Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CkXdR775Bpc6lJP5GaGaLl1g-PE.roa
File:                     CkXdR775Bpc6lJP5GaGaLl1g-PE.roa (raw, json)
Hash identifier:          gIrIf9y+gSaUS54k8X1lgLsRdF5EQTI43afve/uJvJ0=
Subject key identifier:   0A:45:DD:47:BE:F9:06:97:3A:94:93:F9:19:A1:9A:2E:5D:60:F8:F1
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187F274109E43F2E1875CD1F3C665650884
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CkXdR775Bpc6lJP5GaGaLl1g-PE.roa
Signing time:             Sat 06 May 2023 19:05:05 +0000
ROA not before:           Sat 06 May 2023 19:05:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:187:f273:3e6e/128 maxlen: 128
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:f2:74:10:9e:43:f2:e1:87:5c:d1:f3:c6:65:65:08:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  6 19:05:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0a45dd47bef906973a9493f919a19a2e5d60f8f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:d5:c3:50:f9:78:e5:2c:f4:3f:a2:b7:18:53:
                    5c:16:51:ab:3a:2f:ac:0f:5a:85:42:28:de:5d:af:
                    fb:bb:e9:da:35:1c:59:49:22:8d:c9:c2:91:f7:64:
                    12:1c:43:bf:9f:59:94:b2:e5:b1:c1:07:93:6e:2a:
                    3c:27:9f:8a:b0:66:2f:f8:8a:ef:40:39:6a:43:65:
                    30:64:85:10:89:1b:24:07:d2:a2:7b:1a:22:15:7e:
                    15:06:e3:63:86:21:cc:26:13:97:01:c7:02:17:c8:
                    c1:72:bc:ac:a5:3a:26:7f:06:79:f6:8f:ec:17:1d:
                    8e:c7:df:8d:67:de:ce:17:2a:cc:97:92:d4:84:6c:
                    fb:68:54:1b:59:5a:52:c0:78:c4:8a:59:10:22:1a:
                    bb:de:cf:7a:bf:8b:21:00:91:5a:c5:17:e7:71:98:
                    02:bd:59:5a:52:cf:6c:f2:0b:5b:bb:b4:68:5b:a3:
                    ef:14:c5:83:6d:91:86:32:23:8e:a7:dc:88:c3:45:
                    58:68:fc:13:54:c8:ad:2a:0b:f1:7d:9f:01:71:57:
                    7b:9e:1b:a4:5b:f9:6c:84:80:67:cd:dc:95:99:77:
                    1f:2d:44:dd:eb:52:d9:67:d9:75:9c:04:fb:82:39:
                    65:b4:9c:d0:72:81:3f:65:88:d6:26:e4:92:62:20:
                    db:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:45:DD:47:BE:F9:06:97:3A:94:93:F9:19:A1:9A:2E:5D:60:F8:F1
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CkXdR775Bpc6lJP5GaGaLl1g-PE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         40:bc:94:b7:ce:3a:c1:a8:cd:e0:85:b8:d8:c2:43:e1:26:fa:
         e0:01:fc:03:7c:f9:d9:a8:9f:5d:40:f6:dc:12:3a:37:a1:fd:
         dc:88:e5:de:33:b2:5a:60:f6:34:2f:8d:54:ac:90:f1:eb:9c:
         74:8e:5c:7b:85:c8:2f:65:01:fa:55:f7:4e:0d:b3:9d:e1:ad:
         be:99:ac:90:df:4e:81:79:2d:b4:d5:c7:21:6a:9f:2e:c3:bc:
         b6:65:99:5e:42:f6:3a:b0:32:9e:be:96:d8:38:ca:dc:58:e3:
         65:d7:af:db:b5:2d:be:28:e6:a5:ea:04:91:c3:b0:15:f3:a5:
         1b:03:f9:7c:90:23:36:06:c0:0e:8b:9a:16:a6:b7:c6:2c:5a:
         2b:f3:93:9d:c3:2f:f4:69:be:d0:e8:bc:ab:c5:de:75:e8:5a:
         ca:e3:15:b6:6f:33:fe:32:f2:9a:16:33:c9:8c:a0:b4:72:02:
         55:8e:d6:09:b5:7f:06:a8:dc:93:d1:73:cf:16:73:22:f4:3b:
         0f:f4:1a:15:07:28:0a:64:c4:73:ce:18:b1:84:df:a1:a6:c4:
         1e:4a:f3:5a:b3:d1:88:b1:52:b1:63:1b:f5:a9:18:e8:86:26:
         38:2e:d5:b2:3b:8e:b9:91:f7:94:28:d6:0e:b7:7e:66:b0:f0:
         90:ce:c1:09
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfydBCeQ/Lhh1zR88ZlZQiEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA2MTkwNTA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTQ1ZGQ0N2JlZjkwNjk3M2E5NDkzZjkxOWExOWEyZTVkNjBmOGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNXDUPl45Sz0P6K3GFNcFlGrOi+s
D1qFQijeXa/7u+naNRxZSSKNycKR92QSHEO/n1mUsuWxwQeTbio8J5+KsGYv+Irv
QDlqQ2UwZIUQiRskB9KiexoiFX4VBuNjhiHMJhOXAccCF8jBcryspTomfwZ59o/s
Fx2Ox9+NZ97OFyrMl5LUhGz7aFQbWVpSwHjEilkQIhq73s96v4shAJFaxRfncZgC
vVlaUs9s8gtbu7RoW6PvFMWDbZGGMiOOp9yIw0VYaPwTVMitKgvxfZ8BcVd7nhuk
W/lshIBnzdyVmXcfLUTd61LZZ9l1nAT7gjlltJzQcoE/ZYjWJuSSYiDbLwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFApF3Ue++QaXOpST+Rmhmi5dYPjxMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQ2tYZFI3NzVCcGM2bEpQNUdhR2FMbDFnLVBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEC8lLfOOsGozeCFuNjC
Q+Em+uAB/AN8+dmon11A9twSOjeh/dyI5d4zslpg9jQvjVSskPHrnHSOXHuFyC9l
AfpV904Ns53hrb6ZrJDfToF5LbTVxyFqny7DvLZlmV5C9jqwMp6+ltg4ytxY42XX
r9u1Lb4o5qXqBJHDsBXzpRsD+XyQIzYGwA6Lmhamt8YsWivzk53DL/RpvtDovKvF
3nXoWsrjFbZvM/4y8poWM8mMoLRyAlWO1gm1fwao3JPRc88WcyL0Ow/0GhUHKApk
xHPOGLGE36GmxB5K81qz0YixUrFjG/WpGOiGJjgu1bI7jrmR95Qo1g63fmaw8JDO
wQk=
-----END CERTIFICATE-----