Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/GyHxTbe-XD33Gutcx_7EDYrrQdA.roa
File:                     GyHxTbe-XD33Gutcx_7EDYrrQdA.roa (raw, json)
Hash identifier:          ABO0jWNXNJzBjOvOYj7hvd1Rq0neGgBS+/UDqAV2CBs=
Subject key identifier:   1B:21:F1:4D:B7:BE:5C:3D:F7:1A:EB:5C:C7:FE:C4:0D:8A:EB:41:D0
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187E9072555CB9EF783349B5538A1556097
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/GyHxTbe-XD33Gutcx_7EDYrrQdA.roa
Signing time:             Thu 04 May 2023 23:09:32 +0000
ROA not before:           Thu 04 May 2023 23:09:32 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:e9:07:25:55:cb:9e:f7:83:34:9b:55:38:a1:55:60:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  4 23:09:32 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1b21f14db7be5c3df71aeb5cc7fec40d8aeb41d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:67:27:be:d2:84:e9:0f:9f:a3:7b:45:36:ab:
                    b3:d4:53:33:a8:d9:85:c7:ff:95:3f:30:65:be:40:
                    e7:0b:72:26:08:d7:ca:53:8c:a8:4c:d8:05:fb:05:
                    e8:93:3b:db:34:5f:a0:31:b5:3a:b0:c1:43:20:4b:
                    01:fd:5a:25:68:41:3e:db:44:b0:43:82:6e:70:8c:
                    43:ab:80:9e:75:35:80:7a:18:56:05:16:23:3c:c6:
                    5c:60:1e:32:61:ae:73:c4:6f:f5:a4:06:74:af:81:
                    92:27:22:79:d0:be:0c:b1:de:52:df:41:eb:23:02:
                    de:b5:3c:81:c1:6a:04:4c:72:b6:22:1f:2e:96:6e:
                    fa:a9:50:e1:a6:41:57:98:94:66:e4:19:a7:cf:c4:
                    7e:20:f4:ec:e9:d2:41:bb:ea:ce:56:94:96:fe:86:
                    b5:3d:0b:51:62:88:be:a2:49:df:0b:07:36:fe:f3:
                    91:aa:c2:b0:4d:2b:88:25:18:85:1a:c0:f8:b5:23:
                    e7:d8:14:cf:aa:64:f2:a8:fe:e7:35:7c:c6:c1:5f:
                    bf:2e:9a:16:33:62:dc:18:fb:24:de:3e:26:e5:46:
                    fa:fe:25:98:d3:0b:51:d9:e7:c8:c3:ee:69:bd:59:
                    f5:50:04:9d:64:d9:cd:34:f9:d5:89:fa:ab:19:ed:
                    a9:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:21:F1:4D:B7:BE:5C:3D:F7:1A:EB:5C:C7:FE:C4:0D:8A:EB:41:D0
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/GyHxTbe-XD33Gutcx_7EDYrrQdA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         4d:a5:0c:08:60:ed:d2:72:c1:40:48:c0:d1:c8:d3:e9:f7:e6:
         95:3b:4e:10:98:69:31:2e:92:54:bb:80:e5:84:e5:b3:87:19:
         7f:07:57:39:2c:b0:dc:28:17:9a:ef:32:0c:28:b1:75:8a:eb:
         64:4c:44:c1:37:df:06:7c:cf:01:e6:d8:1c:a0:19:a8:30:b2:
         d5:69:f5:27:6e:7e:9c:0d:00:e7:c3:95:59:da:ad:3c:7a:c4:
         b8:33:55:ab:c1:76:ee:d0:54:53:ff:0b:e8:93:c2:4e:ca:b1:
         bc:84:3f:81:6c:45:0b:a7:af:a5:6f:7b:c9:f1:18:30:ab:da:
         f1:a4:a4:68:6f:b6:2e:a4:be:eb:83:c0:f4:c0:cd:ea:53:a3:
         69:59:54:e1:7a:23:66:26:db:c3:d7:ca:75:a0:5d:f2:32:51:
         31:be:98:92:39:08:7a:b9:be:41:a1:ed:dc:1b:bb:19:21:d2:
         a9:58:53:bd:cd:39:d6:64:89:c0:a2:7e:fe:9b:95:31:02:2f:
         0c:87:9d:2f:d4:93:01:8f:2f:e9:0b:25:b4:0d:1a:ff:2f:43:
         49:ba:54:a3:22:49:f3:c1:8b:b9:73:f0:6d:0f:b5:6f:48:a6:
         7a:0e:82:70:64:e1:46:16:58:9d:cf:ea:f8:f4:53:38:7d:25:
         f8:17:58:4e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfpByVVy573gzSbVTihVWCXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA0MjMwOTMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjIxZjE0ZGI3YmU1YzNkZjcxYWViNWNjN2ZlYzQwZDhhZWI0MWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkGcnvtKE6Q+fo3tFNquz1FMzqNmF
x/+VPzBlvkDnC3ImCNfKU4yoTNgF+wXokzvbNF+gMbU6sMFDIEsB/VolaEE+20Sw
Q4JucIxDq4CedTWAehhWBRYjPMZcYB4yYa5zxG/1pAZ0r4GSJyJ50L4Msd5S30Hr
IwLetTyBwWoETHK2Ih8ulm76qVDhpkFXmJRm5Bmnz8R+IPTs6dJBu+rOVpSW/oa1
PQtRYoi+oknfCwc2/vORqsKwTSuIJRiFGsD4tSPn2BTPqmTyqP7nNXzGwV+/LpoW
M2LcGPsk3j4m5Ub6/iWY0wtR2efIw+5pvVn1UASdZNnNNPnVifqrGe2pHQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBsh8U23vlw99xrrXMf+xA2K60HQMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvR3lIeFRiZS1YRDMzR3V0Y3hfN0VEWXJyUWRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAE2lDAhg7dJywUBIwNHI
0+n35pU7ThCYaTEuklS7gOWE5bOHGX8HVzkssNwoF5rvMgwosXWK62RMRME33wZ8
zwHm2BygGagwstVp9SdufpwNAOfDlVnarTx6xLgzVavBdu7QVFP/C+iTwk7KsbyE
P4FsRQunr6Vve8nxGDCr2vGkpGhvti6kvuuDwPTAzepTo2lZVOF6I2Ym28PXynWg
XfIyUTG+mJI5CHq5vkGh7dwbuxkh0qlYU73NOdZkicCifv6blTECLwyHnS/UkwGP
L+kLJbQNGv8vQ0m6VKMiSfPBi7lz8G0PtW9IpnoOgnBk4UYWWJ3P6vj0Uzh9JfgX
WE4=
-----END CERTIFICATE-----