Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/EzN5xC8n9zT5khf9MNmCOQ60_eY.roa
File:                     EzN5xC8n9zT5khf9MNmCOQ60_eY.roa (raw, json)
Hash identifier:          dpt6m3ZDffqQKfIe0oSAKlhyY5G99CtBK+BZGjjKpc4=
Subject key identifier:   13:33:79:C4:2F:27:F7:34:F9:92:17:FD:30:D9:82:39:0E:B4:FD:E6
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187D84B4237AFD43C75C38FB686D48B2566
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/EzN5xC8n9zT5khf9MNmCOQ60_eY.roa
Signing time:             Mon 01 May 2023 17:10:23 +0000
ROA not before:           Mon 01 May 2023 17:10:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:d8:4b:42:37:af:d4:3c:75:c3:8f:b6:86:d4:8b:25:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  1 17:10:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=133379c42f27f734f99217fd30d982390eb4fde6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:fc:2e:ae:be:5d:e0:87:f0:5f:d3:08:1e:11:
                    28:94:a8:03:b2:5d:e9:eb:5f:84:c1:90:51:6f:1a:
                    a0:c4:54:74:25:19:ac:94:86:19:a6:f2:34:04:33:
                    3c:4b:72:87:aa:15:58:67:ac:03:22:87:e2:f2:ba:
                    67:31:88:78:ff:64:01:d5:4d:fa:ea:70:b3:50:9a:
                    cc:5a:52:82:98:cd:27:bf:18:2a:4a:4c:35:c2:f7:
                    e0:b1:b3:b0:de:17:24:93:32:fc:03:ea:be:64:f6:
                    40:6c:b5:de:27:41:b0:c8:9a:3b:fa:ed:ab:29:91:
                    82:5a:35:96:da:84:93:4b:33:4d:00:cd:d8:67:06:
                    68:bf:4d:55:03:65:fa:82:71:98:42:cf:48:66:b9:
                    b6:ee:59:ff:d2:78:13:ac:fb:1c:70:3f:a6:f0:5f:
                    90:18:ac:ad:7f:5a:b6:f7:e3:09:82:fb:de:29:27:
                    6f:93:6c:94:8e:d3:ce:c5:77:a8:8e:2a:a9:c9:22:
                    2b:95:e2:c2:0f:42:cd:7c:0f:6c:4e:52:4f:67:6e:
                    1e:80:49:75:02:33:32:27:90:00:46:e1:5e:ee:8c:
                    eb:e1:a2:de:0c:fd:6c:0a:a2:85:b5:cf:fb:62:53:
                    28:06:45:b8:72:5d:62:ae:10:66:48:c0:62:66:c4:
                    25:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:33:79:C4:2F:27:F7:34:F9:92:17:FD:30:D9:82:39:0E:B4:FD:E6
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/EzN5xC8n9zT5khf9MNmCOQ60_eY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         8b:86:7f:29:aa:12:dd:92:0b:43:05:9c:69:1f:5b:7b:9b:c2:
         96:2b:47:c4:a3:46:bf:f3:87:7f:e2:ab:c1:57:cc:59:23:5c:
         d5:66:d5:59:bb:a0:26:7b:88:82:e9:f4:59:a2:2a:22:76:01:
         dd:95:b6:2a:cb:48:4a:e0:ef:cb:08:9e:ec:6f:06:04:ba:67:
         3e:dc:41:58:ac:2f:b3:04:13:91:94:17:00:cc:fe:02:02:c2:
         e3:6d:b7:11:a8:ee:87:98:fb:a7:23:f4:6d:fd:c0:59:01:e6:
         ad:61:51:b2:69:68:98:a7:19:ad:fa:27:1b:29:95:43:71:fc:
         d4:97:ee:94:0f:2e:ea:2d:2a:d5:60:4a:41:c6:8d:57:11:ba:
         a5:24:9a:1f:a9:30:df:00:e9:f1:2a:25:49:d0:e6:88:3f:a4:
         b4:c4:39:29:f0:40:34:0b:e6:e4:c2:19:0b:6d:69:97:ae:b0:
         be:5b:67:bd:47:65:7c:4d:ab:15:74:50:13:de:ab:f5:e6:5b:
         16:3c:0d:3e:1a:dd:6f:11:40:ce:7d:fc:d3:e6:ce:7b:d8:3c:
         19:00:a8:2a:40:9e:e4:60:1e:82:1a:0a:87:29:5a:60:c3:3d:
         c0:46:90:06:85:2a:d9:25:5c:83:f6:94:cf:ae:87:d6:c3:7f:
         dc:f9:72:67
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfYS0I3r9Q8dcOPtobUiyVmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTAxMTcxMDIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzMzNzljNDJmMjdmNzM0Zjk5MjE3ZmQzMGQ5ODIzOTBlYjRmZGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofwurr5d4IfwX9MIHhEolKgDsl3p
61+EwZBRbxqgxFR0JRmslIYZpvI0BDM8S3KHqhVYZ6wDIofi8rpnMYh4/2QB1U36
6nCzUJrMWlKCmM0nvxgqSkw1wvfgsbOw3hckkzL8A+q+ZPZAbLXeJ0GwyJo7+u2r
KZGCWjWW2oSTSzNNAM3YZwZov01VA2X6gnGYQs9IZrm27ln/0ngTrPsccD+m8F+Q
GKytf1q29+MJgvveKSdvk2yUjtPOxXeojiqpySIrleLCD0LNfA9sTlJPZ24egEl1
AjMyJ5AARuFe7ozr4aLeDP1sCqKFtc/7YlMoBkW4cl1irhBmSMBiZsQlWwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBMzecQvJ/c0+ZIX/TDZgjkOtP3mMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvRXpONXhDOG45elQ1a2hmOU1ObUNPUTYwX2VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIuGfymqEt2SC0MFnGkf
W3ubwpYrR8SjRr/zh3/iq8FXzFkjXNVm1Vm7oCZ7iILp9FmiKiJ2Ad2VtirLSErg
78sInuxvBgS6Zz7cQVisL7MEE5GUFwDM/gICwuNttxGo7oeY+6cj9G39wFkB5q1h
UbJpaJinGa36JxsplUNx/NSX7pQPLuotKtVgSkHGjVcRuqUkmh+pMN8A6fEqJUnQ
5og/pLTEOSnwQDQL5uTCGQttaZeusL5bZ71HZXxNqxV0UBPeq/XmWxY8DT4a3W8R
QM59/NPmznvYPBkAqCpAnuRgHoIaCocpWmDDPcBGkAaFKtklXIP2lM+uh9bDf9z5
cmc=
-----END CERTIFICATE-----