Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/B3UzS4BX-ifcDWmoppslMYy6Wxw.roa
File:                     B3UzS4BX-ifcDWmoppslMYy6Wxw.roa (raw, json)
Hash identifier:          AFaEnkmbcN+zGiSa27SZ9WKGlRjq3k/mFnHP3oBDtCo=
Subject key identifier:   07:75:33:4B:80:57:FA:27:DC:0D:69:A8:A6:9B:25:31:8C:BA:5B:1C
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187EB66274BF489E50F36BEEAF60FD4321A
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/B3UzS4BX-ifcDWmoppslMYy6Wxw.roa
Signing time:             Fri 05 May 2023 10:12:33 +0000
ROA not before:           Fri 05 May 2023 10:12:33 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:eb:66:27:4b:f4:89:e5:0f:36:be:ea:f6:0f:d4:32:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  5 10:12:33 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0775334b8057fa27dc0d69a8a69b25318cba5b1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:dd:34:4e:9f:17:4a:4e:00:ca:52:01:63:7f:
                    7b:f2:4b:cb:99:2e:7d:b5:b5:7b:5e:c6:c6:61:16:
                    ad:82:ca:60:2e:17:2c:c6:97:0a:0b:58:f7:e0:6a:
                    da:97:81:8d:a2:a1:72:36:a1:9a:14:56:ac:0b:8d:
                    2b:9f:c3:39:b7:df:a4:d1:c3:52:ad:7e:a9:85:a5:
                    c6:4c:80:fb:e3:52:02:a5:dd:91:ee:6e:b4:93:cc:
                    23:d5:ea:b8:98:27:91:f4:87:0b:ac:1d:cf:24:28:
                    e2:a8:b9:96:32:28:7c:52:57:07:98:39:1c:96:8d:
                    12:3a:41:e0:45:5f:10:a9:c2:9a:56:50:9b:d4:65:
                    36:2d:8a:12:6a:bb:c9:f8:67:0c:f6:4a:04:9b:b8:
                    85:cd:d9:d8:90:81:09:0a:5c:6b:8f:44:f9:1e:00:
                    38:f8:b3:83:7a:94:f1:4d:bf:22:5c:45:d4:ce:2a:
                    b1:67:77:e2:fe:81:12:49:84:69:66:87:d1:9a:b2:
                    f8:02:ac:65:6a:97:12:db:53:d3:9f:63:a6:de:dc:
                    36:3b:74:a5:e4:ef:fb:f5:a7:3c:43:8c:5d:d4:ec:
                    df:15:78:81:5c:06:24:63:87:0f:e3:66:db:b2:31:
                    67:f9:ca:ca:b6:23:b7:f2:b0:54:2c:14:f2:07:14:
                    c7:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:75:33:4B:80:57:FA:27:DC:0D:69:A8:A6:9B:25:31:8C:BA:5B:1C
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/B3UzS4BX-ifcDWmoppslMYy6Wxw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         57:e0:0a:1b:8a:a2:78:23:54:74:12:96:e5:53:42:36:ac:82:
         b2:8d:86:d8:a2:af:e4:ad:48:eb:b8:df:5a:20:c6:7b:40:0d:
         13:70:f4:d0:05:d6:01:21:5f:05:22:53:bc:d1:c7:ed:05:af:
         28:d6:56:02:dc:f3:3b:a2:55:30:1a:66:f9:22:df:60:8a:2a:
         bb:66:3d:4c:1d:3b:20:ad:ec:f3:ff:73:73:61:6f:9a:22:3e:
         b8:9f:a7:15:77:fa:7d:cb:11:6a:70:c1:1b:71:73:3b:3f:0e:
         76:db:c8:11:8e:91:6f:2d:e9:72:d3:a6:8f:63:2f:8c:17:0e:
         8d:4f:40:35:b4:ae:1e:45:db:f1:8f:a5:ce:f3:93:1d:18:2e:
         5c:d7:8c:1c:b9:a2:29:d3:b1:56:28:94:89:fb:02:64:05:b8:
         c3:c7:fd:fa:0e:40:9a:76:08:60:db:8e:b9:32:cd:e7:dd:2d:
         04:ae:36:63:4d:65:28:27:11:f7:b6:b4:ee:9d:f2:27:ed:8d:
         1f:43:50:91:c6:82:25:af:12:a6:95:df:12:60:3f:61:c8:38:
         1b:55:a3:3c:93:06:d6:94:92:ab:69:d8:ac:46:26:d3:8d:0f:
         16:72:a7:89:d6:6a:a2:f4:3f:cd:3d:59:3d:8f:97:a8:9c:3f:
         02:0d:15:32
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfrZidL9InlDza+6vYP1DIaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA1MTAxMjMzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzc1MzM0YjgwNTdmYTI3ZGMwZDY5YThhNjliMjUzMThjYmE1YjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqt00Tp8XSk4AylIBY3978kvLmS59
tbV7XsbGYRatgspgLhcsxpcKC1j34Gral4GNoqFyNqGaFFasC40rn8M5t9+k0cNS
rX6phaXGTID741ICpd2R7m60k8wj1eq4mCeR9IcLrB3PJCjiqLmWMih8UlcHmDkc
lo0SOkHgRV8QqcKaVlCb1GU2LYoSarvJ+GcM9koEm7iFzdnYkIEJClxrj0T5HgA4
+LODepTxTb8iXEXUziqxZ3fi/oESSYRpZofRmrL4AqxlapcS21PTn2Om3tw2O3Sl
5O/79ac8Q4xd1OzfFXiBXAYkY4cP42bbsjFn+crKtiO38rBULBTyBxTH2wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAd1M0uAV/on3A1pqKabJTGMulscMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQjNVelM0QlgtaWZjRFdtb3Bwc2xNWXk2V3h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFfgChuKongjVHQSluVT
QjasgrKNhtiir+StSOu431ogxntADRNw9NAF1gEhXwUiU7zRx+0FryjWVgLc8zui
VTAaZvki32CKKrtmPUwdOyCt7PP/c3Nhb5oiPrifpxV3+n3LEWpwwRtxczs/Dnbb
yBGOkW8t6XLTpo9jL4wXDo1PQDW0rh5F2/GPpc7zkx0YLlzXjBy5oinTsVYolIn7
AmQFuMPH/foOQJp2CGDbjrkyzefdLQSuNmNNZSgnEfe2tO6d8iftjR9DUJHGgiWv
EqaV3xJgP2HIOBtVozyTBtaUkqtp2KxGJtONDxZyp4nWaqL0P809WT2Pl6icPwIN
FTI=
-----END CERTIFICATE-----