Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/9x2RXgAXOOaW3yMWpxf1i6pePrA.roa
File:                     9x2RXgAXOOaW3yMWpxf1i6pePrA.roa (raw, json)
Hash identifier:          3fXtfqfsSsu4/EtRDQxx9FI2qp90eecblC/sbqRsGBE=
Subject key identifier:   F7:1D:91:5E:00:17:38:E6:96:DF:23:16:A7:17:F5:8B:AA:5E:3E:B0
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01875A2193164DCE56CDD711CCB23C1F8BD3
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/9x2RXgAXOOaW3yMWpxf1i6pePrA.roa
Signing time:             Fri 07 Apr 2023 05:12:42 +0000
ROA not before:           Fri 07 Apr 2023 05:12:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:5a:21:93:16:4d:ce:56:cd:d7:11:cc:b2:3c:1f:8b:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  7 05:12:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f71d915e001738e696df2316a717f58baa5e3eb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:c6:2c:ca:33:db:90:22:c7:eb:66:85:f5:d9:
                    bd:22:a9:bd:48:91:4d:64:b1:d2:85:c3:cf:4d:7c:
                    56:d4:dd:cc:af:32:d0:96:31:6f:17:d5:bd:35:e3:
                    a3:d4:d9:99:46:91:c5:51:10:db:90:23:04:1d:ce:
                    63:45:48:36:b5:92:21:93:2c:ff:90:0e:54:c2:e5:
                    cf:72:a8:30:a8:6d:4a:90:95:ca:8d:bb:bf:ec:0c:
                    fa:03:7b:a8:26:46:8e:86:e9:ff:bd:ae:cf:83:18:
                    de:5a:35:4d:d5:00:50:e5:11:27:9a:4f:5a:e2:a2:
                    71:1e:73:91:16:22:be:1d:09:5a:08:81:94:f7:fd:
                    02:0d:81:ea:1b:6e:6a:69:35:1c:9b:31:4b:0b:80:
                    ef:af:13:df:c0:83:df:52:a9:e9:51:81:16:3c:eb:
                    89:31:58:f3:16:e5:b2:12:ec:66:90:cf:c9:a2:1c:
                    ad:6a:f3:81:dd:1e:50:a7:e1:c9:89:6a:a6:b0:54:
                    c8:1b:aa:fa:20:2a:4f:5a:63:a2:b6:3c:6b:dc:5b:
                    6e:7d:8d:89:f5:5b:44:42:b3:7d:bc:23:79:6d:78:
                    a2:ff:74:bc:3f:ff:7e:df:79:e6:a5:40:1f:bb:b0:
                    9f:54:9f:96:f4:d1:ff:35:33:6e:9d:7f:f8:06:75:
                    fb:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:1D:91:5E:00:17:38:E6:96:DF:23:16:A7:17:F5:8B:AA:5E:3E:B0
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/9x2RXgAXOOaW3yMWpxf1i6pePrA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:04:73:82:34:f9:c3:cc:9d:4c:49:a2:d4:03:97:73:28:b9:
         0f:b7:0f:6a:76:cd:bb:9d:7d:20:c7:09:d6:79:50:e0:9e:38:
         ae:3b:f5:21:d2:ed:f3:81:0d:5a:18:7e:13:e4:eb:f8:bb:4a:
         db:ab:9f:c5:ee:b9:87:d6:ad:bb:6c:c8:4e:64:01:74:53:74:
         07:68:e9:13:c5:77:cc:fe:e0:cc:8b:f5:de:39:df:51:cc:9b:
         d8:ce:67:78:dc:fe:d3:3d:f5:b0:09:ec:78:99:01:7c:ee:82:
         30:e2:ff:84:91:a8:46:09:b0:76:9e:0e:ce:9c:7d:8e:72:13:
         a3:e2:20:6d:60:fb:0e:f1:4b:b0:e8:57:e0:9b:2c:39:ff:c8:
         00:ca:3c:2a:fb:e1:9f:ef:b3:c8:5e:fd:0a:89:6c:6e:83:56:
         d0:f9:ed:b5:7b:cf:f2:23:46:85:89:b1:1c:1c:bb:56:2f:82:
         f1:1b:fb:a0:aa:b3:07:5c:56:a1:6c:d3:8c:db:d0:84:8f:cf:
         4d:be:77:60:2c:70:1f:bf:8d:d2:05:e5:e0:05:6e:cd:85:a7:
         e1:0d:3f:48:5c:75:fc:62:35:77:fc:c6:86:48:8c:09:60:8a:
         22:89:5a:9d:4c:64:d0:4c:b5:24:65:a5:75:83:ec:ef:27:81:
         fc:c9:f8:d0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdaIZMWTc5WzdcRzLI8H4vTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDA3MDUxMjQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzFkOTE1ZTAwMTczOGU2OTZkZjIzMTZhNzE3ZjU4YmFhNWUzZWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzsYsyjPbkCLH62aF9dm9Iqm9SJFN
ZLHShcPPTXxW1N3MrzLQljFvF9W9NeOj1NmZRpHFURDbkCMEHc5jRUg2tZIhkyz/
kA5UwuXPcqgwqG1KkJXKjbu/7Az6A3uoJkaOhun/va7PgxjeWjVN1QBQ5REnmk9a
4qJxHnORFiK+HQlaCIGU9/0CDYHqG25qaTUcmzFLC4DvrxPfwIPfUqnpUYEWPOuJ
MVjzFuWyEuxmkM/JohytavOB3R5Qp+HJiWqmsFTIG6r6ICpPWmOitjxr3FtufY2J
9VtEQrN9vCN5bXii/3S8P/9+33nmpUAfu7CfVJ+W9NH/NTNunX/4BnX7vQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPcdkV4AFzjmlt8jFqcX9YuqXj6wMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvOXgyUlhnQVhPT2FXM3lNV3B4ZjFpNnBlUHJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACAEc4I0+cPMnUxJotQD
l3MouQ+3D2p2zbudfSDHCdZ5UOCeOK479SHS7fOBDVoYfhPk6/i7Sturn8XuuYfW
rbtsyE5kAXRTdAdo6RPFd8z+4MyL9d4531HMm9jOZ3jc/tM99bAJ7HiZAXzugjDi
/4SRqEYJsHaeDs6cfY5yE6PiIG1g+w7xS7DoV+CbLDn/yADKPCr74Z/vs8he/QqJ
bG6DVtD57bV7z/IjRoWJsRwcu1YvgvEb+6CqswdcVqFs04zb0ISPz02+d2AscB+/
jdIF5eAFbs2Fp+ENP0hcdfxiNXf8xoZIjAlgiiKJWp1MZNBMtSRlpXWD7O8ngfzJ
+NA=
-----END CERTIFICATE-----