Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/BftMr8txdS_7SYrU13BtxU3d4ww.roa
File:                     BftMr8txdS_7SYrU13BtxU3d4ww.roa (raw, json)
Hash identifier:          BDvn3+t9ZFVAA7O/nhYGgQ8zsTxj2Q2AZ3m8RkLTgts=
Subject key identifier:   05:FB:4C:AF:CB:71:75:2F:FB:49:8A:D4:D7:70:6D:C5:4D:DD:E3:0C
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187D7DC7AC5FE2F19D4394E33C51D8835D9
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/BftMr8txdS_7SYrU13BtxU3d4ww.roa
Signing time:             Mon 01 May 2023 15:09:23 +0000
ROA not before:           Mon 01 May 2023 15:09:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:d7:dc:7a:c5:fe:2f:19:d4:39:4e:33:c5:1d:88:35:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  1 15:09:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=05fb4cafcb71752ffb498ad4d7706dc54ddde30c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:63:fd:f1:40:96:5d:ba:b3:ff:c9:4c:c1:e5:
                    77:6a:3c:d0:51:19:b1:59:07:08:89:a1:75:56:fe:
                    ee:36:19:f7:3c:34:5f:7c:20:4b:56:8e:92:5b:cb:
                    85:c1:9c:9b:ed:98:d0:7d:f6:fe:f2:ed:28:98:2c:
                    b0:b4:8c:de:7c:d8:45:cb:e2:47:93:e8:ad:c2:29:
                    d0:82:7f:22:4e:8a:83:a9:fa:ec:50:37:67:15:50:
                    cd:ae:66:c7:ec:11:c9:33:dc:5e:20:85:ef:05:49:
                    10:01:ae:d8:29:95:d2:b5:09:23:4a:88:6f:a9:15:
                    f4:6b:a2:0c:07:7e:1f:8b:b5:32:af:2f:d7:56:2f:
                    12:e0:43:2e:de:e4:a8:bf:f6:af:29:bd:2d:58:de:
                    6c:3d:c9:9e:8b:fa:d4:c2:96:18:7f:41:2a:d2:7e:
                    4d:b3:07:f3:ea:98:f1:6d:41:8e:76:1a:6f:aa:31:
                    59:e9:46:8f:53:3d:86:60:48:33:bb:16:14:70:1a:
                    e5:95:49:46:0f:66:e5:39:e5:1b:6a:7d:b2:37:30:
                    ae:bf:98:0a:40:68:39:b5:56:32:bd:92:4e:5f:67:
                    f5:5b:f2:fd:cb:1f:6e:33:fb:1a:17:cb:b4:be:7a:
                    9e:9d:59:9a:79:2a:0c:83:0e:43:ff:b0:80:89:c9:
                    f1:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:FB:4C:AF:CB:71:75:2F:FB:49:8A:D4:D7:70:6D:C5:4D:DD:E3:0C
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/BftMr8txdS_7SYrU13BtxU3d4ww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         b4:8b:92:dd:8b:f9:34:05:7d:23:df:72:85:5f:b0:cc:18:b8:
         f5:ba:bd:b7:a4:5b:49:b3:81:0d:77:5e:e2:e3:e5:d4:c2:bf:
         66:55:8e:27:79:ef:2e:3c:fb:e2:b6:ca:c2:4f:80:14:e7:84:
         bf:ed:b5:6b:1a:54:6a:b5:b0:a6:48:ad:6d:2a:03:3d:c3:6b:
         9b:86:88:8b:ff:2a:f5:15:18:c0:8f:60:18:e8:47:62:0f:7a:
         43:a9:a4:ba:ea:18:88:f4:5c:af:3e:9b:bc:12:19:57:01:76:
         b5:71:be:68:6b:f2:d4:8c:0a:63:f7:ae:87:bd:98:0a:2c:28:
         11:6f:ad:be:83:8c:68:00:e6:c3:6a:9a:14:fd:d0:d0:35:bf:
         ca:b4:b4:15:3c:47:e6:c3:79:80:5e:43:e2:54:6a:1a:25:e3:
         32:e9:c6:0f:8d:3b:ae:27:f0:92:fb:d4:a4:7d:c1:28:c6:34:
         e1:d1:c2:3c:7f:74:f8:6a:78:a0:af:af:eb:ff:e9:83:a0:bf:
         dc:98:87:3d:64:b6:48:b3:43:06:91:58:e4:61:1b:8c:19:4b:
         cd:d0:06:19:11:cb:2e:e0:69:7e:d5:6a:77:fa:2f:3d:bd:16:
         4a:e0:6d:30:25:39:6a:bc:b1:7e:24:8c:ef:cf:02:3f:d2:ba:
         69:82:5e:4d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfX3HrF/i8Z1DlOM8UdiDXZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTAxMTUwOTIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWZiNGNhZmNiNzE3NTJmZmI0OThhZDRkNzcwNmRjNTRkZGRlMzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGP98UCWXbqz/8lMweV3ajzQURmx
WQcIiaF1Vv7uNhn3PDRffCBLVo6SW8uFwZyb7ZjQffb+8u0omCywtIzefNhFy+JH
k+itwinQgn8iToqDqfrsUDdnFVDNrmbH7BHJM9xeIIXvBUkQAa7YKZXStQkjSohv
qRX0a6IMB34fi7Uyry/XVi8S4EMu3uSov/avKb0tWN5sPcmei/rUwpYYf0Eq0n5N
swfz6pjxbUGOdhpvqjFZ6UaPUz2GYEgzuxYUcBrllUlGD2blOeUban2yNzCuv5gK
QGg5tVYyvZJOX2f1W/L9yx9uM/saF8u0vnqenVmaeSoMgw5D/7CAicnx8wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAX7TK/LcXUv+0mK1NdwbcVN3eMMMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQmZ0TXI4dHhkU183U1lyVTEzQnR4VTNkNHd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBALSLkt2L+TQFfSPfcoVf
sMwYuPW6vbekW0mzgQ13XuLj5dTCv2ZVjid57y48++K2ysJPgBTnhL/ttWsaVGq1
sKZIrW0qAz3Da5uGiIv/KvUVGMCPYBjoR2IPekOppLrqGIj0XK8+m7wSGVcBdrVx
vmhr8tSMCmP3roe9mAosKBFvrb6DjGgA5sNqmhT90NA1v8q0tBU8R+bDeYBeQ+JU
ahol4zLpxg+NO64n8JL71KR9wSjGNOHRwjx/dPhqeKCvr+v/6YOgv9yYhz1ktkiz
QwaRWORhG4wZS83QBhkRyy7gaX7Vanf6Lz29FkrgbTAlOWq8sX4kjO/PAj/SummC
Xk0=
-----END CERTIFICATE-----