Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/A-pULRR12a67v8Y7wEww66oeZPk.roa
File:                     A-pULRR12a67v8Y7wEww66oeZPk.roa (raw, json)
Hash identifier:          8IgPMKUmXMYp5UdeDJs3gXoGyVbvr9TmQWFADSpQVfA=
Subject key identifier:   03:EA:54:2D:14:75:D9:AE:BB:BF:C6:3B:C0:4C:30:EB:AA:1E:64:F9
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01877F0765F0357EBFF6E101296D263F1336
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/A-pULRR12a67v8Y7wEww66oeZPk.roa
Signing time:             Fri 14 Apr 2023 09:10:03 +0000
ROA not before:           Fri 14 Apr 2023 09:10:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:7f:07:65:f0:35:7e:bf:f6:e1:01:29:6d:26:3f:13:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 14 09:10:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=03ea542d1475d9aebbbfc63bc04c30ebaa1e64f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:eb:8a:90:0e:6d:f4:0e:34:51:4c:24:f5:8b:
                    e9:45:f1:f7:09:21:a5:5d:1c:96:74:c5:de:d5:e4:
                    bb:b6:53:fa:dc:89:85:65:b4:69:eb:ef:e0:98:f2:
                    ba:70:46:37:8b:d8:3d:43:a9:b7:49:cd:6c:e8:d4:
                    ea:92:69:41:48:db:8a:a4:60:32:ea:18:7a:be:1b:
                    b7:e6:ca:f8:21:05:fc:90:16:3f:cb:a9:7e:4c:84:
                    0b:d7:ea:bc:af:97:36:de:ad:ac:2d:17:e7:a5:f1:
                    00:59:3c:14:f3:c6:ff:a2:51:ab:97:a5:ad:72:61:
                    de:2a:e4:2e:eb:74:38:93:35:7e:64:78:da:28:b5:
                    7d:b3:50:f5:ed:df:7e:1f:74:9c:75:60:0a:17:94:
                    d2:68:8a:98:16:7e:b3:79:a9:db:67:f2:66:37:de:
                    56:d1:f9:f3:4f:50:cb:11:b5:d1:d1:4e:44:0d:3a:
                    50:20:0e:95:8a:b8:55:24:0e:b4:57:18:08:e3:fd:
                    92:d1:8d:80:7c:7b:18:85:e4:d1:8c:d6:ac:5c:b1:
                    76:6a:21:92:41:68:2f:04:db:d0:54:4d:ea:20:10:
                    91:e4:62:cb:9e:90:f4:9c:3e:0c:70:62:46:1f:ba:
                    0a:fa:2a:4d:27:20:37:9a:51:16:7a:90:f7:f1:53:
                    75:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:EA:54:2D:14:75:D9:AE:BB:BF:C6:3B:C0:4C:30:EB:AA:1E:64:F9
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/A-pULRR12a67v8Y7wEww66oeZPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         b4:92:fa:bf:80:e0:b6:e2:d3:b0:82:d6:9d:ff:71:04:f5:0b:
         33:9a:81:0b:8f:bd:cf:91:3e:98:30:ce:f3:bd:75:e6:7d:6d:
         5b:f5:db:f8:82:cb:e9:d9:f8:fd:a1:8e:99:cd:d8:52:00:12:
         d7:a7:9d:20:76:ec:3d:62:80:6d:87:7b:7e:bf:8e:8e:84:3e:
         1d:42:f6:44:7a:fb:21:55:bf:6f:bb:e0:58:13:77:85:65:de:
         04:07:e7:e4:d9:70:b4:41:0f:9f:07:2b:e0:b6:1f:17:6e:a2:
         df:92:21:25:82:0d:95:87:af:b6:df:02:5f:9f:e3:3b:e1:a3:
         73:b2:5b:63:f7:04:83:73:1c:8f:db:a2:d7:72:71:37:46:7e:
         86:40:34:84:7a:35:6b:4a:5e:6f:21:c7:1c:2a:a3:53:ef:fa:
         4e:7b:ed:89:1c:e0:be:36:15:47:05:77:34:83:5a:3e:70:69:
         bc:be:c4:15:d2:e6:39:88:21:66:3b:7a:54:3d:e8:12:4a:33:
         9b:f0:a7:8a:85:d7:ee:19:a6:bb:1b:48:42:11:95:99:6c:46:
         fe:8c:8f:35:d5:2d:3d:7b:f8:51:52:ca:71:4f:fd:22:25:80:
         2b:9b:1b:8d:30:2e:83:f3:ab:d7:06:94:1c:58:83:08:12:f4:
         4b:54:bd:82
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYd/B2XwNX6/9uEBKW0mPxM2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDE0MDkxMDAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2VhNTQyZDE0NzVkOWFlYmJiZmM2M2JjMDRjMzBlYmFhMWU2NGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjeuKkA5t9A40UUwk9YvpRfH3CSGl
XRyWdMXe1eS7tlP63ImFZbRp6+/gmPK6cEY3i9g9Q6m3Sc1s6NTqkmlBSNuKpGAy
6hh6vhu35sr4IQX8kBY/y6l+TIQL1+q8r5c23q2sLRfnpfEAWTwU88b/olGrl6Wt
cmHeKuQu63Q4kzV+ZHjaKLV9s1D17d9+H3ScdWAKF5TSaIqYFn6zeanbZ/JmN95W
0fnzT1DLEbXR0U5EDTpQIA6VirhVJA60VxgI4/2S0Y2AfHsYheTRjNasXLF2aiGS
QWgvBNvQVE3qIBCR5GLLnpD0nD4McGJGH7oK+ipNJyA3mlEWepD38VN1hQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAPqVC0Uddmuu7/GO8BMMOuqHmT5MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQS1wVUxSUjEyYTY3djhZN3dFd3c2Nm9lWlBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBALSS+r+A4Lbi07CC1p3/
cQT1CzOagQuPvc+RPpgwzvO9deZ9bVv12/iCy+nZ+P2hjpnN2FIAEtennSB27D1i
gG2He36/jo6EPh1C9kR6+yFVv2+74FgTd4Vl3gQH5+TZcLRBD58HK+C2Hxduot+S
ISWCDZWHr7bfAl+f4zvho3OyW2P3BINzHI/botdycTdGfoZANIR6NWtKXm8hxxwq
o1Pv+k577Ykc4L42FUcFdzSDWj5waby+xBXS5jmIIWY7elQ96BJKM5vwp4qF1+4Z
prsbSEIRlZlsRv6MjzXVLT17+FFSynFP/SIlgCubG40wLoPzq9cGlBxYgwgS9EtU
vYI=
-----END CERTIFICATE-----