Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/IGMHsN5loySlvj0NYnzy2HnjYHQ.roa
File:                     IGMHsN5loySlvj0NYnzy2HnjYHQ.roa (raw, json)
Hash identifier:          zApqQF8c2M2ro5eX39bkPrvr/FlW8fbRcjg3MVB8u5k=
Subject key identifier:   20:63:07:B0:DE:65:A3:24:A5:BE:3D:0D:62:7C:F2:D8:79:E3:60:74
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018765EC113B1C2B12E7CCC9B3FC9CBC68B5
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/IGMHsN5loySlvj0NYnzy2HnjYHQ.roa
Signing time:             Sun 09 Apr 2023 12:09:42 +0000
ROA not before:           Sun 09 Apr 2023 12:09:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:65:ec:11:3b:1c:2b:12:e7:cc:c9:b3:fc:9c:bc:68:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  9 12:09:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=206307b0de65a324a5be3d0d627cf2d879e36074
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:d2:20:31:be:56:69:5d:a4:0b:84:31:03:1b:
                    f3:13:91:6e:39:0e:8e:7e:c4:46:c7:f7:2d:c4:53:
                    bd:3a:f9:89:88:e4:7c:39:f7:9e:df:f4:33:f3:68:
                    d0:65:b9:1b:1f:b2:db:52:dd:60:69:78:24:78:89:
                    da:b1:4d:69:23:e1:1f:52:24:65:c8:b2:9a:0b:25:
                    a6:44:a6:7c:cf:87:70:df:4e:3c:ad:1b:39:5f:5b:
                    12:82:4a:4d:91:d5:28:85:39:ec:a1:1a:e8:4e:3c:
                    28:c0:95:94:ef:8e:90:6d:be:85:cf:50:cf:21:53:
                    38:33:9e:4b:d4:43:ff:b3:7e:9b:62:53:39:5c:5f:
                    53:76:de:3d:43:a4:81:59:d7:3e:9f:e4:1c:62:3f:
                    bb:59:c4:62:84:ac:eb:14:7d:5e:05:0d:f9:a1:3d:
                    40:72:60:df:82:37:01:09:d1:19:65:44:68:e8:47:
                    8e:5f:c7:a0:b8:a0:02:c3:38:3d:a0:6e:4f:0a:82:
                    63:11:d3:5c:eb:df:2d:b5:ed:2b:00:dc:e2:4d:b8:
                    33:2b:50:c5:da:bd:2d:f3:05:a7:75:7a:35:99:4a:
                    8c:a2:98:f8:fb:a0:c3:d9:18:a7:d0:40:36:13:e5:
                    54:32:9a:35:7f:7e:b4:6f:64:64:c6:64:d1:08:03:
                    da:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:63:07:B0:DE:65:A3:24:A5:BE:3D:0D:62:7C:F2:D8:79:E3:60:74
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/IGMHsN5loySlvj0NYnzy2HnjYHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         87:15:fa:13:aa:c2:e8:62:65:0a:ee:e7:e5:b7:d3:e1:75:4c:
         5c:f7:5f:ed:2e:73:dd:43:45:01:ec:eb:b0:7f:16:8e:f9:d0:
         a6:46:01:09:29:69:fd:45:8e:c9:f7:54:ac:5d:d2:0a:a2:23:
         c1:15:19:64:00:97:b7:d0:01:eb:cf:93:57:a9:05:cb:27:2d:
         94:86:fb:98:b3:ae:15:2e:89:02:a2:37:49:c7:26:d4:ea:ba:
         21:f3:ff:e7:98:1e:80:4e:7e:50:b1:eb:bb:71:0f:0a:61:94:
         c5:a2:6a:39:61:43:0d:70:c4:5e:0c:76:48:01:71:2d:60:61:
         71:45:c7:db:9c:89:ed:4e:01:4c:0f:1b:78:ca:2e:10:7e:40:
         63:cf:86:12:e5:86:68:75:7f:c6:72:fe:be:c5:14:04:f7:9e:
         3f:49:ce:a5:ca:7f:b6:c2:97:8d:4a:c3:e1:c9:c6:e3:cd:e6:
         a7:84:60:b9:23:da:66:53:a3:4e:34:97:f4:e7:46:58:43:28:
         40:bf:39:00:b7:3c:b5:ac:eb:38:aa:75:b2:83:92:bc:83:00:
         d1:50:58:fb:01:38:c3:6d:59:22:1e:bc:85:b6:36:eb:55:7f:
         75:59:f6:de:ef:ba:69:22:71:5c:8b:b8:9a:5a:15:f1:09:b2:
         28:1a:36:9b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdl7BE7HCsS58zJs/ycvGi1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDA5MTIwOTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDYzMDdiMGRlNjVhMzI0YTViZTNkMGQ2MjdjZjJkODc5ZTM2MDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiNIgMb5WaV2kC4QxAxvzE5FuOQ6O
fsRGx/ctxFO9OvmJiOR8Ofee3/Qz82jQZbkbH7LbUt1gaXgkeInasU1pI+EfUiRl
yLKaCyWmRKZ8z4dw3048rRs5X1sSgkpNkdUohTnsoRroTjwowJWU746Qbb6Fz1DP
IVM4M55L1EP/s36bYlM5XF9Tdt49Q6SBWdc+n+QcYj+7WcRihKzrFH1eBQ35oT1A
cmDfgjcBCdEZZURo6EeOX8eguKACwzg9oG5PCoJjEdNc698tte0rANziTbgzK1DF
2r0t8wWndXo1mUqMopj4+6DD2Rin0EA2E+VUMpo1f360b2RkxmTRCAPaCQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCBjB7DeZaMkpb49DWJ88th542B0MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSUdNSHNONWxveVNsdmowTlluenkySG5qWUhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIcV+hOqwuhiZQru5+W3
0+F1TFz3X+0uc91DRQHs67B/Fo750KZGAQkpaf1Fjsn3VKxd0gqiI8EVGWQAl7fQ
AevPk1epBcsnLZSG+5izrhUuiQKiN0nHJtTquiHz/+eYHoBOflCx67txDwphlMWi
ajlhQw1wxF4MdkgBcS1gYXFFx9ucie1OAUwPG3jKLhB+QGPPhhLlhmh1f8Zy/r7F
FAT3nj9JzqXKf7bCl41Kw+HJxuPN5qeEYLkj2mZTo040l/TnRlhDKEC/OQC3PLWs
6ziqdbKDkryDANFQWPsBOMNtWSIevIW2NutVf3VZ9t7vumkicVyLuJpaFfEJsiga
Nps=
-----END CERTIFICATE-----