Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CT1N22RyBprjzg3UDSXG2akxlbQ.roa
File:                     CT1N22RyBprjzg3UDSXG2akxlbQ.roa (raw, json)
Hash identifier:          p4g7N5kgK+i9yPuWNvoxYni2yjiaSzmeuuYmWzBASGw=
Subject key identifier:   09:3D:4D:DB:64:72:06:9A:E3:CE:0D:D4:0D:25:C6:D9:A9:31:95:B4
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186F7DD66E38989AB8FBA5F4F5CD77C6A41
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CT1N22RyBprjzg3UDSXG2akxlbQ.roa
Signing time:             Sun 19 Mar 2023 03:15:27 +0000
ROA not before:           Sun 19 Mar 2023 03:15:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:f7:dd:66:e3:89:89:ab:8f:ba:5f:4f:5c:d7:7c:6a:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 19 03:15:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=093d4ddb6472069ae3ce0dd40d25c6d9a93195b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:f3:a2:47:fa:83:de:5f:88:cd:b9:54:27:32:
                    82:d5:34:47:5e:ff:6a:bc:cc:13:0c:fc:4a:d9:55:
                    d2:d9:64:d1:7f:97:1b:ac:fa:ae:ab:28:44:4e:07:
                    3c:7c:33:05:ea:19:e3:b6:73:d6:3f:d2:ae:4d:eb:
                    47:68:fe:94:ad:70:06:51:5b:d6:1d:dd:59:62:3a:
                    96:3f:42:20:e5:fa:6e:23:f8:d4:97:1c:fa:56:c1:
                    7b:62:71:37:6a:98:21:d8:eb:be:15:b9:da:c2:ec:
                    f5:51:12:d2:ed:eb:93:7d:f4:3a:69:bc:35:d9:13:
                    8c:9b:5a:bb:8e:e7:ba:de:bf:41:b0:8d:33:82:3f:
                    48:2e:58:9b:59:0e:18:35:4e:f0:ce:f5:ea:71:74:
                    3d:c9:15:cf:e8:8b:61:da:20:53:35:b8:cd:8c:52:
                    d3:2a:8e:64:fd:9d:93:62:ae:0a:31:8c:fa:49:63:
                    d9:e3:b1:8e:d2:23:1f:40:7b:31:68:67:1e:f3:44:
                    4f:13:c7:6b:3f:13:42:73:4a:41:f0:fe:92:61:0b:
                    0e:77:96:bd:f7:76:68:a0:28:5d:0c:1f:77:68:16:
                    8a:1a:5f:9b:a1:aa:19:a5:f3:f3:63:19:37:db:2d:
                    ac:56:74:8b:fb:c3:c2:55:4b:c2:b2:df:1f:4a:2e:
                    3f:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:3D:4D:DB:64:72:06:9A:E3:CE:0D:D4:0D:25:C6:D9:A9:31:95:B4
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CT1N22RyBprjzg3UDSXG2akxlbQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a5:6b:24:2a:58:87:67:4f:0b:f1:de:0c:17:cd:7b:e0:92:ec:
         76:6e:bf:a0:f1:1a:79:42:e4:ad:a5:fc:b4:c8:51:6c:f5:f9:
         3f:c6:9e:cb:c1:6f:5e:fa:cf:8a:a4:76:55:55:28:85:33:d8:
         11:28:5a:89:48:41:16:fe:5f:7c:d7:2d:70:20:e0:61:b4:70:
         0c:81:61:68:8b:3d:97:05:f6:82:15:40:f6:f9:6b:2d:f4:c6:
         da:98:8a:9a:6a:57:1a:1d:ec:f1:4a:e0:78:f1:eb:8f:13:07:
         79:77:da:f5:b2:d7:59:86:dc:96:1b:7c:2d:3c:26:4a:15:f4:
         1d:53:ac:9a:ec:b5:7b:a2:33:22:be:5f:2f:a3:1e:71:d7:18:
         89:4c:71:db:97:d1:3f:4f:da:e0:dc:c5:4a:11:95:62:64:15:
         72:5b:8e:b2:86:5e:57:4e:2d:7a:b4:e7:ef:87:49:b2:a9:fe:
         92:13:f1:85:c9:a4:31:9d:65:52:61:e4:fc:c4:50:2f:46:1f:
         e8:69:a1:6a:18:1c:b8:c9:75:cb:4e:e7:1f:7b:da:b5:ed:7a:
         a0:62:08:6a:be:d8:06:ec:8e:f0:51:d8:e3:14:f1:ac:71:58:
         33:e7:23:d0:ea:17:61:7e:2c:e9:8f:99:b5:44:a3:43:7c:94:
         a2:11:2c:db
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYb33WbjiYmrj7pfT1zXfGpBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzE5MDMxNTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTNkNGRkYjY0NzIwNjlhZTNjZTBkZDQwZDI1YzZkOWE5MzE5NWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfOiR/qD3l+IzblUJzKC1TRHXv9q
vMwTDPxK2VXS2WTRf5cbrPquqyhETgc8fDMF6hnjtnPWP9KuTetHaP6UrXAGUVvW
Hd1ZYjqWP0Ig5fpuI/jUlxz6VsF7YnE3apgh2Ou+Fbnawuz1URLS7euTffQ6abw1
2ROMm1q7jue63r9BsI0zgj9ILlibWQ4YNU7wzvXqcXQ9yRXP6Ith2iBTNbjNjFLT
Ko5k/Z2TYq4KMYz6SWPZ47GO0iMfQHsxaGce80RPE8drPxNCc0pB8P6SYQsOd5a9
93ZooChdDB93aBaKGl+boaoZpfPzYxk32y2sVnSL+8PCVUvCst8fSi4/dQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAk9Tdtkcgaa484N1A0lxtmpMZW0MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQ1QxTjIyUnlCcHJqemczVURTWEcyYWt4bGJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKVrJCpYh2dPC/HeDBfN
e+CS7HZuv6DxGnlC5K2l/LTIUWz1+T/GnsvBb176z4qkdlVVKIUz2BEoWolIQRb+
X3zXLXAg4GG0cAyBYWiLPZcF9oIVQPb5ay30xtqYippqVxod7PFK4Hjx648TB3l3
2vWy11mG3JYbfC08JkoV9B1TrJrstXuiMyK+Xy+jHnHXGIlMcduX0T9P2uDcxUoR
lWJkFXJbjrKGXldOLXq05++HSbKp/pIT8YXJpDGdZVJh5PzEUC9GH+hpoWoYHLjJ
dctO5x972rXteqBiCGq+2AbsjvBR2OMU8axxWDPnI9DqF2F+LOmPmbVEo0N8lKIR
LNs=
-----END CERTIFICATE-----