Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/I3UQISrdUoN5Z0Qv8zrOkAsVEwY.roa
File:                     I3UQISrdUoN5Z0Qv8zrOkAsVEwY.roa (raw, json)
Hash identifier:          NcoEmRjh0AejTP7/LEBg2GCfwLdAAhIuvjOx9NA9YSc=
Subject key identifier:   23:75:10:21:2A:DD:52:83:79:67:44:2F:F3:3A:CE:90:0B:15:13:06
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187563D7A20987EDE603748A94FC0BECB65
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/I3UQISrdUoN5Z0Qv8zrOkAsVEwY.roa
Signing time:             Thu 06 Apr 2023 11:04:42 +0000
ROA not before:           Thu 06 Apr 2023 11:04:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:563d:35d3/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:56:3d:7a:20:98:7e:de:60:37:48:a9:4f:c0:be:cb:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  6 11:04:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=237510212add52837967442ff33ace900b151306
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:35:09:fc:71:72:62:5f:23:d3:a8:9d:08:e8:
                    2e:fa:07:ac:7e:8d:04:cb:bf:58:47:76:45:e3:fc:
                    a1:e3:34:e2:de:75:f6:02:c9:ac:52:b3:92:f3:dc:
                    d7:01:36:2a:2e:ad:90:da:41:94:8c:7f:d4:83:c4:
                    3d:22:a6:cb:de:66:a0:e4:bf:5c:b8:7f:80:0a:26:
                    12:2b:bc:5c:0a:07:ba:86:71:2d:07:5f:82:3a:1c:
                    da:2a:e8:c7:84:b8:ae:a0:80:70:65:44:f4:aa:a0:
                    ee:b0:a9:1f:5c:62:52:03:16:b7:d9:af:ef:52:95:
                    5f:67:8c:22:a3:53:01:b7:ad:a8:66:10:bb:8c:65:
                    82:96:a5:4b:74:89:ad:2a:54:8e:2b:37:68:d3:da:
                    ea:ae:57:74:e3:1f:36:5c:2e:9a:a2:4a:ce:53:4f:
                    e9:17:e8:1c:2a:4a:d5:1f:34:52:85:0a:ca:8a:b1:
                    b8:e6:9b:e9:c8:5f:df:53:63:03:5b:6a:11:91:e7:
                    48:54:a9:8d:fd:80:96:b5:0c:cf:12:0d:5b:e8:2e:
                    13:5b:65:00:66:fc:b4:4a:7a:6f:24:dc:2d:c3:99:
                    db:16:2b:99:f4:5d:da:d0:13:e2:a4:cb:88:ce:a1:
                    01:07:1c:6f:41:33:3f:80:85:1b:ee:ee:8a:6c:c1:
                    e2:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:75:10:21:2A:DD:52:83:79:67:44:2F:F3:3A:CE:90:0B:15:13:06
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/I3UQISrdUoN5Z0Qv8zrOkAsVEwY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         87:97:e9:be:07:0a:b5:c3:60:8f:cb:86:8d:fc:06:af:1e:1f:
         21:b5:10:25:fd:38:77:be:cf:3e:02:bb:6c:d0:a2:62:d5:d1:
         9b:c5:4e:46:c8:41:34:d1:6e:b4:30:61:c3:c3:21:cb:fd:fa:
         bb:02:09:2a:09:6b:e6:39:dd:36:a9:01:a7:d8:ed:2d:0a:9b:
         c0:7d:fd:37:9b:28:36:4b:be:96:3f:b6:8f:63:bc:36:57:89:
         92:89:58:d0:b0:c8:7e:90:9f:5f:b1:9c:3b:1a:9b:bf:9b:b4:
         fb:ea:c6:3f:9a:b5:05:37:31:d3:23:4c:ad:7e:4a:2e:99:78:
         22:7d:8b:26:7b:3d:fc:fd:45:41:57:eb:c5:c3:8f:c1:b5:04:
         3c:51:c7:cc:a2:ec:16:28:a3:29:96:62:23:6d:17:3b:48:63:
         da:21:c2:8e:f8:e9:1a:e7:37:d5:86:c6:33:5b:fe:53:1c:40:
         44:2b:a9:47:85:da:49:85:ff:3c:a8:fa:0f:aa:cf:f1:ac:d2:
         87:d7:e7:f2:95:a6:28:4b:24:39:69:0e:3a:eb:0d:da:a6:48:
         29:b5:a4:5f:41:a1:5c:94:fe:56:3d:0e:23:0e:b1:f3:6e:32:
         5d:c1:66:87:8c:68:aa:db:b1:1e:6e:cf:f8:e1:1f:7a:e5:28:
         cc:3f:30:aa
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdWPXogmH7eYDdIqU/AvstlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDA2MTEwNDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzc1MTAyMTJhZGQ1MjgzNzk2NzQ0MmZmMzNhY2U5MDBiMTUxMzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3DUJ/HFyYl8j06idCOgu+gesfo0E
y79YR3ZF4/yh4zTi3nX2AsmsUrOS89zXATYqLq2Q2kGUjH/Ug8Q9IqbL3mag5L9c
uH+ACiYSK7xcCge6hnEtB1+COhzaKujHhLiuoIBwZUT0qqDusKkfXGJSAxa32a/v
UpVfZ4wio1MBt62oZhC7jGWClqVLdImtKlSOKzdo09rqrld04x82XC6aokrOU0/p
F+gcKkrVHzRShQrKirG45pvpyF/fU2MDW2oRkedIVKmN/YCWtQzPEg1b6C4TW2UA
Zvy0SnpvJNwtw5nbFiuZ9F3a0BPipMuIzqEBBxxvQTM/gIUb7u6KbMHimQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCN1ECEq3VKDeWdEL/M6zpALFRMGMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSTNVUUlTcmRVb041WjBRdjh6ck9rQXNWRXdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIeX6b4HCrXDYI/Lho38
Bq8eHyG1ECX9OHe+zz4Cu2zQomLV0ZvFTkbIQTTRbrQwYcPDIcv9+rsCCSoJa+Y5
3TapAafY7S0Km8B9/TebKDZLvpY/to9jvDZXiZKJWNCwyH6Qn1+xnDsam7+btPvq
xj+atQU3MdMjTK1+Si6ZeCJ9iyZ7Pfz9RUFX68XDj8G1BDxRx8yi7BYooymWYiNt
FztIY9ohwo746RrnN9WGxjNb/lMcQEQrqUeF2kmF/zyo+g+qz/Gs0ofX5/KVpihL
JDlpDjrrDdqmSCm1pF9BoVyU/lY9DiMOsfNuMl3BZoeMaKrbsR5uz/jhH3rlKMw/
MKo=
-----END CERTIFICATE-----