Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/AJSXH7BfvPyfAlZbMjSSPozJmFo.roa
File:                     AJSXH7BfvPyfAlZbMjSSPozJmFo.roa (raw, json)
Hash identifier:          nx0MtOgqagx1n6iisisZvwHfk6w1SG8vHYP8pyalM/A=
Subject key identifier:   00:94:97:1F:B0:5F:BC:FC:9F:02:56:5B:32:34:92:3E:8C:C9:98:5A
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01894B101325C559A2C3B8F00E44804FAF4C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/AJSXH7BfvPyfAlZbMjSSPozJmFo.roa
Signing time:             Wed 12 Jul 2023 17:04:51 +0000
ROA not before:           Wed 12 Jul 2023 17:04:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:189:4b0f:7ef5/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:4b:10:13:25:c5:59:a2:c3:b8:f0:0e:44:80:4f:af:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 12 17:04:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0094971fb05fbcfc9f02565b3234923e8cc9985a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:c8:3f:02:aa:9d:26:ab:20:21:6c:7c:38:25:
                    15:95:28:ec:56:68:c9:bd:3d:c1:67:52:10:cb:91:
                    05:de:3c:aa:02:a3:51:c3:c9:73:90:14:39:39:de:
                    a7:80:1b:df:ca:3a:7c:df:d5:34:f9:53:c4:dc:e1:
                    cd:00:95:0a:92:5b:c4:9e:a7:b2:6b:d6:dd:f5:03:
                    e6:8e:b8:bc:10:aa:d6:00:d1:43:5f:22:9d:40:3a:
                    80:a8:50:3b:35:03:59:11:4e:ce:a5:39:c0:03:7a:
                    07:94:77:9b:4a:84:e6:cc:82:ce:97:19:c5:c7:3e:
                    2e:ea:89:f6:7b:70:13:38:11:8e:a0:44:1a:69:83:
                    13:a9:bb:d5:92:82:1e:79:23:e7:a9:08:cf:23:e6:
                    22:89:9c:00:a2:c4:56:9a:46:36:1f:24:ea:47:97:
                    57:26:89:f0:5d:fb:a5:41:4a:2a:a6:f8:17:47:33:
                    0c:6f:cf:78:38:eb:2b:5e:49:29:60:d9:09:ea:16:
                    81:8f:16:f1:2c:4c:33:a3:7f:1b:1f:5b:87:b5:29:
                    c7:12:aa:8f:70:af:50:71:25:54:1e:8e:8f:2f:23:
                    29:f7:69:55:af:16:93:09:da:eb:67:77:5b:4d:b0:
                    cf:1b:b3:b1:39:97:3b:51:d7:4e:a5:48:df:52:8a:
                    e7:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:94:97:1F:B0:5F:BC:FC:9F:02:56:5B:32:34:92:3E:8C:C9:98:5A
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/AJSXH7BfvPyfAlZbMjSSPozJmFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         9a:82:a0:9a:d2:bf:bd:36:e0:95:f4:55:5f:e5:d0:b4:62:0d:
         b6:6b:5e:62:1e:95:c3:0d:63:83:83:83:9c:ed:6b:e1:88:60:
         6f:b0:2f:41:a3:30:bc:f7:20:fb:65:f1:f2:2c:5b:64:e2:6f:
         56:55:3c:7a:89:bf:a3:34:9e:4a:fb:a1:00:b4:82:d9:e1:f5:
         5d:f5:2a:35:f5:78:90:d3:2c:b9:f0:db:7f:f6:b7:92:df:8b:
         c9:89:4c:58:28:2f:e9:8c:20:95:3f:99:a4:19:46:69:8b:11:
         86:52:f0:0d:16:b3:57:4d:0e:4a:db:ff:a5:b8:e5:d0:0f:8d:
         af:15:61:0c:da:52:b6:55:d3:dc:6b:47:3d:96:7b:88:96:9f:
         20:33:6b:ea:d1:46:24:69:58:98:9b:54:76:68:7f:42:53:2f:
         6a:77:84:ad:0d:13:ad:61:0d:b1:33:0a:0d:05:e0:64:68:34:
         b0:88:92:d5:93:52:7b:bc:f7:bc:19:b0:e0:4c:7a:6d:70:d6:
         0d:de:c7:cd:6d:b9:16:6d:60:4b:af:15:99:24:88:21:c4:09:
         ee:7a:d5:ec:64:d6:a5:1d:16:48:85:fc:04:66:00:19:91:91:
         c3:4f:c5:f5:d3:d9:cf:58:1c:bb:d2:18:dc:75:83:90:9f:50:
         8a:61:06:de
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlLEBMlxVmiw7jwDkSAT69MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzEyMTcwNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDk0OTcxZmIwNWZiY2ZjOWYwMjU2NWIzMjM0OTIzZThjYzk5ODVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgcg/AqqdJqsgIWx8OCUVlSjsVmjJ
vT3BZ1IQy5EF3jyqAqNRw8lzkBQ5Od6ngBvfyjp839U0+VPE3OHNAJUKklvEnqey
a9bd9QPmjri8EKrWANFDXyKdQDqAqFA7NQNZEU7OpTnAA3oHlHebSoTmzILOlxnF
xz4u6on2e3ATOBGOoEQaaYMTqbvVkoIeeSPnqQjPI+YiiZwAosRWmkY2HyTqR5dX
JonwXfulQUoqpvgXRzMMb894OOsrXkkpYNkJ6haBjxbxLEwzo38bH1uHtSnHEqqP
cK9QcSVUHo6PLyMp92lVrxaTCdrrZ3dbTbDPG7OxOZc7UddOpUjfUornzQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFACUlx+wX7z8nwJWWzI0kj6MyZhaMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQUpTWEg3QmZ2UHlmQWxaYk1qU1NQb3pKbUZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJqCoJrSv7024JX0VV/l
0LRiDbZrXmIelcMNY4ODg5zta+GIYG+wL0GjMLz3IPtl8fIsW2Tib1ZVPHqJv6M0
nkr7oQC0gtnh9V31KjX1eJDTLLnw23/2t5Lfi8mJTFgoL+mMIJU/maQZRmmLEYZS
8A0Ws1dNDkrb/6W45dAPja8VYQzaUrZV09xrRz2We4iWnyAza+rRRiRpWJibVHZo
f0JTL2p3hK0NE61hDbEzCg0F4GRoNLCIktWTUnu897wZsOBMem1w1g3ex81tuRZt
YEuvFZkkiCHECe561exk1qUdFkiF/ARmABmRkcNPxfXT2c9YHLvSGNx1g5CfUIph
Bt4=
-----END CERTIFICATE-----