Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/BWtPkmcZXEnsq9zvvLFUBHlpP-g.roa
File:                     BWtPkmcZXEnsq9zvvLFUBHlpP-g.roa (raw, json)
Hash identifier:          /y0xZsRwB5R6vhPcJ3s7cjvlN77Ho2Wt5gtH90qT85M=
Subject key identifier:   05:6B:4F:92:67:19:5C:49:EC:AB:DC:EF:BC:B1:54:04:79:69:3F:E8
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187777FE1039520648C0AE53732B0074B0D
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/BWtPkmcZXEnsq9zvvLFUBHlpP-g.roa
Signing time:             Wed 12 Apr 2023 22:04:42 +0000
ROA not before:           Wed 12 Apr 2023 22:04:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:187:777f:6b5e/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:77:7f:e1:03:95:20:64:8c:0a:e5:37:32:b0:07:4b:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 12 22:04:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=056b4f9267195c49ecabdcefbcb1540479693fe8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:80:30:fa:9d:78:70:b1:4b:92:25:37:25:fd:
                    59:53:79:c2:e4:9b:52:54:71:b8:8e:48:1c:29:11:
                    df:aa:34:79:b0:4a:66:a1:ea:f6:93:08:b3:d7:3d:
                    89:49:e1:73:0a:8e:6c:8d:14:b0:37:15:b5:94:9e:
                    34:7f:cd:d3:7e:3b:a0:47:4e:66:35:9a:30:b1:13:
                    96:3d:41:92:be:69:63:4c:5c:3e:b5:ff:d8:ad:5a:
                    00:73:77:f7:58:85:5f:b8:5f:17:3a:4c:95:b6:f9:
                    c7:a2:46:c6:f6:b3:fe:70:cc:f5:ca:db:f1:68:58:
                    2a:ca:96:17:58:98:bc:5f:68:12:bf:82:47:9a:bc:
                    32:f9:77:27:83:03:cd:3a:5d:ec:54:e4:f4:88:da:
                    92:96:d2:2f:b8:5c:07:b5:0f:f3:07:69:f3:dc:ef:
                    ca:11:54:a4:46:db:a3:01:8c:b3:23:0d:35:c8:07:
                    46:87:0d:6d:39:f0:28:30:f3:24:de:5f:45:86:bc:
                    1c:ba:b9:d0:8b:ea:10:16:d1:0f:10:95:07:b4:ea:
                    27:52:67:7c:6f:99:3d:a2:b4:bf:b7:7e:aa:f6:06:
                    06:6a:d7:6a:ca:bb:bd:32:3c:04:72:50:27:9c:fc:
                    4c:79:9e:ca:ff:43:0c:39:ff:67:83:f8:7f:b6:29:
                    37:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:6B:4F:92:67:19:5C:49:EC:AB:DC:EF:BC:B1:54:04:79:69:3F:E8
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/BWtPkmcZXEnsq9zvvLFUBHlpP-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         25:5b:f5:1c:b6:53:a1:4c:52:8d:40:97:41:57:c9:27:68:f4:
         00:18:c3:68:e9:75:9e:f2:1a:45:c2:5f:cd:98:54:3e:b6:52:
         2f:ee:46:48:46:95:da:f0:c6:e9:46:ab:a3:67:bf:5f:20:b6:
         bd:80:50:9f:29:cd:ff:93:d0:3c:c5:c6:fd:0b:85:98:9f:3a:
         09:f5:a5:2f:d7:ba:d2:e5:2d:21:d7:55:0e:3b:6d:68:0e:cf:
         fb:75:ee:97:34:e6:81:cb:1d:56:fc:f7:f7:c4:75:8e:24:15:
         d2:6e:ac:87:84:4c:fc:de:a9:76:ff:6c:fb:bd:e5:4d:e0:e7:
         c0:32:18:19:82:1d:5d:87:16:fa:70:ee:aa:3d:f6:9c:8e:d8:
         ad:e5:d7:3f:80:1d:20:14:08:0d:7a:93:4e:8e:9a:49:9b:a4:
         47:3e:f6:5b:d6:ab:ce:e9:1e:8e:5b:e0:84:92:85:f1:a6:6b:
         7d:fa:b6:41:99:52:e2:c4:85:fb:36:6a:19:5a:d8:2e:e1:35:
         15:3d:bf:da:3c:36:0c:3a:2f:1e:72:10:7d:6f:61:04:3d:bb:
         53:15:70:31:00:73:68:bf:f9:48:eb:eb:51:15:50:b9:d5:6c:
         56:64:cb:36:ae:8a:19:87:ed:aa:ec:a7:60:7a:4d:78:5a:45:
         a9:28:86:39
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYd3f+EDlSBkjArlNzKwB0sNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDEyMjIwNDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTZiNGY5MjY3MTk1YzQ5ZWNhYmRjZWZiY2IxNTQwNDc5NjkzZmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYAw+p14cLFLkiU3Jf1ZU3nC5JtS
VHG4jkgcKRHfqjR5sEpmoer2kwiz1z2JSeFzCo5sjRSwNxW1lJ40f83TfjugR05m
NZowsROWPUGSvmljTFw+tf/YrVoAc3f3WIVfuF8XOkyVtvnHokbG9rP+cMz1ytvx
aFgqypYXWJi8X2gSv4JHmrwy+XcngwPNOl3sVOT0iNqSltIvuFwHtQ/zB2nz3O/K
EVSkRtujAYyzIw01yAdGhw1tOfAoMPMk3l9FhrwcurnQi+oQFtEPEJUHtOonUmd8
b5k9orS/t36q9gYGatdqyru9MjwEclAnnPxMeZ7K/0MMOf9ng/h/tik3HQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAVrT5JnGVxJ7Kvc77yxVAR5aT/oMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQld0UGttY1pYRW5zcTl6dnZMRlVCSGxwUC1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACVb9Ry2U6FMUo1Al0FX
ySdo9AAYw2jpdZ7yGkXCX82YVD62Ui/uRkhGldrwxulGq6Nnv18gtr2AUJ8pzf+T
0DzFxv0LhZifOgn1pS/XutLlLSHXVQ47bWgOz/t17pc05oHLHVb89/fEdY4kFdJu
rIeETPzeqXb/bPu95U3g58AyGBmCHV2HFvpw7qo99pyO2K3l1z+AHSAUCA16k06O
mkmbpEc+9lvWq87pHo5b4ISShfGma336tkGZUuLEhfs2ahla2C7hNRU9v9o8Ngw6
Lx5yEH1vYQQ9u1MVcDEAc2i/+Ujr61EVULnVbFZkyzauihmH7arsp2B6TXhaRako
hjk=
-----END CERTIFICATE-----