRSqc+XaTXU6z9zllrQTTf3
ksvycc208ZTeizRflHjjKmv3qNv8CnKVxHNTLmZL2M6yQjIh5x4OSwQrenVFrCqs
qwr19aIAWwlz7iSwEJGZlf/auUpivkxh7SzLmQQRJwfKQ6WjUi20jpJo8QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPImM0MBdaad30yL8WaC3SQUMNbgMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvOGlZelF3RjFwcDNmVEl2eFpvTGRKQlF3MXVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAH0V4/PBcR9hL1OrwdDy
SsJHbDVmswj8/z1behUsAJ21kH+RaK120oYtQFABLsi4kLO1eVnx2HOC5tes0G1q
MMCdFCwf3w00lGpz13YIs2TVGmjzRa46sppfwackvasq9x2RoGDGDneI1KVU9E4f
h+OQ/A3eqWcyEuiqqEFBpNAAN/xCrC2IYa2FBzkqRAanXFA6ee+N3XNX5PMjUpyv
Lc3Lfd4ey7HOJ6UxlCywCU6wchsk5VLYknmwPnQ4OtebPdHUHxcEXFMp38cU54P1
zlVbQCDG71GQjB/H5AXpajvzW5JkoPUSl7qXItVvpgeLX3xXmBSlUu4EZLkUIWMS
KP0=
-----END CERTIFICATE-----