Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/BtAQfk3oom_kQYaGgNar0i85HWw.roa
File:                     BtAQfk3oom_kQYaGgNar0i85HWw.roa (raw, json)
Hash identifier:          mvMh63kXPGSD7dNJmDJMOr5Yo58cY5Z9rsEd9zyQJEc=
Subject key identifier:   06:D0:10:7E:4D:E8:A2:6F:E4:41:86:86:80:D6:AB:D2:2F:39:1D:6C
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187C37A41494AC71B104EF01AA05627F30C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/BtAQfk3oom_kQYaGgNar0i85HWw.roa
Signing time:             Thu 27 Apr 2023 16:09:41 +0000
ROA not before:           Thu 27 Apr 2023 16:09:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:c3:7a:41:49:4a:c7:1b:10:4e:f0:1a:a0:56:27:f3:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 27 16:09:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=06d0107e4de8a26fe441868680d6abd22f391d6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:d3:18:fe:3a:18:7e:41:aa:46:44:4b:a3:63:
                    9f:ac:3d:5a:b7:63:4a:88:c8:ae:9f:1c:3a:78:6d:
                    4a:12:5d:82:7d:05:22:6b:23:50:56:a9:ad:9f:96:
                    d0:64:e6:14:c6:a3:f4:d8:e2:c9:95:e5:0d:b6:bd:
                    ec:7b:6d:13:d3:57:92:ca:be:b8:05:e9:99:14:6e:
                    d4:06:68:7a:1e:7d:3c:08:3f:22:f9:7f:7a:31:55:
                    d8:15:c1:f6:9d:12:73:4c:a9:be:68:9c:cc:0a:80:
                    0b:9f:2a:fc:15:91:f4:f8:50:d4:da:39:a3:15:47:
                    83:22:8f:e7:65:b1:bc:50:17:a1:28:de:78:c2:c3:
                    2d:54:e3:ef:64:27:40:9a:7f:24:ff:5e:af:72:4a:
                    66:86:78:de:df:c4:bc:63:bb:91:a4:65:16:4b:04:
                    7b:58:41:95:0d:f2:8a:05:b3:31:bd:3c:4c:cb:17:
                    bd:16:69:69:43:4a:d1:20:21:aa:7e:ed:48:76:00:
                    ea:fe:5a:d5:2d:58:ab:45:0b:1a:4d:60:74:fd:d7:
                    03:7e:3a:e5:97:ca:dc:f9:a3:e6:ea:34:5b:e7:66:
                    cf:40:3f:f1:a7:ba:27:9a:a5:3d:3f:08:18:68:62:
                    1c:08:dc:26:2f:a3:53:92:a4:1e:95:63:63:58:4a:
                    7e:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:D0:10:7E:4D:E8:A2:6F:E4:41:86:86:80:D6:AB:D2:2F:39:1D:6C
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/BtAQfk3oom_kQYaGgNar0i85HWw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:6c:8f:33:4e:33:fb:4d:e4:ef:97:5a:6a:cc:bb:11:59:71:
         be:31:39:97:46:2c:34:82:09:4a:b7:dd:c5:43:9a:53:54:74:
         7c:75:d4:1a:48:6c:31:fc:e4:a6:2d:fa:95:97:10:61:27:a1:
         87:15:e8:e9:72:0e:b6:26:ff:8a:a5:89:75:0e:cc:3c:67:3d:
         e7:d5:08:17:19:56:3c:46:44:43:62:44:7e:a1:f9:9f:c5:ab:
         46:96:91:5e:99:68:44:f1:74:56:4d:ac:97:1a:53:b6:2a:71:
         38:8c:7c:08:bf:83:89:56:ec:7d:fe:76:69:14:38:e9:87:38:
         04:d5:64:2f:66:18:e3:48:4d:73:ee:64:4a:f2:ae:1b:21:6a:
         44:23:0c:8e:9f:93:26:6d:a0:c9:4c:5a:a9:aa:6c:9d:d5:5f:
         85:97:24:00:c2:46:8c:c0:f3:a7:15:8a:29:1b:30:b0:a5:3b:
         9e:37:7f:b0:43:40:1d:29:d2:79:a9:3f:5a:08:f8:8f:bb:f6:
         9d:21:36:2a:ec:de:22:81:16:22:3a:cb:67:21:4c:81:f9:48:
         76:60:38:fc:32:5b:9b:93:5e:c1:12:cc:79:95:17:5c:be:39:
         f7:d4:7b:74:c1:bc:8c:6c:3a:0c:2e:75:c5:ab:4e:c0:3d:4f:
         13:ae:0c:2d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfDekFJSscbEE7wGqBWJ/MMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDI3MTYwOTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmQwMTA3ZTRkZThhMjZmZTQ0MTg2ODY4MGQ2YWJkMjJmMzkxZDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9MY/joYfkGqRkRLo2OfrD1at2NK
iMiunxw6eG1KEl2CfQUiayNQVqmtn5bQZOYUxqP02OLJleUNtr3se20T01eSyr64
BemZFG7UBmh6Hn08CD8i+X96MVXYFcH2nRJzTKm+aJzMCoALnyr8FZH0+FDU2jmj
FUeDIo/nZbG8UBehKN54wsMtVOPvZCdAmn8k/16vckpmhnje38S8Y7uRpGUWSwR7
WEGVDfKKBbMxvTxMyxe9FmlpQ0rRICGqfu1IdgDq/lrVLVirRQsaTWB0/dcDfjrl
l8rc+aPm6jRb52bPQD/xp7onmqU9PwgYaGIcCNwmL6NTkqQelWNjWEp+TQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAbQEH5N6KJv5EGGhoDWq9IvOR1sMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQnRBUWZrM29vbV9rUVlhR2dOYXIwaTg1SFd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAC1sjzNOM/tN5O+XWmrM
uxFZcb4xOZdGLDSCCUq33cVDmlNUdHx11BpIbDH85KYt+pWXEGEnoYcV6OlyDrYm
/4qliXUOzDxnPefVCBcZVjxGRENiRH6h+Z/Fq0aWkV6ZaETxdFZNrJcaU7YqcTiM
fAi/g4lW7H3+dmkUOOmHOATVZC9mGONITXPuZEryrhshakQjDI6fkyZtoMlMWqmq
bJ3VX4WXJADCRozA86cViikbMLClO543f7BDQB0p0nmpP1oI+I+79p0hNirs3iKB
FiI6y2chTIH5SHZgOPwyW5uTXsESzHmVF1y+OffUe3TBvIxsOgwudcWrTsA9TxOu
DC0=
-----END CERTIFICATE-----