Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/BuEQ5hE61WclF37WDqb-qyU7XHs.roa
File:                     BuEQ5hE61WclF37WDqb-qyU7XHs.roa (raw, json)
Hash identifier:          h9IY+9O2ebWQ6++G92wjUzi386wHCkzIcDHUpHFJ1Ns=
Subject key identifier:   06:E1:10:E6:11:3A:D5:67:25:17:7E:D6:0E:A6:FE:AB:25:3B:5C:7B
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186D7E3746918628E8A88400BE5D8E3FC25
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/BuEQ5hE61WclF37WDqb-qyU7XHs.roa
Signing time:             Sun 12 Mar 2023 22:14:13 +0000
ROA not before:           Sun 12 Mar 2023 22:14:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:d7:e3:74:69:18:62:8e:8a:88:40:0b:e5:d8:e3:fc:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 12 22:14:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=06e110e6113ad56725177ed60ea6feab253b5c7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:49:0f:12:aa:1c:ca:d4:1c:a9:66:32:b8:63:
                    1b:71:0f:54:85:bd:7f:79:bd:92:e4:a5:6e:11:d9:
                    3f:fc:63:fe:33:08:53:52:23:07:25:45:dd:37:64:
                    35:1b:8c:02:de:65:66:8f:b4:56:36:4d:57:c3:9d:
                    64:56:60:e7:31:df:09:9d:ea:ca:51:19:2d:2e:81:
                    5f:d3:7b:d9:e0:78:66:18:3b:f2:da:84:3f:b9:0d:
                    f1:83:53:7a:8e:21:a2:3b:65:2a:de:19:2b:b7:16:
                    fd:26:58:24:2a:b9:38:58:b3:56:09:40:5f:3d:5a:
                    f2:63:33:10:e7:31:eb:bd:91:21:d7:0c:92:9b:63:
                    8c:6b:20:52:1a:59:12:c9:1b:92:4f:dc:80:52:22:
                    cb:e7:9a:37:e6:01:54:46:2b:96:16:10:8f:8e:3c:
                    a1:c6:a0:61:b8:ef:40:26:1a:87:41:e3:cd:f0:b3:
                    f0:d5:a2:96:82:f4:15:a1:87:53:22:e4:88:db:0f:
                    df:22:2b:2b:83:dd:fb:56:16:a0:10:1b:fb:7b:50:
                    9b:49:5e:21:4a:90:a5:66:1f:f9:69:aa:c1:a2:f8:
                    46:fb:3b:67:61:90:3e:62:63:cb:e6:50:51:d9:50:
                    9e:e0:04:f8:d1:b0:18:6c:b1:a8:56:a8:4e:66:f7:
                    b7:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:E1:10:E6:11:3A:D5:67:25:17:7E:D6:0E:A6:FE:AB:25:3B:5C:7B
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/BuEQ5hE61WclF37WDqb-qyU7XHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:4d:4e:b9:e4:cd:e1:d0:71:e7:59:3d:ff:5e:51:56:55:39:
         34:53:f7:b3:d0:a1:40:2f:26:08:b4:be:8d:90:32:16:16:9a:
         23:ac:b4:3f:6f:c5:05:7e:dc:9e:1a:3b:d2:df:52:2d:cb:37:
         d4:76:0d:ff:fa:f1:e3:77:38:41:0d:eb:02:31:61:0a:fe:24:
         1e:18:90:ba:14:3b:03:dd:b8:eb:2f:8f:a3:67:4b:26:34:f9:
         95:1b:cc:5d:7f:dc:f4:5b:3b:7d:de:b7:dd:60:e3:e7:7d:77:
         5c:48:9f:1b:ed:7e:81:c1:08:b0:c2:fa:4d:9b:e1:7c:79:03:
         a2:33:3b:85:14:e4:59:92:99:96:b9:2e:0c:9a:89:72:90:0d:
         b1:28:de:fd:50:97:7f:44:b5:62:3a:5d:ed:9d:49:70:54:ff:
         5f:85:cb:18:01:d9:51:00:23:36:2e:e6:1f:2d:96:cc:eb:bb:
         12:bc:be:0e:41:ac:1d:51:30:93:f4:17:8b:1c:4b:c4:90:0e:
         c5:ee:b3:79:56:33:7c:19:00:5b:5b:be:4a:51:d9:97:5c:da:
         6c:f9:ae:d0:f0:3c:e4:bd:a9:2a:28:24:7d:ac:37:8f:13:7e:
         89:2b:a3:fb:42:43:c8:4f:d0:f5:92:03:61:4d:cb:4b:49:11:
         4c:ec:87:51
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbX43RpGGKOiohAC+XY4/wlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzEyMjIxNDEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmUxMTBlNjExM2FkNTY3MjUxNzdlZDYwZWE2ZmVhYjI1M2I1YzdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnEkPEqocytQcqWYyuGMbcQ9Uhb1/
eb2S5KVuEdk//GP+MwhTUiMHJUXdN2Q1G4wC3mVmj7RWNk1Xw51kVmDnMd8JnerK
URktLoFf03vZ4HhmGDvy2oQ/uQ3xg1N6jiGiO2Uq3hkrtxb9JlgkKrk4WLNWCUBf
PVryYzMQ5zHrvZEh1wySm2OMayBSGlkSyRuST9yAUiLL55o35gFURiuWFhCPjjyh
xqBhuO9AJhqHQePN8LPw1aKWgvQVoYdTIuSI2w/fIisrg937VhagEBv7e1CbSV4h
SpClZh/5aarBovhG+ztnYZA+YmPL5lBR2VCe4AT40bAYbLGoVqhOZve3IQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAbhEOYROtVnJRd+1g6m/qslO1x7MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQnVFUTVoRTYxV2NsRjM3V0RxYi1xeVU3WEhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAA1NTrnkzeHQcedZPf9e
UVZVOTRT97PQoUAvJgi0vo2QMhYWmiOstD9vxQV+3J4aO9LfUi3LN9R2Df/68eN3
OEEN6wIxYQr+JB4YkLoUOwPduOsvj6NnSyY0+ZUbzF1/3PRbO33et91g4+d9d1xI
nxvtfoHBCLDC+k2b4Xx5A6IzO4UU5FmSmZa5LgyaiXKQDbEo3v1Ql39EtWI6Xe2d
SXBU/1+FyxgB2VEAIzYu5h8tlszruxK8vg5BrB1RMJP0F4scS8SQDsXus3lWM3wZ
AFtbvkpR2Zdc2mz5rtDwPOS9qSooJH2sN48Tfokro/tCQ8hP0PWSA2FNy0tJEUzs
h1E=
-----END CERTIFICATE-----