Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/IhHD1-JFuBy9EDe_grbLxbO1oPU.roa
File:                     IhHD1-JFuBy9EDe_grbLxbO1oPU.roa (raw, json)
Hash identifier:          GoFdq/3wrAfIxFcaXyx+7LrLAdbmRA55iGDRgu3yjfw=
Subject key identifier:   22:11:C3:D7:E2:45:B8:1C:BD:10:37:BF:82:B6:CB:C5:B3:B5:A0:F5
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01885FB124F05E47BB5B041C53B1FC594E01
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/IhHD1-JFuBy9EDe_grbLxbO1oPU.roa
Signing time:             Sun 28 May 2023 00:10:24 +0000
ROA not before:           Sun 28 May 2023 00:10:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:5f:b1:24:f0:5e:47:bb:5b:04:1c:53:b1:fc:59:4e:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 28 00:10:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2211c3d7e245b81cbd1037bf82b6cbc5b3b5a0f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:1c:f8:f7:fc:4d:a4:d9:f4:15:2e:3f:81:bf:
                    1b:2a:c8:a9:5b:97:d4:7e:0b:ba:cf:bd:48:70:e1:
                    8f:0e:b6:a1:b2:7a:05:95:c7:10:65:04:88:1a:e1:
                    ef:98:96:78:0b:5a:86:d2:69:1a:9c:78:ca:a7:06:
                    ce:ec:1c:7b:9f:43:3c:50:47:9a:a0:92:d7:95:38:
                    4c:0c:7d:81:7d:b3:e9:e5:8b:b0:c5:72:07:95:da:
                    7c:ff:dd:b1:ad:ae:01:66:e6:03:7a:3a:12:a2:dc:
                    b0:88:e5:08:46:c9:04:0a:ca:53:72:5f:fa:e5:58:
                    81:a4:e1:5e:99:4c:45:c6:78:df:1c:2a:94:aa:ef:
                    2d:8d:0e:0a:2e:96:03:75:49:6e:1a:c5:60:ab:01:
                    56:ad:2c:35:28:ff:a0:06:2a:66:56:76:0d:94:ab:
                    b7:2f:81:c2:3d:40:ac:b9:4a:70:28:db:58:d3:61:
                    b3:6b:b1:52:81:b5:df:eb:dc:01:0c:7d:2d:10:0a:
                    7b:d8:c4:b4:0a:ca:d6:45:c4:72:bc:78:c4:11:96:
                    17:e1:3a:5a:45:2b:8e:93:ca:e4:c0:15:0b:38:84:
                    5f:44:90:d7:2d:84:08:a3:8b:bd:4b:75:47:fc:b5:
                    25:48:5b:81:56:c3:4a:7e:0f:7f:5e:68:ee:55:28:
                    dc:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:11:C3:D7:E2:45:B8:1C:BD:10:37:BF:82:B6:CB:C5:B3:B5:A0:F5
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/IhHD1-JFuBy9EDe_grbLxbO1oPU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:53:04:f1:f0:68:1c:ae:c0:2b:6b:c5:1f:b3:02:97:b8:a7:
         23:9d:23:4d:a9:2b:35:eb:f7:37:ff:3f:d2:fc:1e:2b:37:77:
         b4:46:14:8a:48:4a:70:02:e4:f8:c3:31:9c:1a:6b:1b:22:6f:
         90:e0:ed:87:6d:62:69:56:b3:6d:2b:68:f7:91:90:f4:4b:d5:
         05:dd:6b:1f:ce:b8:17:b7:e4:eb:d4:2c:cd:71:b4:4e:cd:15:
         04:81:14:75:d5:19:d2:fd:a3:2b:b0:bc:1e:3f:44:60:60:67:
         de:15:41:e9:67:93:c7:fc:a1:e9:96:8f:68:aa:23:ee:a4:b0:
         b1:19:e4:da:82:6e:c4:30:d7:74:5c:26:0a:7a:fc:c7:26:c8:
         9c:14:07:6d:0d:14:b4:57:3a:a3:87:d5:34:6a:67:6f:c8:2c:
         18:30:5d:75:2b:ad:dc:9c:85:02:fa:0c:f2:2d:f9:b7:e5:78:
         24:c3:b4:53:26:16:04:f1:8f:85:a0:b1:b0:2d:eb:97:91:cb:
         14:aa:ac:bc:d6:4a:e3:25:a1:1c:2d:59:bd:58:ee:86:ac:a0:
         f8:19:b3:53:96:32:c3:71:54:b5:5f:f0:44:07:ec:38:06:8a:
         72:e5:bd:b8:f0:56:c2:13:6d:3d:a7:fe:08:e7:22:05:cb:75:
         fc:29:a1:ee
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhfsSTwXke7WwQcU7H8WU4BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTI4MDAxMDI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjExYzNkN2UyNDViODFjYmQxMDM3YmY4MmI2Y2JjNWIzYjVhMGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhz49/xNpNn0FS4/gb8bKsipW5fU
fgu6z71IcOGPDrahsnoFlccQZQSIGuHvmJZ4C1qG0mkanHjKpwbO7Bx7n0M8UEea
oJLXlThMDH2BfbPp5YuwxXIHldp8/92xra4BZuYDejoSotywiOUIRskECspTcl/6
5ViBpOFemUxFxnjfHCqUqu8tjQ4KLpYDdUluGsVgqwFWrSw1KP+gBipmVnYNlKu3
L4HCPUCsuUpwKNtY02Gza7FSgbXf69wBDH0tEAp72MS0CsrWRcRyvHjEEZYX4Tpa
RSuOk8rkwBULOIRfRJDXLYQIo4u9S3VH/LUlSFuBVsNKfg9/XmjuVSjchwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCIRw9fiRbgcvRA3v4K2y8WztaD1MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSWhIRDEtSkZ1Qnk5RURlX2dyYkx4Yk8xb1BVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAApTBPHwaByuwCtrxR+z
Ape4pyOdI02pKzXr9zf/P9L8His3d7RGFIpISnAC5PjDMZwaaxsib5Dg7YdtYmlW
s20raPeRkPRL1QXdax/OuBe35OvULM1xtE7NFQSBFHXVGdL9oyuwvB4/RGBgZ94V
Qelnk8f8oemWj2iqI+6ksLEZ5NqCbsQw13RcJgp6/McmyJwUB20NFLRXOqOH1TRq
Z2/ILBgwXXUrrdychQL6DPIt+bfleCTDtFMmFgTxj4WgsbAt65eRyxSqrLzWSuMl
oRwtWb1Y7oasoPgZs1OWMsNxVLVf8EQH7DgGinLlvbjwVsITbT2n/gjnIgXLdfwp
oe4=
-----END CERTIFICATE-----