Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/B6B76QITFkLIWYEsv95J8x1Gflo.roa
File:                     B6B76QITFkLIWYEsv95J8x1Gflo.roa (raw, json)
Hash identifier:          a1o0amd6QXUN/S1UsCViYzxYO2Pgs0j3sVhihor2GtM=
Subject key identifier:   07:A0:7B:E9:02:13:16:42:C8:59:81:2C:BF:DE:49:F3:1D:46:7E:5A
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01883F807BFB59D374C09BB9D90E2B2DFBF9
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/B6B76QITFkLIWYEsv95J8x1Gflo.roa
Signing time:             Sun 21 May 2023 18:09:24 +0000
ROA not before:           Sun 21 May 2023 18:09:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:3f:80:7b:fb:59:d3:74:c0:9b:b9:d9:0e:2b:2d:fb:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 21 18:09:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=07a07be902131642c859812cbfde49f31d467e5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:a0:cd:50:fd:d9:45:00:86:0d:23:a4:aa:59:
                    f6:65:40:68:59:cf:32:19:89:74:b9:6a:89:d0:c6:
                    d8:9c:a6:d9:d0:dc:b2:9a:e9:1c:10:5d:ac:75:33:
                    11:00:73:d1:53:86:98:c9:0c:29:bc:cf:39:4f:02:
                    1c:f3:e7:31:31:e3:a9:c2:1c:9e:74:1a:42:19:15:
                    fc:d0:ae:10:5f:3a:14:3f:00:7b:39:34:14:59:e2:
                    ed:65:18:0f:a2:5f:4a:27:bf:0d:f8:a5:1a:bb:ce:
                    95:2f:a9:ef:64:b2:cd:a4:88:cc:d1:62:78:11:b9:
                    da:88:0d:37:2d:66:a2:27:24:d2:74:bd:d1:30:e1:
                    26:81:a7:37:cb:08:d3:63:b8:6d:ad:23:58:9f:27:
                    cd:f7:da:ac:d0:cd:02:ba:e7:ef:5d:29:73:db:ee:
                    63:b7:9a:21:99:a7:a4:71:3f:f7:b2:42:3c:b1:97:
                    6a:0a:90:c9:9e:57:9f:4c:b2:06:01:2d:d5:ac:71:
                    d4:41:c5:a7:29:08:2d:10:c9:48:7b:a1:b7:25:21:
                    1c:ab:67:96:85:fa:2a:8c:ce:96:6a:e5:51:ae:78:
                    98:d0:71:b0:2d:00:4b:5b:43:d3:c3:8c:2e:9c:9f:
                    47:11:47:0d:d7:d4:26:3b:e2:be:7f:aa:e7:dc:3b:
                    b5:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:A0:7B:E9:02:13:16:42:C8:59:81:2C:BF:DE:49:F3:1D:46:7E:5A
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/B6B76QITFkLIWYEsv95J8x1Gflo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         8b:75:74:a9:b7:a2:ac:d1:b4:5d:29:02:e3:e2:8e:8e:3e:fc:
         f6:b2:24:e8:0f:32:fd:7f:d6:d4:3a:b7:88:c0:d2:f9:ef:e7:
         19:37:ba:08:b6:8f:9d:55:e5:e4:3a:a9:9f:30:b6:62:e3:8e:
         fb:30:0e:a6:4a:fa:d9:9e:53:59:d7:81:e0:5f:05:41:c6:c7:
         64:c1:61:d5:ca:d5:d7:31:3f:50:9b:b9:2a:53:ad:65:8c:c8:
         52:bb:e7:f6:4d:49:4f:52:ae:be:e4:09:12:4a:1f:4a:b8:f3:
         42:e6:dd:fb:ee:de:6f:ae:67:ec:70:18:5a:84:a6:5a:d5:c6:
         d1:7d:73:80:9a:45:6f:ea:ff:75:88:2a:bb:e9:21:8f:7a:d6:
         e9:5a:68:b8:1b:b8:d2:dd:0b:5c:e4:66:70:b5:af:89:27:87:
         32:10:64:97:b4:82:dc:a9:7c:cb:b7:4c:c4:38:bf:3a:53:91:
         2e:3f:3c:16:43:1c:a7:01:14:13:6d:ae:0c:28:16:93:81:4e:
         d1:e9:1f:b2:e8:e6:e0:d4:76:7c:47:0b:84:ea:8d:1f:0f:6d:
         26:2a:c0:bd:f5:16:6e:ba:b9:e9:3a:32:a5:02:4f:dc:c4:cf:
         23:4b:91:04:b1:82:b6:fc:62:7d:90:46:31:dd:52:f9:8e:b0:
         78:01:03:14
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYg/gHv7WdN0wJu52Q4rLfv5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTIxMTgwOTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2EwN2JlOTAyMTMxNjQyYzg1OTgxMmNiZmRlNDlmMzFkNDY3ZTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6DNUP3ZRQCGDSOkqln2ZUBoWc8y
GYl0uWqJ0MbYnKbZ0NyymukcEF2sdTMRAHPRU4aYyQwpvM85TwIc8+cxMeOpwhye
dBpCGRX80K4QXzoUPwB7OTQUWeLtZRgPol9KJ78N+KUau86VL6nvZLLNpIjM0WJ4
EbnaiA03LWaiJyTSdL3RMOEmgac3ywjTY7htrSNYnyfN99qs0M0CuufvXSlz2+5j
t5ohmaekcT/3skI8sZdqCpDJnlefTLIGAS3VrHHUQcWnKQgtEMlIe6G3JSEcq2eW
hfoqjM6WauVRrniY0HGwLQBLW0PTw4wunJ9HEUcN19QmO+K+f6rn3Du1ywIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAege+kCExZCyFmBLL/eSfMdRn5aMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQjZCNzZRSVRGa0xJV1lFc3Y5NUo4eDFHZmxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIt1dKm3oqzRtF0pAuPi
jo4+/PayJOgPMv1/1tQ6t4jA0vnv5xk3ugi2j51V5eQ6qZ8wtmLjjvswDqZK+tme
U1nXgeBfBUHGx2TBYdXK1dcxP1CbuSpTrWWMyFK75/ZNSU9Srr7kCRJKH0q480Lm
3fvu3m+uZ+xwGFqEplrVxtF9c4CaRW/q/3WIKrvpIY961ulaaLgbuNLdC1zkZnC1
r4knhzIQZJe0gtypfMu3TMQ4vzpTkS4/PBZDHKcBFBNtrgwoFpOBTtHpH7Lo5uDU
dnxHC4TqjR8PbSYqwL31Fm66uek6MqUCT9zEzyNLkQSxgrb8Yn2QRjHdUvmOsHgB
AxQ=
-----END CERTIFICATE-----