Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/BMtzSBJkbBMCCaf3z8zA1d2ot9Y.roa
File:                     BMtzSBJkbBMCCaf3z8zA1d2ot9Y.roa (raw, json)
Hash identifier:          DNyl6MiqeAh5yoq387A9tyRpfi+YByv5JhtPfH7qF7o=
Subject key identifier:   04:CB:73:48:12:64:6C:13:02:09:A7:F7:CF:CC:C0:D5:DD:A8:B7:D6
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01873FEDB0D99DAA98A2854BE35E998A8B6F
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/BMtzSBJkbBMCCaf3z8zA1d2ot9Y.roa
Signing time:             Sun 02 Apr 2023 03:05:54 +0000
ROA not before:           Sun 02 Apr 2023 03:05:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:187:3fed:53b6/128 maxlen: 128
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:3f:ed:b0:d9:9d:aa:98:a2:85:4b:e3:5e:99:8a:8b:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  2 03:05:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=04cb734812646c130209a7f7cfccc0d5dda8b7d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:cb:0f:9e:1a:54:b4:14:1c:85:0f:06:8d:56:
                    57:09:4f:6a:c5:46:58:b0:19:84:cc:3c:f3:c9:5f:
                    96:9a:24:75:05:ef:0f:e5:35:c7:67:91:b0:c0:c9:
                    58:db:c3:ab:cf:50:fc:85:2d:3c:09:ea:5e:65:0d:
                    b9:5a:39:ef:12:8c:f8:bf:6c:fd:81:ae:59:99:e6:
                    9b:fb:17:68:d2:7e:31:09:57:61:db:a0:08:4d:96:
                    9b:f0:cf:34:d0:15:84:6c:ad:1c:1b:d6:d8:ea:02:
                    30:22:0c:ab:d6:41:62:54:cb:32:fd:43:e5:a7:37:
                    c4:67:71:48:5c:3d:7f:c0:dc:4c:5c:80:2f:16:b6:
                    29:30:65:d9:5c:c0:68:4f:23:95:74:91:06:85:16:
                    8a:1b:4b:4b:43:a4:b7:af:57:a1:b5:2a:c3:d9:aa:
                    9d:3a:04:8f:1e:20:05:a7:6f:61:42:3c:bd:aa:26:
                    34:2c:47:c7:f6:b7:0a:32:a5:27:20:4a:96:c2:7d:
                    ab:11:c6:40:58:a2:8b:70:85:c3:ee:08:aa:57:3e:
                    cb:38:94:48:4f:f3:61:74:70:40:33:52:b3:7e:d6:
                    83:bf:68:b7:8b:95:91:35:8d:53:0e:bd:5b:e8:5b:
                    11:02:f7:1e:f5:74:46:88:1a:97:13:95:3e:90:5a:
                    81:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:CB:73:48:12:64:6C:13:02:09:A7:F7:CF:CC:C0:D5:DD:A8:B7:D6
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/BMtzSBJkbBMCCaf3z8zA1d2ot9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         af:26:6b:9c:d6:58:fd:17:60:fd:14:6d:7f:d5:2e:bb:80:c2:
         cd:34:7c:0d:11:30:45:78:c1:f6:1b:ee:e5:93:06:7b:05:0f:
         7e:c9:83:a8:92:c7:c5:4a:9d:b2:7f:43:b2:89:cb:2a:89:34:
         5a:a4:70:c3:90:f3:bd:66:6d:f9:bc:24:c6:7c:8d:b0:93:d1:
         bc:35:50:1d:65:e5:a2:cc:aa:cc:92:c3:23:31:3f:a4:2f:90:
         f2:fc:77:28:1d:2f:6d:19:02:be:e7:c5:4b:28:3e:32:62:00:
         65:56:12:91:2f:12:c5:08:23:ac:da:d2:37:86:0d:77:27:28:
         60:5c:e3:6f:28:39:8a:bf:78:65:15:d5:7b:87:66:5d:11:eb:
         9f:c8:41:b0:97:f5:47:7e:0a:bd:2c:d5:3a:dd:1e:db:6c:ba:
         5e:15:42:16:a1:2a:3d:77:29:e2:e1:05:d2:ec:bc:c4:71:9a:
         57:7f:d7:fa:29:11:41:8b:32:2f:c5:51:66:1b:b5:47:5d:1f:
         2c:9f:5a:4d:54:45:35:9f:82:f1:74:32:10:fc:ae:e3:8e:4c:
         99:9f:4b:5c:bf:a5:e4:55:d6:5b:31:9c:13:d0:fa:66:36:a9:
         39:0b:7c:1a:66:80:c3:75:b3:e9:9c:0f:8c:8e:9a:6d:f1:8c:
         41:96:06:1a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYc/7bDZnaqYooVL416ZiotvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDAyMDMwNTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGNiNzM0ODEyNjQ2YzEzMDIwOWE3ZjdjZmNjYzBkNWRkYThiN2Q2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlcsPnhpUtBQchQ8GjVZXCU9qxUZY
sBmEzDzzyV+WmiR1Be8P5TXHZ5GwwMlY28Orz1D8hS08CepeZQ25WjnvEoz4v2z9
ga5Zmeab+xdo0n4xCVdh26AITZab8M800BWEbK0cG9bY6gIwIgyr1kFiVMsy/UPl
pzfEZ3FIXD1/wNxMXIAvFrYpMGXZXMBoTyOVdJEGhRaKG0tLQ6S3r1ehtSrD2aqd
OgSPHiAFp29hQjy9qiY0LEfH9rcKMqUnIEqWwn2rEcZAWKKLcIXD7giqVz7LOJRI
T/NhdHBAM1KzftaDv2i3i5WRNY1TDr1b6FsRAvce9XRGiBqXE5U+kFqBbwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFATLc0gSZGwTAgmn98/MwNXdqLfWMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQk10elNCSmtiQk1DQ2FmM3o4ekExZDJvdDlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAK8ma5zWWP0XYP0UbX/V
LruAws00fA0RMEV4wfYb7uWTBnsFD37Jg6iSx8VKnbJ/Q7KJyyqJNFqkcMOQ871m
bfm8JMZ8jbCT0bw1UB1l5aLMqsySwyMxP6QvkPL8dygdL20ZAr7nxUsoPjJiAGVW
EpEvEsUII6za0jeGDXcnKGBc428oOYq/eGUV1XuHZl0R65/IQbCX9Ud+Cr0s1Trd
Httsul4VQhahKj13KeLhBdLsvMRxmld/1/opEUGLMi/FUWYbtUddHyyfWk1URTWf
gvF0MhD8ruOOTJmfS1y/peRV1lsxnBPQ+mY2qTkLfBpmgMN1s+mcD4yOmm3xjEGW
Bho=
-----END CERTIFICATE-----