Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/A71a3wdyvjKMORMH03umL7QxK-I.roa
File:                     A71a3wdyvjKMORMH03umL7QxK-I.roa (raw, json)
Hash identifier:          2wsjc/gHD/+ioJrnNhbQqdMN2G+hSQxld9+ogLOArW8=
Subject key identifier:   03:BD:5A:DF:07:72:BE:32:8C:39:13:07:D3:7B:A6:2F:B4:31:2B:E2
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01880C0195E65507FF4860256CB8F014E42C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/A71a3wdyvjKMORMH03umL7QxK-I.roa
Signing time:             Thu 11 May 2023 18:10:10 +0000
ROA not before:           Thu 11 May 2023 18:10:10 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:0c:01:95:e6:55:07:ff:48:60:25:6c:b8:f0:14:e4:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 11 18:10:10 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=03bd5adf0772be328c391307d37ba62fb4312be2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:05:c8:72:6f:c0:39:81:78:0f:b8:47:57:c6:
                    f8:25:69:cc:6b:65:5d:ad:0f:d1:d9:32:82:00:c5:
                    9f:c4:5f:fc:2b:a8:e8:ed:86:3c:c3:02:3e:e6:07:
                    c9:8c:a2:98:eb:39:3e:52:b0:a5:42:33:4d:ff:5f:
                    ce:cb:8d:41:e5:2c:e5:05:fb:1e:a4:cb:b0:a3:fc:
                    24:88:e3:aa:06:b2:36:cf:8e:a3:7c:de:9e:13:d8:
                    6e:37:fb:8b:93:eb:8a:b0:cf:d8:44:f8:57:8d:23:
                    ce:07:25:98:2d:cf:a1:05:01:f5:c5:1f:88:d7:0e:
                    f0:d1:4f:5b:b5:d9:57:bc:0b:b5:f2:cc:ed:58:72:
                    f9:31:00:92:04:16:44:fa:4e:f9:8d:23:72:86:d7:
                    08:e3:7c:1b:c1:78:1f:3d:67:4b:ea:93:e2:ac:83:
                    1d:5e:35:ec:bc:39:11:02:8f:79:fd:ed:75:5e:2b:
                    6b:b2:fd:d1:99:f5:82:b4:b6:25:2e:b9:c7:5f:df:
                    d2:d1:36:dd:a5:94:53:7e:e8:f8:79:ec:6f:3c:f1:
                    32:11:b5:e4:6f:fa:cc:00:3a:25:73:a5:9e:77:46:
                    37:e7:a7:00:ed:4f:6b:85:1f:6a:ca:eb:92:57:8a:
                    ff:c1:bd:f8:a1:98:df:1c:62:1c:af:33:44:e5:b6:
                    38:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:BD:5A:DF:07:72:BE:32:8C:39:13:07:D3:7B:A6:2F:B4:31:2B:E2
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/A71a3wdyvjKMORMH03umL7QxK-I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         92:96:65:b2:7d:5d:56:80:3f:eb:49:08:42:7e:e7:e1:1e:a7:
         4c:8b:25:6c:38:e4:9c:09:3d:16:78:47:f9:3d:b5:b9:91:b6:
         53:40:5e:42:0a:10:51:27:90:8f:9f:b1:fb:e5:34:6e:fb:bf:
         5d:9f:33:1a:20:27:fd:52:b8:b9:77:e7:23:5f:56:e1:bd:92:
         73:13:70:ca:25:aa:5f:10:ae:08:ce:1e:7c:12:f7:a2:22:8e:
         68:c4:5b:bc:79:df:75:91:62:48:50:ca:9b:cb:80:48:5e:4e:
         78:f7:7d:96:ac:d3:0e:ca:bf:aa:02:f8:93:d3:08:1a:b0:d8:
         4b:af:49:a5:05:2c:01:3a:c1:cc:d5:22:c2:86:c4:33:8c:46:
         80:49:d2:db:1d:98:6c:ac:51:d6:d7:79:31:88:d9:0c:63:e9:
         f5:ed:bb:68:d9:2a:42:c8:e0:7a:1c:c3:2f:41:1e:f3:29:cd:
         7a:66:96:4e:ad:c1:e7:cb:61:5e:d7:10:2a:99:ab:b2:f4:89:
         54:8c:9c:b6:29:e3:5c:0a:0a:9c:70:a1:65:5a:f6:99:b5:f5:
         05:a7:ef:47:54:ec:18:b9:4d:40:aa:23:9e:bf:16:fa:72:7a:
         90:5b:44:95:53:7b:02:3a:df:c4:44:f1:52:be:de:71:91:44:
         78:97:8d:61
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgMAZXmVQf/SGAlbLjwFOQsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTExMTgxMDEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2JkNWFkZjA3NzJiZTMyOGMzOTEzMDdkMzdiYTYyZmI0MzEyYmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAigXIcm/AOYF4D7hHV8b4JWnMa2Vd
rQ/R2TKCAMWfxF/8K6jo7YY8wwI+5gfJjKKY6zk+UrClQjNN/1/Oy41B5SzlBfse
pMuwo/wkiOOqBrI2z46jfN6eE9huN/uLk+uKsM/YRPhXjSPOByWYLc+hBQH1xR+I
1w7w0U9btdlXvAu18sztWHL5MQCSBBZE+k75jSNyhtcI43wbwXgfPWdL6pPirIMd
XjXsvDkRAo95/e11Xitrsv3RmfWCtLYlLrnHX9/S0TbdpZRTfuj4eexvPPEyEbXk
b/rMADolc6Wed0Y356cA7U9rhR9qyuuSV4r/wb34oZjfHGIcrzNE5bY4oQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAO9Wt8Hcr4yjDkTB9N7pi+0MSviMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQTcxYTN3ZHl2aktNT1JNSDAzdW1MN1F4Sy1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJKWZbJ9XVaAP+tJCEJ+
5+Eep0yLJWw45JwJPRZ4R/k9tbmRtlNAXkIKEFEnkI+fsfvlNG77v12fMxogJ/1S
uLl35yNfVuG9knMTcMolql8QrgjOHnwS96IijmjEW7x533WRYkhQypvLgEheTnj3
fZas0w7Kv6oC+JPTCBqw2EuvSaUFLAE6wczVIsKGxDOMRoBJ0tsdmGysUdbXeTGI
2Qxj6fXtu2jZKkLI4Hocwy9BHvMpzXpmlk6twefLYV7XECqZq7L0iVSMnLYp41wK
CpxwoWVa9pm19QWn70dU7Bi5TUCqI56/FvpyepBbRJVTewI638RE8VK+3nGRRHiX
jWE=
-----END CERTIFICATE-----