Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Dj9v_8zE4yCNPK6Xj-OB9jaZ9k4.roa
File:                     Dj9v_8zE4yCNPK6Xj-OB9jaZ9k4.roa (raw, json)
Hash identifier:          4aY7f6v7EMLtTDAGJ3xs/+UXedTU3R354eerIz9EfNc=
Subject key identifier:   0E:3F:6F:FF:CC:C4:E3:20:8D:3C:AE:97:8F:E3:81:F6:36:99:F6:4E
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018877EBA604CD4BFC36166DD6EBA087A967
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Dj9v_8zE4yCNPK6Xj-OB9jaZ9k4.roa
Signing time:             Thu 01 Jun 2023 17:05:12 +0000
ROA not before:           Thu 01 Jun 2023 17:05:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:188:77ea:e467/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:77:eb:a6:04:cd:4b:fc:36:16:6d:d6:eb:a0:87:a9:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  1 17:05:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0e3f6fffccc4e3208d3cae978fe381f63699f64e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:b3:a0:20:6a:01:70:e1:d8:76:25:f5:2f:ab:
                    e3:3f:d3:fa:b2:cb:25:76:46:04:89:38:36:75:eb:
                    91:10:39:51:d6:6d:35:6a:ae:27:e2:65:f4:62:db:
                    7f:d2:37:7a:45:c0:a0:53:52:34:dc:92:61:c1:b1:
                    8e:93:32:76:ad:ea:2c:1a:0f:54:5d:b4:d2:27:1d:
                    32:e2:e0:f2:3a:34:8c:77:0f:f2:bf:39:f2:69:4b:
                    a5:fe:aa:52:d0:bf:aa:f2:22:3a:49:53:58:5d:30:
                    38:a6:80:88:01:46:d6:2b:05:7d:62:b9:80:28:15:
                    e6:56:2f:ec:ea:bc:41:0a:e4:93:9d:07:7f:09:8a:
                    9f:45:25:42:ec:51:11:19:01:ee:db:07:43:2c:98:
                    d6:45:62:69:e9:7f:89:11:a7:91:7f:42:52:66:fe:
                    c5:51:6c:85:0d:10:0f:c5:55:b4:f3:a4:6c:1d:ec:
                    5f:55:53:8c:48:09:a5:14:99:09:cb:59:ed:1e:bb:
                    48:de:eb:b8:86:8c:0e:59:f0:c3:4d:7d:63:ea:60:
                    b8:2b:6d:8f:90:58:74:40:9a:be:12:ba:3f:5b:fb:
                    64:0e:af:c2:75:c6:82:7c:b6:ae:98:d7:10:9e:c1:
                    55:c7:d9:18:b3:68:53:df:12:35:19:7a:89:50:0b:
                    ee:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:3F:6F:FF:CC:C4:E3:20:8D:3C:AE:97:8F:E3:81:F6:36:99:F6:4E
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Dj9v_8zE4yCNPK6Xj-OB9jaZ9k4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         46:d9:7b:7c:e9:df:3b:eb:73:ff:d3:e2:f5:e7:28:58:55:94:
         ce:09:97:16:96:5a:08:22:75:b3:a2:bc:66:5a:02:10:da:6c:
         ff:db:1e:18:2a:32:c4:b5:04:53:df:c1:d6:8d:cd:f9:47:16:
         7c:3f:be:6e:4b:6c:1c:8d:4e:a7:6d:af:88:33:06:2a:8f:3b:
         81:1f:a8:54:93:ae:80:4e:ff:06:b2:b4:ce:d9:72:ae:fd:80:
         17:40:0b:d3:16:d3:e6:c5:b2:d0:6e:a3:47:88:37:dd:4a:0b:
         08:0c:0b:74:33:9f:7b:d8:5c:61:76:14:fb:50:60:36:23:12:
         db:05:99:91:b0:dd:11:32:22:fc:a5:19:16:2d:35:96:36:3c:
         f0:39:e7:fa:a8:25:49:c4:e1:24:a4:9e:96:d2:f2:dc:76:24:
         7d:e6:a7:9d:20:51:a6:86:76:b6:7a:dc:c2:fb:12:fb:b0:d1:
         20:b0:29:4e:b6:a9:5a:b0:72:cc:21:27:51:89:44:f1:ba:6c:
         f7:ea:60:a6:16:2c:7f:5d:53:b2:b2:45:f9:38:49:6e:00:c3:
         82:d6:1e:90:1d:0c:a1:0c:b5:5a:6b:a4:11:b8:d2:c1:1b:71:
         af:e0:59:1e:ba:01:e2:1f:ee:22:3b:bd:6d:29:33:70:d2:2c:
         cf:6a:60:36
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYh366YEzUv8NhZt1uugh6lnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjAxMTcwNTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTNmNmZmZmNjYzRlMzIwOGQzY2FlOTc4ZmUzODFmNjM2OTlmNjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorOgIGoBcOHYdiX1L6vjP9P6sssl
dkYEiTg2deuREDlR1m01aq4n4mX0Ytt/0jd6RcCgU1I03JJhwbGOkzJ2reosGg9U
XbTSJx0y4uDyOjSMdw/yvznyaUul/qpS0L+q8iI6SVNYXTA4poCIAUbWKwV9YrmA
KBXmVi/s6rxBCuSTnQd/CYqfRSVC7FERGQHu2wdDLJjWRWJp6X+JEaeRf0JSZv7F
UWyFDRAPxVW086RsHexfVVOMSAmlFJkJy1ntHrtI3uu4howOWfDDTX1j6mC4K22P
kFh0QJq+Ero/W/tkDq/CdcaCfLaumNcQnsFVx9kYs2hT3xI1GXqJUAvuzQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFA4/b//MxOMgjTyul4/jgfY2mfZOMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvRGo5dl84ekU0eUNOUEs2WGotT0I5amFaOWs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEbZe3zp3zvrc//T4vXn
KFhVlM4JlxaWWggidbOivGZaAhDabP/bHhgqMsS1BFPfwdaNzflHFnw/vm5LbByN
Tqdtr4gzBiqPO4EfqFSTroBO/waytM7Zcq79gBdAC9MW0+bFstBuo0eIN91KCwgM
C3Qzn3vYXGF2FPtQYDYjEtsFmZGw3REyIvylGRYtNZY2PPA55/qoJUnE4SSknpbS
8tx2JH3mp50gUaaGdrZ63ML7Evuw0SCwKU62qVqwcswhJ1GJRPG6bPfqYKYWLH9d
U7KyRfk4SW4Aw4LWHpAdDKEMtVprpBG40sEbca/gWR66AeIf7iI7vW0pM3DSLM9q
YDY=
-----END CERTIFICATE-----