Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/8nnVn_vvbI0xCLxnsP3rP7E6aMk.roa
File:                     8nnVn_vvbI0xCLxnsP3rP7E6aMk.roa (raw, json)
Hash identifier:          rU/qeaV4XQeQpNKl48pVJDDX3jf/OxI+iXY3CUusYOA=
Subject key identifier:   F2:79:D5:9F:FB:EF:6C:8D:31:08:BC:67:B0:FD:EB:3F:B1:3A:68:C9
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018796DA4C8FDABB1B33F178674F2E9191C7
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/8nnVn_vvbI0xCLxnsP3rP7E6aMk.roa
Signing time:             Wed 19 Apr 2023 00:11:41 +0000
ROA not before:           Wed 19 Apr 2023 00:11:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:96:da:4c:8f:da:bb:1b:33:f1:78:67:4f:2e:91:91:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 19 00:11:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f279d59ffbef6c8d3108bc67b0fdeb3fb13a68c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c2:40:f7:00:21:25:a0:a9:7c:df:ec:d0:23:
                    c3:43:5b:17:71:59:ab:3f:bd:28:82:d6:8a:8c:54:
                    9d:e6:f7:a6:a6:62:4f:05:1f:70:cf:11:ac:da:cb:
                    cb:30:55:c3:a0:b4:ed:d5:9b:1a:f1:6f:d0:ba:0d:
                    03:ff:4f:d1:35:57:71:55:5d:7d:80:6f:9f:ff:e2:
                    4b:7c:1c:57:92:1c:12:8c:ab:fb:6e:00:47:82:cc:
                    57:38:a2:eb:84:a8:c5:4b:5e:3b:f3:ab:eb:2e:9e:
                    5f:cb:0f:b5:ad:51:cd:d2:d5:30:e4:17:ac:9c:b0:
                    7d:b1:82:3e:42:4b:3c:4d:79:ad:62:d8:32:8c:16:
                    20:4c:20:e1:94:45:26:39:f2:03:f6:ff:da:16:a8:
                    e5:c8:33:99:20:2d:aa:01:f0:76:4d:30:66:08:21:
                    54:03:bf:c7:12:d6:b6:18:cf:24:a5:73:27:ce:66:
                    c9:e3:16:8c:2f:e5:3e:2b:59:73:b6:0d:70:1d:38:
                    dd:36:72:ce:ce:e3:93:88:4c:db:b3:b9:06:cb:9b:
                    84:5e:ef:cc:ab:31:a9:21:b3:0e:81:50:03:0e:7a:
                    5e:9d:35:14:b3:c9:39:54:7b:9f:48:d8:fd:df:47:
                    3d:17:2c:a8:77:c0:83:65:92:a2:e0:c7:b8:35:fd:
                    1b:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:79:D5:9F:FB:EF:6C:8D:31:08:BC:67:B0:FD:EB:3F:B1:3A:68:C9
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/8nnVn_vvbI0xCLxnsP3rP7E6aMk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         8b:20:c9:45:fa:7f:04:bd:61:c7:3e:db:49:97:ac:8e:49:3f:
         c3:cd:07:1f:1c:b3:77:5a:fd:f2:d1:24:5b:7d:e5:0d:aa:3c:
         65:c5:2e:75:d6:ce:23:71:2f:a4:c8:3e:e1:b9:b4:3c:46:41:
         6b:ea:a7:64:3b:89:ef:0d:3f:b3:0e:59:c2:de:67:22:71:82:
         8a:dd:9c:e3:3b:29:81:1d:a9:d5:c8:fc:79:3f:0c:cf:7d:22:
         dc:b9:9b:a3:1e:59:db:1f:d0:98:8c:b7:08:49:25:f7:b7:1d:
         93:e4:c8:2a:1e:44:42:ce:2e:ad:e2:82:4d:a4:23:72:36:4f:
         e9:80:c9:a3:15:31:06:5d:9a:44:83:75:d7:1e:1c:b5:9c:ec:
         ff:5a:aa:1e:40:9e:0a:39:78:3b:95:3d:f2:04:e4:4f:65:31:
         d4:00:7c:53:e1:b8:d9:2b:32:d6:f2:0f:58:7c:86:8b:ef:5c:
         e8:f2:5a:96:e9:1c:75:21:58:9b:dc:a9:c4:cd:9c:81:63:df:
         3d:23:91:63:24:13:40:97:11:a9:49:9d:97:69:dc:6b:07:bd:
         72:eb:8e:61:bc:df:2e:90:fd:1f:64:21:e1:7b:dc:8a:ec:1e:
         b9:17:8a:0c:6e:18:27:cb:fe:58:d2:20:e6:6f:44:bd:55:ca:
         42:fa:c0:71
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYeW2kyP2rsbM/F4Z08ukZHHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDE5MDAxMTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjc5ZDU5ZmZiZWY2YzhkMzEwOGJjNjdiMGZkZWIzZmIxM2E2OGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcJA9wAhJaCpfN/s0CPDQ1sXcVmr
P70ogtaKjFSd5vempmJPBR9wzxGs2svLMFXDoLTt1Zsa8W/Qug0D/0/RNVdxVV19
gG+f/+JLfBxXkhwSjKv7bgBHgsxXOKLrhKjFS14786vrLp5fyw+1rVHN0tUw5Bes
nLB9sYI+Qks8TXmtYtgyjBYgTCDhlEUmOfID9v/aFqjlyDOZIC2qAfB2TTBmCCFU
A7/HEta2GM8kpXMnzmbJ4xaML+U+K1lztg1wHTjdNnLOzuOTiEzbs7kGy5uEXu/M
qzGpIbMOgVADDnpenTUUs8k5VHufSNj930c9Fyyod8CDZZKi4Me4Nf0bsQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPJ51Z/772yNMQi8Z7D96z+xOmjJMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvOG5uVm5fdnZiSTB4Q0x4bnNQM3JQN0U2YU1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIsgyUX6fwS9Ycc+20mX
rI5JP8PNBx8cs3da/fLRJFt95Q2qPGXFLnXWziNxL6TIPuG5tDxGQWvqp2Q7ie8N
P7MOWcLeZyJxgordnOM7KYEdqdXI/Hk/DM99Ity5m6MeWdsf0JiMtwhJJfe3HZPk
yCoeRELOLq3igk2kI3I2T+mAyaMVMQZdmkSDddceHLWc7P9aqh5Ango5eDuVPfIE
5E9lMdQAfFPhuNkrMtbyD1h8hovvXOjyWpbpHHUhWJvcqcTNnIFj3z0jkWMkE0CX
EalJnZdp3GsHvXLrjmG83y6Q/R9kIeF73IrsHrkXigxuGCfL/ljSIOZvRL1VykL6
wHE=
-----END CERTIFICATE-----