Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/BesYim-reHxMCjf1AVVCjziQhRA.roa
File:                     BesYim-reHxMCjf1AVVCjziQhRA.roa (raw, json)
Hash identifier:          rJ/VCxmBy7+gpn2tt67J10Il42lkf0Bg5sksPho7AlA=
Subject key identifier:   05:EB:18:8A:6F:AB:78:7C:4C:0A:37:F5:01:55:42:8F:38:90:85:10
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187D4DBB79D2D3C4767DD05FBDCECE639C9
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/BesYim-reHxMCjf1AVVCjziQhRA.roa
Signing time:             Mon 01 May 2023 01:09:41 +0000
ROA not before:           Mon 01 May 2023 01:09:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:d4:db:b7:9d:2d:3c:47:67:dd:05:fb:dc:ec:e6:39:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  1 01:09:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=05eb188a6fab787c4c0a37f50155428f38908510
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:6f:af:f4:13:33:a5:be:a5:a7:cd:e0:06:1b:
                    b2:90:67:99:d6:33:ae:cc:8f:e1:1e:95:e8:1e:fc:
                    4a:db:f5:57:a1:25:dd:fc:ac:52:bb:bb:87:79:b3:
                    1a:b1:5e:dd:18:a2:fa:0e:58:96:5d:a8:95:aa:67:
                    f2:e0:71:08:d0:12:4c:a7:54:c8:6d:ce:e8:69:c6:
                    95:e7:89:ea:21:b8:ac:d0:22:fe:67:3e:95:13:6d:
                    37:7b:b8:17:f8:a4:64:2a:d7:8d:be:a1:15:5a:e5:
                    22:e4:7d:fc:d1:d1:28:0d:b5:6e:b3:a7:ca:53:09:
                    37:9b:7d:28:fc:b0:74:00:61:0f:6b:a5:e1:25:42:
                    66:0a:3a:fa:da:5e:92:0d:61:ea:56:a6:87:08:a8:
                    b3:cc:a8:17:42:2b:8b:27:de:87:8b:39:12:a1:dd:
                    e5:56:33:b1:4c:6a:fb:5a:44:a7:dd:47:f0:5a:14:
                    02:b2:4c:49:d9:f3:af:65:68:16:af:12:9b:f8:fd:
                    d1:57:fe:f2:11:8f:0b:fe:63:a0:8f:40:b7:8b:03:
                    a3:d9:63:98:bd:44:c9:59:14:63:68:1e:59:b7:0f:
                    70:c7:eb:6a:4f:aa:b3:b1:4c:ed:29:d1:9b:90:88:
                    19:b0:5b:0b:b4:7b:2c:b6:3a:48:bb:be:ff:cd:65:
                    04:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:EB:18:8A:6F:AB:78:7C:4C:0A:37:F5:01:55:42:8F:38:90:85:10
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/BesYim-reHxMCjf1AVVCjziQhRA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         99:b5:9d:a1:09:51:27:1c:fb:b2:07:2c:d3:6e:55:6c:b5:33:
         17:8f:88:ac:21:72:0a:b8:86:78:0d:fb:0c:49:a1:e4:b9:42:
         4f:4f:c8:8f:ca:78:c8:b9:a4:95:4b:07:e3:6b:6a:c3:36:b1:
         33:cf:52:2b:5a:33:1e:ea:c2:95:bd:13:53:01:2f:a5:92:c3:
         47:ca:53:76:f4:30:52:4b:63:aa:aa:65:aa:19:d2:96:78:75:
         46:0d:ad:e8:1d:3b:fb:17:86:51:85:f6:62:0f:56:ef:ed:9f:
         79:9a:a4:83:f9:21:f4:7f:3f:be:9c:02:34:30:4e:6e:7b:58:
         57:1c:57:38:23:2e:3b:4c:9a:8a:9e:90:64:fa:b6:d8:25:5a:
         74:0d:76:c3:fe:7c:22:38:4c:80:98:ec:a0:b7:3b:38:ef:4a:
         21:81:d9:f2:64:97:8d:e1:ac:86:7f:26:f2:0a:b2:1c:14:0b:
         b3:7f:66:3e:85:13:73:05:4b:d0:7a:65:f9:eb:8f:7c:e1:a0:
         08:5a:00:5e:bf:c3:d5:46:16:67:ab:8a:c5:67:43:06:5a:8a:
         b0:8e:2b:d9:29:46:8e:da:2e:77:61:76:ef:df:4d:ec:00:3b:
         78:b3:31:a4:90:f2:42:ea:34:e1:fa:16:d1:39:5d:84:62:11:
         0d:b9:bc:c0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfU27edLTxHZ90F+9zs5jnJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTAxMDEwOTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWViMTg4YTZmYWI3ODdjNGMwYTM3ZjUwMTU1NDI4ZjM4OTA4NTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtm+v9BMzpb6lp83gBhuykGeZ1jOu
zI/hHpXoHvxK2/VXoSXd/KxSu7uHebMasV7dGKL6DliWXaiVqmfy4HEI0BJMp1TI
bc7oacaV54nqIbis0CL+Zz6VE203e7gX+KRkKteNvqEVWuUi5H380dEoDbVus6fK
Uwk3m30o/LB0AGEPa6XhJUJmCjr62l6SDWHqVqaHCKizzKgXQiuLJ96HizkSod3l
VjOxTGr7WkSn3UfwWhQCskxJ2fOvZWgWrxKb+P3RV/7yEY8L/mOgj0C3iwOj2WOY
vUTJWRRjaB5Ztw9wx+tqT6qzsUztKdGbkIgZsFsLtHsstjpIu77/zWUE7wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAXrGIpvq3h8TAo39QFVQo84kIUQMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQmVzWWltLXJlSHhNQ2pmMUFWVkNqemlRaFJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJm1naEJUScc+7IHLNNu
VWy1MxePiKwhcgq4hngN+wxJoeS5Qk9PyI/KeMi5pJVLB+NrasM2sTPPUitaMx7q
wpW9E1MBL6WSw0fKU3b0MFJLY6qqZaoZ0pZ4dUYNregdO/sXhlGF9mIPVu/tn3ma
pIP5IfR/P76cAjQwTm57WFccVzgjLjtMmoqekGT6ttglWnQNdsP+fCI4TICY7KC3
OzjvSiGB2fJkl43hrIZ/JvIKshwUC7N/Zj6FE3MFS9B6Zfnrj3zhoAhaAF6/w9VG
FmerisVnQwZairCOK9kpRo7aLndhdu/fTewAO3izMaSQ8kLqNOH6FtE5XYRiEQ25
vMA=
-----END CERTIFICATE-----