Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/B3vrKZJ4KHP_dbpwrrjGFGPKaHc.roa
File:                     B3vrKZJ4KHP_dbpwrrjGFGPKaHc.roa (raw, json)
Hash identifier:          ppHNc3TFbOn615+O0mKRl4DtR5x3sU1bfgxVpJemcM0=
Subject key identifier:   07:7B:EB:29:92:78:28:73:FF:75:BA:70:AE:B8:C6:14:63:CA:68:77
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018744DC342F5C203DCC2B8D547F736B1071
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/B3vrKZJ4KHP_dbpwrrjGFGPKaHc.roa
Signing time:             Mon 03 Apr 2023 02:04:54 +0000
ROA not before:           Mon 03 Apr 2023 02:04:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:44db:bcce/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:44:dc:34:2f:5c:20:3d:cc:2b:8d:54:7f:73:6b:10:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  3 02:04:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=077beb2992782873ff75ba70aeb8c61463ca6877
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:7b:60:1f:7c:42:1f:38:72:3a:fb:19:44:70:
                    e0:46:8f:30:69:63:7e:da:13:df:09:f6:3e:ba:b5:
                    f7:6b:bc:81:26:0e:d6:13:41:3e:97:9e:d4:a8:6a:
                    ce:df:ed:60:98:eb:b1:6c:74:be:40:aa:b8:1d:99:
                    e3:b1:c4:35:b6:e4:6b:87:b9:6f:08:41:56:da:19:
                    1a:8c:d7:ec:26:f0:88:b6:94:dc:cf:d3:3d:f2:c7:
                    e0:05:49:ff:34:8c:60:49:a5:87:dd:b3:3f:d6:4b:
                    64:64:6c:b7:7f:f0:6a:e3:c0:6f:c9:a7:02:f0:10:
                    65:fd:fa:d0:54:7f:00:31:b1:8f:8c:af:a0:36:f6:
                    4b:8e:56:d5:f9:de:b3:5c:de:52:34:80:41:f7:22:
                    a5:62:ea:ce:93:00:9e:93:24:3b:30:98:f3:ff:ec:
                    4f:65:15:a1:e8:f0:cd:68:4d:30:d1:bf:e0:8f:b3:
                    f5:a8:88:10:ca:ca:b1:20:71:78:0e:d9:63:77:bd:
                    80:6f:b9:7a:d9:52:81:12:0e:61:ce:34:72:1f:56:
                    f9:dd:bf:90:c9:6a:d8:7a:6d:95:46:73:42:d9:50:
                    be:30:7b:73:f2:82:11:d7:67:94:57:95:2f:5e:42:
                    00:f5:43:f7:cc:98:36:53:bc:e7:19:d0:00:5d:e5:
                    00:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:7B:EB:29:92:78:28:73:FF:75:BA:70:AE:B8:C6:14:63:CA:68:77
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/B3vrKZJ4KHP_dbpwrrjGFGPKaHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:50:da:6b:f0:5e:07:65:8b:06:27:7f:87:e8:ab:c2:38:0b:
         1d:55:c1:a5:a3:7d:80:e2:fc:26:ff:bf:53:46:b0:e8:06:4a:
         95:22:c7:aa:25:44:51:6c:00:75:4d:fc:9b:7d:dd:cb:fd:fa:
         49:c2:d8:cc:1f:05:25:00:e1:03:a8:bc:54:e1:3d:23:8c:ca:
         79:d6:eb:20:25:10:28:9b:d4:0c:2e:ce:ac:17:76:09:d3:bc:
         0f:6f:3b:53:5d:4c:6d:e2:8f:93:f6:9c:44:2b:1f:bc:c2:f5:
         0d:5e:f5:02:c9:81:f9:c3:4b:ee:0d:b0:d2:fb:13:3e:4a:b3:
         ee:bd:f1:f8:d4:f1:83:5a:cd:a3:f1:5d:81:e8:9d:56:9b:53:
         0b:ce:c0:61:8a:d9:65:77:56:2f:5e:fd:12:df:18:82:d0:1f:
         5b:92:61:78:e6:36:74:34:66:78:4e:c5:46:bb:29:0b:6d:f8:
         d2:43:f3:db:fc:13:50:d6:75:3a:00:7d:36:1d:4d:75:4a:ae:
         2f:3e:04:97:12:c5:8d:12:26:ce:f5:5e:8c:fe:80:d6:eb:41:
         17:23:28:10:20:17:42:d2:e2:fe:86:07:ed:f1:07:55:96:9b:
         70:be:77:17:75:77:a4:d5:3f:cc:0c:c2:11:de:f5:96:88:c7:
         4b:88:35:a0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdE3DQvXCA9zCuNVH9zaxBxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDAzMDIwNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzdiZWIyOTkyNzgyODczZmY3NWJhNzBhZWI4YzYxNDYzY2E2ODc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhXtgH3xCHzhyOvsZRHDgRo8waWN+
2hPfCfY+urX3a7yBJg7WE0E+l57UqGrO3+1gmOuxbHS+QKq4HZnjscQ1tuRrh7lv
CEFW2hkajNfsJvCItpTcz9M98sfgBUn/NIxgSaWH3bM/1ktkZGy3f/Bq48BvyacC
8BBl/frQVH8AMbGPjK+gNvZLjlbV+d6zXN5SNIBB9yKlYurOkwCekyQ7MJjz/+xP
ZRWh6PDNaE0w0b/gj7P1qIgQysqxIHF4Dtljd72Ab7l62VKBEg5hzjRyH1b53b+Q
yWrYem2VRnNC2VC+MHtz8oIR12eUV5UvXkIA9UP3zJg2U7znGdAAXeUASwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAd76ymSeChz/3W6cK64xhRjymh3MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQjN2cktaSjRLSFBfZGJwd3JyakdGR1BLYUhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAG1Q2mvwXgdliwYnf4fo
q8I4Cx1VwaWjfYDi/Cb/v1NGsOgGSpUix6olRFFsAHVN/Jt93cv9+knC2MwfBSUA
4QOovFThPSOMynnW6yAlECib1AwuzqwXdgnTvA9vO1NdTG3ij5P2nEQrH7zC9Q1e
9QLJgfnDS+4NsNL7Ez5Ks+698fjU8YNazaPxXYHonVabUwvOwGGK2WV3Vi9e/RLf
GILQH1uSYXjmNnQ0ZnhOxUa7KQtt+NJD89v8E1DWdToAfTYdTXVKri8+BJcSxY0S
Js71Xoz+gNbrQRcjKBAgF0LS4v6GB+3xB1WWm3C+dxd1d6TVP8wMwhHe9ZaIx0uI
NaA=
-----END CERTIFICATE-----