Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/GY2Hrn8IM5jNS5Qxz4oZJo2TmNo.roa
File:                     GY2Hrn8IM5jNS5Qxz4oZJo2TmNo.roa (raw, json)
Hash identifier:          QnVoGfFND0KIohdZNtdDweUlGOULYT9V1DiVg7r+mg0=
Subject key identifier:   19:8D:87:AE:7F:08:33:98:CD:4B:94:31:CF:8A:19:26:8D:93:98:DA
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018830495D1EC8CB374778CA087DB6E1EEE7
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/GY2Hrn8IM5jNS5Qxz4oZJo2TmNo.roa
Signing time:             Thu 18 May 2023 19:14:54 +0000
ROA not before:           Thu 18 May 2023 19:14:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:30:49:5d:1e:c8:cb:37:47:78:ca:08:7d:b6:e1:ee:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 18 19:14:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=198d87ae7f083398cd4b9431cf8a19268d9398da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:82:20:c2:d0:d1:55:62:80:90:6b:62:49:dd:
                    ca:22:2b:c6:9c:7e:41:6a:2b:b4:b5:88:96:1a:16:
                    de:4c:f1:d1:fe:dd:33:52:46:ee:f3:11:aa:3c:04:
                    c3:f6:84:17:c7:17:ac:ca:80:06:fd:1f:b1:62:92:
                    26:9f:d6:da:4d:ae:73:e6:28:df:61:91:4a:0b:a2:
                    04:8b:ae:e3:11:cb:c8:a8:bd:e5:00:06:50:7b:25:
                    23:44:3d:8c:c0:79:c4:25:f4:4f:78:ea:ee:64:fe:
                    b3:94:c5:bd:ea:0f:69:92:bb:7a:b7:6b:a4:f2:ee:
                    ac:d3:39:24:3c:e5:e8:75:e3:6c:17:f1:7b:e4:77:
                    24:2f:4b:64:f6:44:7b:a9:fc:51:81:0f:18:76:b9:
                    84:a3:31:e1:87:ae:41:5c:d8:1d:33:d6:02:e4:33:
                    05:08:e0:a0:f6:da:89:46:6c:2f:d2:3b:2c:d4:fd:
                    8a:3d:c0:db:e2:4f:2d:b9:27:34:a2:5d:6c:22:d5:
                    7c:74:10:8a:00:1f:d9:4b:0a:63:07:8d:9d:bc:9e:
                    61:c9:15:59:e4:f6:ed:de:38:36:77:e3:db:aa:d5:
                    64:10:25:aa:e8:6d:60:ec:3f:d8:78:b9:46:44:8e:
                    09:0a:dc:a3:d1:94:96:09:4a:48:b0:54:90:f6:3c:
                    96:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:8D:87:AE:7F:08:33:98:CD:4B:94:31:CF:8A:19:26:8D:93:98:DA
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/GY2Hrn8IM5jNS5Qxz4oZJo2TmNo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2b:d6:b6:58:87:46:38:05:ea:b9:9d:af:c8:19:4d:65:dd:ce:
         6f:8b:ca:34:a0:9c:59:d8:ba:8f:6c:00:30:f6:55:11:db:d8:
         9a:0e:9b:07:60:86:37:45:05:77:d1:82:13:9f:3f:f6:66:9c:
         4e:1d:10:c0:fe:26:38:f8:1e:fc:7e:6c:8c:cd:e6:78:7e:58:
         e3:5d:d4:25:be:c5:4e:e6:77:6f:f8:f1:8d:6b:f9:13:a6:65:
         88:12:65:4b:9c:2f:63:1b:cf:ec:dc:7b:c2:78:6c:64:a3:24:
         64:64:1a:64:b8:3f:0d:2e:47:02:b4:31:78:5f:62:78:ea:d6:
         43:03:7a:fc:2d:c7:04:54:d8:d5:3b:37:62:95:29:22:81:da:
         d4:90:e4:49:5c:30:f0:82:9b:9d:4a:c0:d9:04:c7:ac:0c:8f:
         c1:c1:db:3b:6f:98:20:6a:19:d4:09:72:e9:cf:20:f1:f7:8c:
         65:19:30:d5:b2:7a:32:96:ad:da:68:3d:a7:49:77:e6:85:a9:
         1c:c3:69:ca:44:64:ff:ac:51:d0:6c:21:a2:54:71:22:30:9e:
         57:23:cd:e5:f5:14:92:ad:23:4b:a4:52:10:6a:48:4e:2a:90:
         89:eb:0c:d1:76:a4:75:12:32:f8:65:5f:4c:ac:dd:71:20:32:
         e3:e5:0b:2b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgwSV0eyMs3R3jKCH224e7nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTE4MTkxNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOThkODdhZTdmMDgzMzk4Y2Q0Yjk0MzFjZjhhMTkyNjhkOTM5OGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIIgwtDRVWKAkGtiSd3KIivGnH5B
aiu0tYiWGhbeTPHR/t0zUkbu8xGqPATD9oQXxxesyoAG/R+xYpImn9baTa5z5ijf
YZFKC6IEi67jEcvIqL3lAAZQeyUjRD2MwHnEJfRPeOruZP6zlMW96g9pkrt6t2uk
8u6s0zkkPOXodeNsF/F75HckL0tk9kR7qfxRgQ8YdrmEozHhh65BXNgdM9YC5DMF
COCg9tqJRmwv0jss1P2KPcDb4k8tuSc0ol1sItV8dBCKAB/ZSwpjB42dvJ5hyRVZ
5Pbt3jg2d+PbqtVkECWq6G1g7D/YeLlGRI4JCtyj0ZSWCUpIsFSQ9jyWZwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBmNh65/CDOYzUuUMc+KGSaNk5jaMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvR1kySHJuOElNNWpOUzVReHo0b1pKbzJUbU5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACvWtliHRjgF6rmdr8gZ
TWXdzm+LyjSgnFnYuo9sADD2VRHb2JoOmwdghjdFBXfRghOfP/ZmnE4dEMD+Jjj4
Hvx+bIzN5nh+WONd1CW+xU7md2/48Y1r+ROmZYgSZUucL2Mbz+zce8J4bGSjJGRk
GmS4Pw0uRwK0MXhfYnjq1kMDevwtxwRU2NU7N2KVKSKB2tSQ5ElcMPCCm51KwNkE
x6wMj8HB2ztvmCBqGdQJcunPIPH3jGUZMNWyejKWrdpoPadJd+aFqRzDacpEZP+s
UdBsIaJUcSIwnlcjzeX1FJKtI0ukUhBqSE4qkInrDNF2pHUSMvhlX0ys3XEgMuPl
Cys=
-----END CERTIFICATE-----