Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/BWyH3C3JR0CkwLMXWiiTVMjeJLc.roa
File:                     BWyH3C3JR0CkwLMXWiiTVMjeJLc.roa (raw, json)
Hash identifier:          ubAiqZ7Wqfa4yhnS2k7qrljhd5m52gvf20bnCnV4NjE=
Subject key identifier:   05:6C:87:DC:2D:C9:47:40:A4:C0:B3:17:5A:28:93:54:C8:DE:24:B7
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018769CAAAA2BFFE718AF5AA7554BDF15607
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/BWyH3C3JR0CkwLMXWiiTVMjeJLc.roa
Signing time:             Mon 10 Apr 2023 06:11:42 +0000
ROA not before:           Mon 10 Apr 2023 06:11:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:69:ca:aa:a2:bf:fe:71:8a:f5:aa:75:54:bd:f1:56:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 10 06:11:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=056c87dc2dc94740a4c0b3175a289354c8de24b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:a4:26:c7:9b:7e:57:a8:59:44:bb:a7:ed:50:
                    77:a2:32:aa:4a:0f:b4:fe:25:8e:20:dc:91:87:cd:
                    49:3e:5a:0a:30:f8:10:9a:be:8c:7d:1d:03:43:71:
                    03:c2:7c:3c:a8:b9:12:9c:1d:66:31:07:a2:5c:c3:
                    0a:68:9a:f6:19:3a:39:76:92:ae:0a:dc:f0:01:aa:
                    eb:c0:08:d2:dd:84:42:55:28:0e:23:ae:45:b0:ff:
                    ac:b5:8f:01:92:19:b0:5e:44:b9:e7:fa:6a:ad:d2:
                    6b:97:bc:6a:20:dc:3f:63:19:79:fc:8d:a3:ed:44:
                    d2:22:d8:c8:9e:ef:3a:3b:c5:b3:f1:4a:70:df:f2:
                    f1:9c:1d:7c:c5:6c:10:bf:fc:44:40:c1:16:0a:22:
                    8c:21:09:c2:67:14:a6:a2:ff:d0:ee:6e:7c:c2:45:
                    0a:34:3b:d3:3f:24:83:57:41:2e:21:19:0e:70:56:
                    12:67:fd:8e:d5:0f:b0:35:e5:df:78:d3:79:91:79:
                    69:57:70:83:a7:2a:11:b1:97:de:b6:64:ff:a2:d0:
                    27:8f:44:43:f6:5c:81:1f:1d:6c:bd:56:21:21:3c:
                    81:f6:dd:b8:93:b2:5b:6e:29:51:11:cb:af:9e:16:
                    1b:c0:0a:7b:f1:f1:c6:34:c7:02:11:2b:d6:cd:4e:
                    da:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:6C:87:DC:2D:C9:47:40:A4:C0:B3:17:5A:28:93:54:C8:DE:24:B7
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/BWyH3C3JR0CkwLMXWiiTVMjeJLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         08:5d:37:d1:70:c7:1d:d3:60:c2:4d:d9:f4:6a:7c:5b:0b:b7:
         77:a4:a9:a6:fc:ba:a5:a0:21:fc:ab:00:b5:52:bf:84:5d:fc:
         6e:a0:aa:e2:09:93:44:a4:67:31:68:ce:1f:6e:f7:fc:d4:48:
         3f:42:89:bc:13:ab:4e:60:1f:55:d6:5d:bb:b5:8e:8a:6b:fd:
         60:84:57:fd:a4:4b:0c:3f:99:4c:29:3e:7e:38:9a:bf:26:c1:
         91:5a:e5:ad:cb:56:d3:26:dd:b8:5b:cb:52:a9:fb:17:46:64:
         95:98:7b:c5:75:c9:a9:0e:34:cc:22:e2:0f:2e:3e:50:26:8d:
         00:61:2e:21:c8:9d:04:e9:78:b2:7c:14:c3:6a:55:4a:2f:5a:
         0f:e8:46:53:0b:bc:6b:00:bf:b9:14:a4:4c:cf:48:1a:8a:b1:
         e0:5f:5d:4f:95:e3:7d:5a:24:64:dd:c3:0d:fa:30:ec:5e:a0:
         44:07:3e:c6:96:15:c4:33:b5:8a:1f:eb:01:ed:42:f9:7b:e4:
         4c:dd:96:78:01:be:45:92:0b:40:4a:a3:26:23:b6:4e:07:61:
         63:41:c0:24:d5:cb:b3:e2:b7:d1:4c:ca:6c:67:5f:e7:bf:4d:
         54:f0:88:4c:fa:19:2f:ce:40:ea:e8:76:55:9b:93:62:9c:e5:
         ed:d4:45:85
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdpyqqiv/5xivWqdVS98VYHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDEwMDYxMTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTZjODdkYzJkYzk0NzQwYTRjMGIzMTc1YTI4OTM1NGM4ZGUyNGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjKQmx5t+V6hZRLun7VB3ojKqSg+0
/iWOINyRh81JPloKMPgQmr6MfR0DQ3EDwnw8qLkSnB1mMQeiXMMKaJr2GTo5dpKu
CtzwAarrwAjS3YRCVSgOI65FsP+stY8BkhmwXkS55/pqrdJrl7xqINw/Yxl5/I2j
7UTSItjInu86O8Wz8Upw3/LxnB18xWwQv/xEQMEWCiKMIQnCZxSmov/Q7m58wkUK
NDvTPySDV0EuIRkOcFYSZ/2O1Q+wNeXfeNN5kXlpV3CDpyoRsZfetmT/otAnj0RD
9lyBHx1svVYhITyB9t24k7JbbilREcuvnhYbwAp78fHGNMcCESvWzU7a6QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAVsh9wtyUdApMCzF1ook1TI3iS3MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQld5SDNDM0pSMENrd0xNWFdpaVRWTWplSkxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAhdN9Fwxx3TYMJN2fRq
fFsLt3ekqab8uqWgIfyrALVSv4Rd/G6gquIJk0SkZzFozh9u9/zUSD9CibwTq05g
H1XWXbu1jopr/WCEV/2kSww/mUwpPn44mr8mwZFa5a3LVtMm3bhby1Kp+xdGZJWY
e8V1yakONMwi4g8uPlAmjQBhLiHInQTpeLJ8FMNqVUovWg/oRlMLvGsAv7kUpEzP
SBqKseBfXU+V431aJGTdww36MOxeoEQHPsaWFcQztYof6wHtQvl75EzdlngBvkWS
C0BKoyYjtk4HYWNBwCTVy7Pit9FMymxnX+e/TVTwiEz6GS/OQOrodlWbk2Kc5e3U
RYU=
-----END CERTIFICATE-----