Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/I403eXTu2gTxxilFh2w4XUZe7l0.roa
File:                     I403eXTu2gTxxilFh2w4XUZe7l0.roa (raw, json)
Hash identifier:          MdHVJTscu3S1o+rnQuiUqoQat3VKSW3+Voquthe2UTo=
Subject key identifier:   23:8D:37:79:74:EE:DA:04:F1:C6:29:45:87:6C:38:5D:46:5E:EE:5D
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187E674E080BE9F2486B262DF4E6BC64E54
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/I403eXTu2gTxxilFh2w4XUZe7l0.roa
Signing time:             Thu 04 May 2023 11:10:31 +0000
ROA not before:           Thu 04 May 2023 11:10:31 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:e6:74:e0:80:be:9f:24:86:b2:62:df:4e:6b:c6:4e:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  4 11:10:31 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=238d377974eeda04f1c62945876c385d465eee5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:98:8a:6c:fa:fe:f8:54:48:cb:3c:77:61:25:
                    da:45:a1:18:0b:d0:cb:79:e2:68:b9:7c:9a:92:fa:
                    cd:ff:7e:83:0c:0c:89:66:3f:18:4a:ba:5a:5e:65:
                    8e:06:7c:37:89:48:4f:ff:08:c4:08:fa:4e:7b:86:
                    6f:7c:12:bd:16:3f:40:f7:5d:bf:fd:4d:71:bf:5a:
                    de:f6:6e:15:0e:7e:34:2f:1c:18:e7:f0:b7:d0:42:
                    f7:32:77:0f:19:70:bd:a3:57:2c:8d:f9:c9:cd:00:
                    ed:9e:0e:58:97:d1:ef:e8:a4:0d:a6:b8:2f:50:1b:
                    d7:73:50:da:8a:20:20:20:2a:b4:fa:03:aa:e6:3a:
                    7c:77:f7:c5:d8:e2:9c:5b:d1:6d:2e:c8:2b:18:13:
                    70:3d:06:e0:d5:18:10:31:4e:d8:52:22:c3:c2:0e:
                    db:f2:8e:27:9a:5a:42:e4:4b:b9:63:80:51:0b:92:
                    f2:5e:bc:7e:e4:9b:e3:4e:3a:84:a0:33:6d:c1:41:
                    af:de:09:86:7e:d2:2c:49:0d:ac:4c:d4:0f:4f:a7:
                    ed:6a:a7:20:ae:6c:a4:8a:0e:ec:04:76:33:45:59:
                    44:d2:31:2d:35:1f:48:19:57:79:49:f9:02:59:ca:
                    e2:df:99:90:24:6a:2e:42:67:0f:bc:87:13:5f:a1:
                    3f:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:8D:37:79:74:EE:DA:04:F1:C6:29:45:87:6C:38:5D:46:5E:EE:5D
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/I403eXTu2gTxxilFh2w4XUZe7l0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         4e:91:84:6b:aa:af:92:6b:45:13:a7:4f:d2:a9:e8:c3:36:17:
         e0:4b:3a:3a:02:e5:de:45:8f:53:1b:6e:d0:1c:8b:b3:59:99:
         c7:98:42:2a:02:a8:a5:3e:64:69:cb:9d:34:aa:5c:33:73:8e:
         0f:69:f1:7a:3a:02:47:b7:64:43:a2:10:5e:b5:c0:a3:10:94:
         bd:53:59:b9:9b:6d:1c:e6:0f:01:50:75:c2:df:21:c6:0b:be:
         02:d6:f9:0a:be:ce:18:49:1d:2b:22:86:cc:88:ef:96:e4:f2:
         05:11:d0:17:4a:d0:74:ef:f4:c0:ab:43:56:08:9b:12:2d:7b:
         8b:4a:e2:9d:37:dc:1a:20:89:ba:3c:2b:e1:f1:97:f9:eb:8b:
         7f:14:1c:25:a2:bc:8a:b3:aa:d8:dc:12:6b:0d:3a:4d:ec:62:
         b3:b3:cd:d1:8b:cc:f8:8e:8d:d8:af:33:62:50:1d:c0:86:24:
         98:07:47:3e:d6:8d:4e:af:2f:20:01:42:5c:89:b0:55:32:78:
         07:c7:e4:df:f5:7b:cf:89:b0:56:16:ea:61:a2:38:fc:1f:0b:
         8e:c2:3d:dc:33:62:3b:5d:71:39:f2:ed:5b:78:ef:f4:af:07:
         dd:73:d7:b8:c9:02:4b:56:df:0b:ff:3c:4b:18:40:69:66:59:
         f3:8c:bd:a9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfmdOCAvp8khrJi305rxk5UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA0MTExMDMxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzhkMzc3OTc0ZWVkYTA0ZjFjNjI5NDU4NzZjMzg1ZDQ2NWVlZTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvJiKbPr++FRIyzx3YSXaRaEYC9DL
eeJouXyakvrN/36DDAyJZj8YSrpaXmWOBnw3iUhP/wjECPpOe4ZvfBK9Fj9A912/
/U1xv1re9m4VDn40LxwY5/C30EL3MncPGXC9o1csjfnJzQDtng5Yl9Hv6KQNprgv
UBvXc1DaiiAgICq0+gOq5jp8d/fF2OKcW9FtLsgrGBNwPQbg1RgQMU7YUiLDwg7b
8o4nmlpC5Eu5Y4BRC5LyXrx+5JvjTjqEoDNtwUGv3gmGftIsSQ2sTNQPT6ftaqcg
rmykig7sBHYzRVlE0jEtNR9IGVd5SfkCWcri35mQJGouQmcPvIcTX6E/DwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCONN3l07toE8cYpRYdsOF1GXu5dMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSTQwM2VYVHUyZ1R4eGlsRmgydzRYVVplN2wwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAE6RhGuqr5JrRROnT9Kp
6MM2F+BLOjoC5d5Fj1MbbtAci7NZmceYQioCqKU+ZGnLnTSqXDNzjg9p8Xo6Ake3
ZEOiEF61wKMQlL1TWbmbbRzmDwFQdcLfIcYLvgLW+Qq+zhhJHSsihsyI75bk8gUR
0BdK0HTv9MCrQ1YImxIte4tK4p033Bogibo8K+Hxl/nri38UHCWivIqzqtjcEmsN
Ok3sYrOzzdGLzPiOjdivM2JQHcCGJJgHRz7WjU6vLyABQlyJsFUyeAfH5N/1e8+J
sFYW6mGiOPwfC47CPdwzYjtdcTny7Vt47/SvB91z17jJAktW3wv/PEsYQGlmWfOM
vak=
-----END CERTIFICATE-----