Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/IfJ3cThY0G6G7VvdDG-hEWlT96g.roa
File:                     IfJ3cThY0G6G7VvdDG-hEWlT96g.roa (raw, json)
Hash identifier:          kTzQyDM03x26kiCzbOHZFri5605lGIOr9i8FqZ5MqGY=
Subject key identifier:   21:F2:77:71:38:58:D0:6E:86:ED:5B:DD:0C:6F:A1:11:69:53:F7:A8
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186F84B44B3AD97D3381AFD79679498F59C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/IfJ3cThY0G6G7VvdDG-hEWlT96g.roa
Signing time:             Sun 19 Mar 2023 05:15:27 +0000
ROA not before:           Sun 19 Mar 2023 05:15:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:f8:4b:44:b3:ad:97:d3:38:1a:fd:79:67:94:98:f5:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 19 05:15:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=21f277713858d06e86ed5bdd0c6fa1116953f7a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:a7:b6:a5:a7:dd:7a:3d:57:3c:7d:ca:ad:46:
                    60:a4:c4:3e:e3:09:bb:91:59:e8:79:2f:15:8c:fa:
                    29:82:ea:c6:20:f6:a7:36:c1:ce:92:cf:85:07:7e:
                    05:df:ed:0e:94:5a:b9:f4:72:f0:88:25:4c:80:79:
                    31:a6:93:32:5c:bd:2b:e3:23:0f:df:f7:22:4a:cb:
                    29:4f:7c:df:89:7e:fd:81:13:5d:84:0a:f4:63:96:
                    9d:a0:6f:a5:27:36:d9:da:4d:8a:8b:f3:1d:f4:7c:
                    51:54:a2:c6:cc:f2:69:b0:30:47:bd:9a:14:f0:df:
                    9c:b0:99:16:7a:1d:ec:8d:52:64:27:a9:56:cb:9f:
                    af:ec:5d:a2:8f:e6:20:ea:8a:3e:15:c2:9d:37:ad:
                    d6:e7:c4:25:9e:08:fb:9a:c5:43:4d:3f:6a:89:f0:
                    1d:70:4a:62:4e:ed:cf:bf:78:4d:d3:78:36:30:e5:
                    a0:96:2b:d2:00:67:d4:2f:4d:1a:c9:c6:6b:20:aa:
                    3c:22:29:37:f8:e0:4f:e9:00:51:82:94:09:e7:47:
                    be:2a:f8:d2:79:d6:ca:8f:3f:9c:92:84:8c:3f:e1:
                    ef:b6:49:68:e9:4b:de:ed:b1:4f:5d:40:0c:6b:10:
                    d5:26:db:cc:4d:1b:84:d4:28:4e:fd:4f:84:79:1f:
                    48:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:F2:77:71:38:58:D0:6E:86:ED:5B:DD:0C:6F:A1:11:69:53:F7:A8
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/IfJ3cThY0G6G7VvdDG-hEWlT96g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         63:9c:35:46:d2:76:ca:ab:65:89:8e:8c:9e:55:7b:7a:b1:60:
         95:a8:d8:e5:84:1f:3f:af:46:a5:d9:1f:79:a8:2d:ee:be:73:
         7d:dd:56:32:2a:bc:65:1d:21:51:7c:8e:f6:02:1d:03:9b:83:
         7f:b8:16:0f:17:c4:71:e5:da:bd:71:69:a9:10:6d:8c:a5:e7:
         17:8a:b3:2c:ed:c3:6d:d1:fa:83:5c:00:84:72:9a:7f:bc:91:
         3e:51:e5:fe:65:b3:19:cc:b4:79:53:53:1c:cf:9a:df:95:32:
         24:f2:ef:c6:cc:2f:d6:e5:98:0c:07:43:b1:40:39:e4:bd:77:
         b0:47:98:83:17:00:41:d3:ec:7e:4a:46:58:1d:0c:58:f1:12:
         83:84:39:3d:98:37:32:ef:a8:49:e9:36:cf:39:96:0a:2f:44:
         c3:75:e3:d4:2a:87:58:60:6c:65:0d:83:6e:af:5e:b9:40:25:
         ce:da:5c:97:06:a4:b5:20:48:0e:0f:99:47:da:51:3e:dc:21:
         22:14:f5:6b:17:50:16:35:84:73:27:a0:a1:a1:ab:d7:e7:28:
         25:5f:ce:68:26:c1:82:e7:1f:83:39:b3:1a:f6:6a:27:f6:7f:
         e2:fd:1f:19:55:46:ba:f9:c7:95:72:61:37:c9:6b:f6:6e:94:
         a0:ce:dd:8e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYb4S0SzrZfTOBr9eWeUmPWcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzE5MDUxNTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWYyNzc3MTM4NThkMDZlODZlZDViZGQwYzZmYTExMTY5NTNmN2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg6e2pafdej1XPH3KrUZgpMQ+4wm7
kVnoeS8VjPopgurGIPanNsHOks+FB34F3+0OlFq59HLwiCVMgHkxppMyXL0r4yMP
3/ciSsspT3zfiX79gRNdhAr0Y5adoG+lJzbZ2k2Ki/Md9HxRVKLGzPJpsDBHvZoU
8N+csJkWeh3sjVJkJ6lWy5+v7F2ij+Yg6oo+FcKdN63W58Qlngj7msVDTT9qifAd
cEpiTu3Pv3hN03g2MOWglivSAGfUL00aycZrIKo8Iik3+OBP6QBRgpQJ50e+KvjS
edbKjz+ckoSMP+Hvtklo6Uve7bFPXUAMaxDVJtvMTRuE1ChO/U+EeR9ILQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCHyd3E4WNBuhu1b3QxvoRFpU/eoMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSWZKM2NUaFkwRzZHN1Z2ZERHLWhFV2xUOTZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGOcNUbSdsqrZYmOjJ5V
e3qxYJWo2OWEHz+vRqXZH3moLe6+c33dVjIqvGUdIVF8jvYCHQObg3+4Fg8XxHHl
2r1xaakQbYyl5xeKsyztw23R+oNcAIRymn+8kT5R5f5lsxnMtHlTUxzPmt+VMiTy
78bML9blmAwHQ7FAOeS9d7BHmIMXAEHT7H5KRlgdDFjxEoOEOT2YNzLvqEnpNs85
lgovRMN149Qqh1hgbGUNg26vXrlAJc7aXJcGpLUgSA4PmUfaUT7cISIU9WsXUBY1
hHMnoKGhq9fnKCVfzmgmwYLnH4M5sxr2aif2f+L9HxlVRrr5x5VyYTfJa/ZulKDO
3Y4=
-----END CERTIFICATE-----