Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Dosaxa5oAWEmv_stmIqC4Y6RS6Q.roa
File:                     Dosaxa5oAWEmv_stmIqC4Y6RS6Q.roa (raw, json)
Hash identifier:          Y4xk7UtbxtjSxS+Lian6cQ2bYIABknCMLDH5x7lzcdQ=
Subject key identifier:   0E:8B:1A:C5:AE:68:01:61:26:BF:FB:2D:98:8A:82:E1:8E:91:4B:A4
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018710EEA034D24A35A9D48CB105F53D3B89
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Dosaxa5oAWEmv_stmIqC4Y6RS6Q.roa
Signing time:             Fri 24 Mar 2023 00:04:46 +0000
ROA not before:           Fri 24 Mar 2023 00:04:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
                          2001:67c:64:ffff:0:187:10ee:7b3e/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:10:ee:a0:34:d2:4a:35:a9:d4:8c:b1:05:f5:3d:3b:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 24 00:04:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0e8b1ac5ae68016126bffb2d988a82e18e914ba4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:ae:ff:d1:28:01:fb:88:88:ba:bf:c9:82:65:
                    cc:86:68:df:92:8e:8d:2b:9a:af:12:73:50:19:bf:
                    65:3e:23:bd:67:8e:2b:80:01:2e:1b:c1:30:ff:59:
                    02:04:c6:0f:b1:fb:f5:56:69:9c:20:1f:ac:44:14:
                    58:3e:78:ea:71:a8:f5:9c:00:c8:7d:18:cd:f9:56:
                    3e:26:61:eb:6c:98:b1:a3:87:63:9b:9e:8b:d7:94:
                    5a:1a:c9:9b:fc:b5:6b:37:27:f3:e9:3b:a5:99:b7:
                    94:24:c1:57:e3:44:79:da:76:c7:3b:dd:14:0a:f9:
                    6e:72:ca:61:39:55:b4:f6:e9:d2:79:fc:1d:1d:f5:
                    73:0d:64:4e:00:d5:81:60:eb:42:5b:b7:68:b7:74:
                    77:6f:76:cb:72:f9:cc:c0:f3:12:41:37:c9:84:9f:
                    43:4e:fe:e3:79:19:f5:4a:df:e3:e0:b7:1b:71:b0:
                    ef:bd:e8:a4:4f:48:fd:b1:49:93:4e:3d:f9:06:7a:
                    ce:c7:ff:74:51:70:dd:7b:57:27:8b:df:f9:58:1b:
                    0d:7a:5b:05:6c:d8:bb:4f:c6:4e:b8:55:0f:ce:99:
                    fb:4c:c4:f5:cb:b0:99:4e:ed:28:57:da:8a:4a:68:
                    87:52:57:01:61:26:af:08:ce:70:e1:f2:bf:03:e2:
                    70:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:8B:1A:C5:AE:68:01:61:26:BF:FB:2D:98:8A:82:E1:8E:91:4B:A4
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Dosaxa5oAWEmv_stmIqC4Y6RS6Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         34:08:a3:2d:3b:7d:9c:c5:b0:11:ae:d0:cd:97:2e:ca:d8:f5:
         bc:90:00:22:4b:47:37:b4:52:eb:97:78:e5:12:89:f4:18:f5:
         d0:05:40:2e:1f:1f:42:6f:53:5b:d4:36:8f:ed:40:ab:ad:13:
         91:05:16:a0:54:47:f5:3e:c1:95:a0:18:99:2a:3a:3f:60:64:
         1a:89:4f:c1:f4:91:e0:ae:4d:d0:25:6f:83:c9:2c:07:a8:1e:
         84:c7:8d:14:a7:c2:58:d2:03:4b:fb:65:d5:1c:c4:70:43:24:
         94:7d:e4:72:1e:6c:ef:b3:07:6b:11:3a:55:c2:7b:ce:00:fd:
         a9:5b:6b:ba:a0:98:b8:bc:73:71:d3:b2:b4:12:6a:1d:8c:00:
         e8:51:a0:8a:02:82:fa:c2:9d:8e:c2:4c:62:ce:8a:30:1d:df:
         ac:9c:88:a3:a7:dc:5c:66:8d:1c:9a:f0:18:da:a7:11:c4:91:
         cb:c3:6d:36:cc:2d:49:96:99:b2:94:8a:43:b8:3b:7d:4b:99:
         a9:06:4b:13:86:ba:0f:2b:9d:8b:72:26:84:f2:09:fb:74:5a:
         86:0b:3c:03:2b:ef:fe:45:20:27:5d:0d:72:f0:f2:d2:6b:c0:
         d1:07:1b:74:ea:ba:4b:55:1b:04:eb:a0:81:a8:76:c5:a4:48:
         c4:ec:f3:10
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcQ7qA00ko1qdSMsQX1PTuJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI0MDAwNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZThiMWFjNWFlNjgwMTYxMjZiZmZiMmQ5ODhhODJlMThlOTE0YmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiq7/0SgB+4iIur/JgmXMhmjfko6N
K5qvEnNQGb9lPiO9Z44rgAEuG8Ew/1kCBMYPsfv1VmmcIB+sRBRYPnjqcaj1nADI
fRjN+VY+JmHrbJixo4djm56L15RaGsmb/LVrNyfz6TulmbeUJMFX40R52nbHO90U
CvlucsphOVW09unSefwdHfVzDWROANWBYOtCW7dot3R3b3bLcvnMwPMSQTfJhJ9D
Tv7jeRn1St/j4LcbcbDvveikT0j9sUmTTj35BnrOx/90UXDde1cni9/5WBsNelsF
bNi7T8ZOuFUPzpn7TMT1y7CZTu0oV9qKSmiHUlcBYSavCM5w4fK/A+JwLwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFA6LGsWuaAFhJr/7LZiKguGOkUukMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvRG9zYXhhNW9BV0Vtdl9zdG1JcUM0WTZSUzZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADQIoy07fZzFsBGu0M2X
LsrY9byQACJLRze0UuuXeOUSifQY9dAFQC4fH0JvU1vUNo/tQKutE5EFFqBUR/U+
wZWgGJkqOj9gZBqJT8H0keCuTdAlb4PJLAeoHoTHjRSnwljSA0v7ZdUcxHBDJJR9
5HIebO+zB2sROlXCe84A/alba7qgmLi8c3HTsrQSah2MAOhRoIoCgvrCnY7CTGLO
ijAd36yciKOn3FxmjRya8BjapxHEkcvDbTbMLUmWmbKUikO4O31LmakGSxOGug8r
nYtyJoTyCft0WoYLPAMr7/5FICddDXLw8tJrwNEHG3TquktVGwTroIGodsWkSMTs
8xA=
-----END CERTIFICATE-----