Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/EiFrug43ZcGQV8HxkGCzr2fxGYo.roa
File:                     EiFrug43ZcGQV8HxkGCzr2fxGYo.roa (raw, json)
Hash identifier:          vKzpi8DQygWDyXT/q9heTRIM/+kAniMfW+ARC21/8UA=
Subject key identifier:   12:21:6B:BA:0E:37:65:C1:90:57:C1:F1:90:60:B3:AF:67:F1:19:8A
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187EDF62926A9627F9A4E511159C6161ECD
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/EiFrug43ZcGQV8HxkGCzr2fxGYo.roa
Signing time:             Fri 05 May 2023 22:09:05 +0000
ROA not before:           Fri 05 May 2023 22:09:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:ed:f6:29:26:a9:62:7f:9a:4e:51:11:59:c6:16:1e:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  5 22:09:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=12216bba0e3765c19057c1f19060b3af67f1198a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:9b:ec:b3:91:45:9e:e8:75:aa:2d:2a:85:00:
                    14:78:c5:53:52:62:b5:5e:ae:35:85:f0:bf:22:10:
                    75:1c:05:f7:82:a3:98:e2:9a:ac:ca:0f:89:33:1b:
                    e7:c6:b0:a3:29:bb:4e:d4:af:b9:b6:bd:00:af:35:
                    83:7d:f7:78:b0:cb:5a:09:b2:b6:2b:3d:e8:7f:74:
                    fe:4f:90:a1:50:5a:7e:22:7a:ff:d4:48:72:ad:5c:
                    b0:c3:2d:39:e9:a5:34:6d:17:ac:28:9d:77:c4:cf:
                    d6:7c:5e:aa:34:1e:06:4e:a3:4e:47:ba:f0:e7:6b:
                    9d:47:f2:e3:06:bf:48:91:f6:b5:5a:9b:83:f9:b4:
                    bb:93:20:00:6d:3c:2a:01:9c:67:72:f8:13:15:97:
                    cc:4f:a4:4c:6d:78:f8:fd:a0:3f:fc:b7:19:cf:62:
                    13:79:77:00:81:98:6e:f2:20:7d:5b:98:ba:99:65:
                    6b:bf:98:86:65:39:01:4e:b6:f5:24:d5:9e:5a:28:
                    0b:f0:77:08:ca:bd:6c:2b:7c:ee:30:7f:43:34:bd:
                    2f:69:84:78:0c:a2:9a:50:7b:bd:5b:9f:62:c7:2b:
                    16:c7:00:d1:37:67:da:08:84:e4:4f:9b:53:13:d0:
                    09:84:ba:b9:e4:27:3e:96:11:19:b0:8f:05:0b:fc:
                    94:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:21:6B:BA:0E:37:65:C1:90:57:C1:F1:90:60:B3:AF:67:F1:19:8A
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/EiFrug43ZcGQV8HxkGCzr2fxGYo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         ae:f2:47:c3:73:85:93:4b:0e:83:2a:c5:14:62:7d:52:63:87:
         d0:d3:24:64:fe:4f:21:1e:c2:48:cf:72:11:b1:b4:2f:6d:28:
         41:c3:9b:b2:4e:4d:de:87:72:3b:86:8c:06:d2:a4:72:31:14:
         36:45:6f:08:29:ef:69:cc:2f:ad:67:49:96:a9:ee:ff:29:2a:
         cd:f5:da:ec:43:a5:37:fd:a6:c6:90:4a:d6:19:ff:0d:ae:61:
         5b:0c:da:05:20:39:93:79:e1:33:66:f6:8b:ea:c2:90:67:d4:
         48:85:47:a3:46:6e:b8:f0:9d:9c:12:0b:8b:e9:97:44:1e:f2:
         85:60:36:c9:b1:d2:40:60:b2:29:0d:a3:6e:e6:b9:0b:90:64:
         6b:0a:d2:b3:ce:42:2f:b3:f6:2a:10:6f:53:ac:1c:b9:16:71:
         d0:f3:d9:e4:5c:fe:76:00:00:6a:8d:60:62:c8:22:90:3c:02:
         52:dc:ba:9e:80:fa:bc:37:74:79:99:d0:82:4f:e3:1b:f7:94:
         fe:dc:40:a0:ed:ec:1a:d2:eb:40:1a:5f:cf:01:4c:8d:55:b9:
         08:85:11:ee:57:f6:42:5f:9a:4a:c9:4d:e9:64:98:2e:6d:c3:
         bf:14:08:93:43:5c:c7:70:d1:9c:72:6b:f1:3a:b8:b7:1b:22:
         f2:c6:69:06
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYft9ikmqWJ/mk5REVnGFh7NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA1MjIwOTA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjIxNmJiYTBlMzc2NWMxOTA1N2MxZjE5MDYwYjNhZjY3ZjExOThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjZvss5FFnuh1qi0qhQAUeMVTUmK1
Xq41hfC/IhB1HAX3gqOY4pqsyg+JMxvnxrCjKbtO1K+5tr0ArzWDffd4sMtaCbK2
Kz3of3T+T5ChUFp+Inr/1EhyrVywwy056aU0bResKJ13xM/WfF6qNB4GTqNOR7rw
52udR/LjBr9Ikfa1WpuD+bS7kyAAbTwqAZxncvgTFZfMT6RMbXj4/aA//LcZz2IT
eXcAgZhu8iB9W5i6mWVrv5iGZTkBTrb1JNWeWigL8HcIyr1sK3zuMH9DNL0vaYR4
DKKaUHu9W59ixysWxwDRN2faCITkT5tTE9AJhLq55Cc+lhEZsI8FC/yUmQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBIha7oON2XBkFfB8ZBgs69n8RmKMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvRWlGcnVnNDNaY0dRVjhIeGtHQ3pyMmZ4R1lvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAK7yR8NzhZNLDoMqxRRi
fVJjh9DTJGT+TyEewkjPchGxtC9tKEHDm7JOTd6HcjuGjAbSpHIxFDZFbwgp72nM
L61nSZap7v8pKs312uxDpTf9psaQStYZ/w2uYVsM2gUgOZN54TNm9ovqwpBn1EiF
R6NGbrjwnZwSC4vpl0Qe8oVgNsmx0kBgsikNo27muQuQZGsK0rPOQi+z9ioQb1Os
HLkWcdDz2eRc/nYAAGqNYGLIIpA8AlLcup6A+rw3dHmZ0IJP4xv3lP7cQKDt7BrS
60AaX88BTI1VuQiFEe5X9kJfmkrJTelkmC5tw78UCJNDXMdw0Zxya/E6uLcbIvLG
aQY=
-----END CERTIFICATE-----