Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/GXPjH21rq1FvWON2sGxdv8CF8xY.roa
File:                     GXPjH21rq1FvWON2sGxdv8CF8xY.roa (raw, json)
Hash identifier:          Ut/+OK8+5+jJapM67ibZvtrxGuk5HXVCOwHXCDr6KoM=
Subject key identifier:   19:73:E3:1F:6D:6B:AB:51:6F:58:E3:76:B0:6C:5D:BF:C0:85:F3:16
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01876A36B2D48EE2EF0D34460F8A10B69B1B
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/GXPjH21rq1FvWON2sGxdv8CF8xY.roa
Signing time:             Mon 10 Apr 2023 08:09:42 +0000
ROA not before:           Mon 10 Apr 2023 08:09:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:6a:36:b2:d4:8e:e2:ef:0d:34:46:0f:8a:10:b6:9b:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 10 08:09:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1973e31f6d6bab516f58e376b06c5dbfc085f316
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:e9:4b:27:4d:6c:eb:ff:b3:0d:0e:7d:b5:f8:
                    0c:f1:cb:32:56:cc:d4:51:3c:ba:0b:29:ac:55:cb:
                    02:29:6d:ae:90:81:d0:7e:1e:cd:39:7b:73:b6:09:
                    76:84:8b:38:04:ca:9f:67:c8:25:60:18:1d:71:e9:
                    d4:e2:74:10:25:85:a9:47:02:82:6a:11:da:e9:55:
                    c5:bb:d0:fa:d2:e6:25:0c:e1:db:54:88:4c:19:fc:
                    33:0f:b2:d3:30:ba:ff:ab:30:3b:24:fd:a4:0a:df:
                    53:f7:20:ba:1b:66:98:2a:f7:e2:ae:04:e4:70:b2:
                    28:d5:bd:e1:d6:a1:15:8e:62:29:e2:aa:b8:e4:eb:
                    42:fe:ef:99:7f:61:97:5a:4f:41:b5:cb:97:25:3c:
                    14:ac:13:91:ca:c5:66:e2:3a:ab:ef:4e:25:18:8c:
                    fd:6a:8e:52:dd:c8:84:95:b1:eb:a6:6b:a3:b2:86:
                    2b:d4:ed:ec:67:62:08:af:87:8e:9c:7f:67:d2:69:
                    a6:bd:4f:01:5f:f8:05:46:a8:63:de:b1:24:ac:9f:
                    2e:c7:28:d7:fd:d6:d8:73:81:05:2a:2d:17:a5:c7:
                    db:22:55:fb:e7:71:35:a7:aa:84:ce:ad:06:6a:f2:
                    93:a6:4e:5d:bd:45:a5:38:fb:98:06:89:07:b4:25:
                    41:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:73:E3:1F:6D:6B:AB:51:6F:58:E3:76:B0:6C:5D:BF:C0:85:F3:16
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/GXPjH21rq1FvWON2sGxdv8CF8xY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         6b:d5:d3:80:0d:c2:29:0b:56:88:2c:d4:8d:07:a8:f9:83:a8:
         d0:dd:8c:86:8e:f7:9b:2a:3c:a3:5a:3a:ac:da:42:0d:b9:50:
         16:4e:e1:8f:09:ab:0a:f5:9a:ee:52:24:09:96:87:e7:a1:f3:
         06:af:8b:85:77:93:6e:f2:fb:2b:60:71:c5:6c:bb:e5:3c:bd:
         d3:94:00:5b:e7:e1:87:31:75:13:7e:78:90:c0:04:6d:58:68:
         73:b2:27:c6:dc:cb:02:5d:0b:12:6c:f6:ef:12:0b:80:23:45:
         e4:a1:92:87:b8:65:d1:9e:af:c5:51:8d:14:1e:76:24:c3:76:
         3f:7f:e2:f7:74:4a:dc:e9:52:30:80:e9:b0:c2:3c:3f:71:5b:
         a6:1a:a4:8d:d8:e1:0e:ba:2e:45:82:4e:6a:24:21:09:27:69:
         3e:d4:f6:95:30:50:af:2c:90:c9:fa:95:54:3c:91:4b:5e:16:
         57:79:25:3f:53:1d:fc:3f:0a:22:54:a1:a3:d9:fd:b7:d8:c5:
         35:74:c5:89:86:0d:d3:01:3c:c5:46:83:d2:d1:6e:ee:89:7a:
         c3:ca:44:7c:d0:54:f0:e5:d7:c5:2d:68:75:4e:d6:36:c6:10:
         9c:98:53:24:08:17:70:f4:31:63:64:e3:24:86:21:45:b0:ed:
         9c:b1:7e:52
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdqNrLUjuLvDTRGD4oQtpsbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDEwMDgwOTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTczZTMxZjZkNmJhYjUxNmY1OGUzNzZiMDZjNWRiZmMwODVmMzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjulLJ01s6/+zDQ59tfgM8csyVszU
UTy6CymsVcsCKW2ukIHQfh7NOXtztgl2hIs4BMqfZ8glYBgdcenU4nQQJYWpRwKC
ahHa6VXFu9D60uYlDOHbVIhMGfwzD7LTMLr/qzA7JP2kCt9T9yC6G2aYKvfirgTk
cLIo1b3h1qEVjmIp4qq45OtC/u+Zf2GXWk9BtcuXJTwUrBORysVm4jqr704lGIz9
ao5S3ciElbHrpmujsoYr1O3sZ2IIr4eOnH9n0mmmvU8BX/gFRqhj3rEkrJ8uxyjX
/dbYc4EFKi0XpcfbIlX753E1p6qEzq0GavKTpk5dvUWlOPuYBokHtCVB3QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBlz4x9ta6tRb1jjdrBsXb/AhfMWMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvR1hQakgyMXJxMUZ2V09OMnNHeGR2OENGOHhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGvV04ANwikLVogs1I0H
qPmDqNDdjIaO95sqPKNaOqzaQg25UBZO4Y8Jqwr1mu5SJAmWh+eh8wavi4V3k27y
+ytgccVsu+U8vdOUAFvn4YcxdRN+eJDABG1YaHOyJ8bcywJdCxJs9u8SC4AjReSh
koe4ZdGer8VRjRQediTDdj9/4vd0StzpUjCA6bDCPD9xW6YapI3Y4Q66LkWCTmok
IQknaT7U9pUwUK8skMn6lVQ8kUteFld5JT9THfw/CiJUoaPZ/bfYxTV0xYmGDdMB
PMVGg9LRbu6JesPKRHzQVPDl18UtaHVO1jbGEJyYUyQIF3D0MWNk4ySGIUWw7Zyx
flI=
-----END CERTIFICATE-----