Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CZY4Tt8oqrczJVSKVWSv82Jpn-o.roa
File:                     CZY4Tt8oqrczJVSKVWSv82Jpn-o.roa (raw, json)
Hash identifier:          01MLRPuVPMRZXLarUiorkM1RJpdGW64DhX6atE/RDYQ=
Subject key identifier:   09:96:38:4E:DF:28:AA:B7:33:25:54:8A:55:64:AF:F3:62:69:9F:EA
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186D43F7264A535CC208E5B29D8870D6C95
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CZY4Tt8oqrczJVSKVWSv82Jpn-o.roa
Signing time:             Sun 12 Mar 2023 05:16:13 +0000
ROA not before:           Sun 12 Mar 2023 05:16:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:d4:3f:72:64:a5:35:cc:20:8e:5b:29:d8:87:0d:6c:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 12 05:16:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0996384edf28aab73325548a5564aff362699fea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:0d:32:9b:f2:8c:6a:8f:6e:1b:26:d8:ec:2c:
                    d9:a9:bc:96:6d:bb:6b:ed:f9:bc:c8:7c:da:f5:f4:
                    d4:09:3c:c7:64:c4:69:35:04:03:a9:7d:ad:1c:aa:
                    e5:22:1d:10:79:58:c1:e1:fb:6b:0c:4c:88:0f:cc:
                    cd:98:55:dd:48:ef:15:3f:d0:a9:6b:ca:c2:28:87:
                    27:71:d1:8d:cd:af:29:cc:33:b7:42:f6:f5:f4:0e:
                    21:2a:18:7c:88:f9:6f:ab:a5:3c:5e:f0:81:9e:ba:
                    3f:b0:a3:5d:01:d2:80:a6:91:31:4a:32:98:d9:20:
                    0e:10:f0:a6:cd:48:70:c9:5b:50:b8:72:93:69:3f:
                    89:fa:9d:6d:97:1b:c7:49:1c:f9:7a:37:ca:aa:71:
                    85:3d:74:e7:cb:31:47:af:a5:07:8a:89:c6:a0:fe:
                    89:d3:22:1b:05:2c:48:68:c9:3e:8d:87:67:19:97:
                    89:23:ac:59:c6:13:ee:0e:c8:71:f3:44:c2:7a:48:
                    1a:87:f3:dd:05:78:fd:30:37:c3:b8:1a:aa:d4:a6:
                    37:a1:46:06:cf:a7:25:84:ac:6e:59:e6:23:d4:d3:
                    35:d8:c3:ec:8f:27:af:25:a8:40:a2:5d:14:ab:44:
                    a5:6f:b6:f4:14:5d:b0:de:f7:c1:a0:00:a1:61:e8:
                    df:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:96:38:4E:DF:28:AA:B7:33:25:54:8A:55:64:AF:F3:62:69:9F:EA
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CZY4Tt8oqrczJVSKVWSv82Jpn-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:1d:16:38:34:67:bb:50:9f:35:4e:51:74:4a:6b:f4:c0:5c:
         e4:88:fa:12:68:2a:5b:c7:b5:c8:e5:a4:cd:3c:ef:f9:c7:55:
         45:3a:0f:70:bd:ff:bf:93:bd:71:94:ab:2e:85:fb:0a:9c:3c:
         87:69:63:e8:c7:2c:81:19:3f:68:99:cb:0f:4b:f8:ac:05:45:
         66:e8:28:2c:ed:6a:48:5f:98:21:a7:77:ca:68:db:b5:0a:f5:
         fc:ce:67:a4:df:d3:47:16:d8:0f:66:a8:41:01:a9:38:4f:24:
         f0:86:17:f6:56:dc:34:5e:2e:92:cf:1e:36:97:42:69:db:4f:
         69:44:db:cc:e5:f4:64:f0:c8:af:e1:87:48:30:02:a3:e9:bc:
         89:a8:20:01:6d:3c:c8:80:8d:9b:73:09:23:d8:00:b9:63:a2:
         a3:3b:94:7f:41:1a:6d:4d:78:8e:66:ce:30:33:b4:35:6b:e9:
         fb:4a:1e:c9:03:62:83:fe:fb:3a:96:88:a8:3b:00:e2:06:6a:
         55:39:3c:56:bd:06:27:3a:68:13:7b:31:ba:9a:69:70:9b:cd:
         81:fe:49:99:a2:23:59:50:a4:b8:42:3d:e8:eb:c0:d2:75:df:
         87:16:82:1f:42:df:70:c3:bc:28:ab:ee:4a:72:09:1a:21:5c:
         1a:d0:66:aa
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbUP3JkpTXMII5bKdiHDWyVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzEyMDUxNjEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTk2Mzg0ZWRmMjhhYWI3MzMyNTU0OGE1NTY0YWZmMzYyNjk5ZmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAug0ym/KMao9uGybY7CzZqbyWbbtr
7fm8yHza9fTUCTzHZMRpNQQDqX2tHKrlIh0QeVjB4ftrDEyID8zNmFXdSO8VP9Cp
a8rCKIcncdGNza8pzDO3Qvb19A4hKhh8iPlvq6U8XvCBnro/sKNdAdKAppExSjKY
2SAOEPCmzUhwyVtQuHKTaT+J+p1tlxvHSRz5ejfKqnGFPXTnyzFHr6UHionGoP6J
0yIbBSxIaMk+jYdnGZeJI6xZxhPuDshx80TCekgah/PdBXj9MDfDuBqq1KY3oUYG
z6clhKxuWeYj1NM12MPsjyevJahAol0Uq0Slb7b0FF2w3vfBoAChYejfxwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAmWOE7fKKq3MyVUilVkr/NiaZ/qMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQ1pZNFR0OG9xcmN6SlZTS1ZXU3Y4Mkpwbi1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJ4dFjg0Z7tQnzVOUXRK
a/TAXOSI+hJoKlvHtcjlpM087/nHVUU6D3C9/7+TvXGUqy6F+wqcPIdpY+jHLIEZ
P2iZyw9L+KwFRWboKCztakhfmCGnd8po27UK9fzOZ6Tf00cW2A9mqEEBqThPJPCG
F/ZW3DReLpLPHjaXQmnbT2lE28zl9GTwyK/hh0gwAqPpvImoIAFtPMiAjZtzCSPY
ALljoqM7lH9BGm1NeI5mzjAztDVr6ftKHskDYoP++zqWiKg7AOIGalU5PFa9Bic6
aBN7MbqaaXCbzYH+SZmiI1lQpLhCPejrwNJ134cWgh9C33DDvCir7kpyCRohXBrQ
Zqo=
-----END CERTIFICATE-----