Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/IhteRE5zzi-3qhVQAz9r4IGcwoE.roa
File:                     IhteRE5zzi-3qhVQAz9r4IGcwoE.roa (raw, json)
Hash identifier:          BIQGxHnJTlhigL1hjdcIz5Qr6kwGhWFRxEFP19TPKTQ=
Subject key identifier:   22:1B:5E:44:4E:73:CE:2F:B7:AA:15:50:03:3F:6B:E0:81:9C:C2:81
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01879BC8CF1521E11D8F94BD1BA97EDC824E
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/IhteRE5zzi-3qhVQAz9r4IGcwoE.roa
Signing time:             Wed 19 Apr 2023 23:10:41 +0000
ROA not before:           Wed 19 Apr 2023 23:10:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:9b:c8:cf:15:21:e1:1d:8f:94:bd:1b:a9:7e:dc:82:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 19 23:10:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=221b5e444e73ce2fb7aa1550033f6be0819cc281
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:65:d2:f8:f2:e7:1e:3f:19:c4:e8:da:22:11:
                    94:93:07:dc:44:f9:e8:75:e3:19:1b:d0:db:ed:61:
                    d0:be:da:f0:aa:fe:be:55:5a:5a:13:a6:5b:48:9d:
                    18:d2:d8:e9:ac:ae:7e:f2:6a:97:63:08:d8:67:8f:
                    c8:54:8e:0d:47:55:94:4b:3d:c7:23:e9:72:15:e0:
                    ec:bf:16:6e:5b:60:cc:f2:52:31:6c:e3:28:ca:11:
                    0a:31:78:45:9f:a8:aa:b9:c9:22:ef:7e:78:16:12:
                    1e:9d:2b:0f:6c:d0:e1:33:31:e9:21:f0:e2:1b:aa:
                    11:be:4e:a5:f1:fd:51:8f:de:1b:84:c5:aa:d1:fd:
                    c4:9b:e8:b9:74:38:43:96:60:84:ec:63:96:4d:9b:
                    31:40:8f:7d:58:7e:37:9a:29:f3:11:31:e2:60:2e:
                    f7:4f:9a:b7:5c:be:96:e3:8e:12:18:66:f1:64:1f:
                    31:a5:fb:ec:17:8b:c3:64:05:92:1b:5f:24:6b:05:
                    08:4f:74:f7:93:a7:50:0f:b9:34:0c:eb:01:3b:19:
                    7c:27:fb:e8:80:0a:36:5c:6d:25:59:b6:44:43:ab:
                    aa:a0:d6:75:fd:1d:89:02:c9:8e:b5:e8:71:72:51:
                    e9:ba:cd:a9:b9:09:34:d6:e5:91:86:14:fb:73:3c:
                    b3:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:1B:5E:44:4E:73:CE:2F:B7:AA:15:50:03:3F:6B:E0:81:9C:C2:81
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/IhteRE5zzi-3qhVQAz9r4IGcwoE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         4d:07:3d:4d:6e:43:c7:63:e6:6d:9f:76:98:d7:54:07:7c:d5:
         a7:50:e9:c7:85:92:db:0f:72:fa:63:97:17:42:8e:78:11:b4:
         41:84:91:6a:13:70:a1:35:3f:27:6e:3c:84:1c:e7:fd:99:5c:
         20:bf:ad:a2:1f:09:29:8c:86:9e:57:88:ed:71:a0:94:e2:21:
         81:22:b0:a9:47:7f:ff:8a:d3:cc:b8:b7:c0:09:13:e3:11:27:
         9b:4e:73:7b:3a:19:73:9d:12:bb:4b:56:47:ba:e9:60:f1:4f:
         09:4e:7e:3b:76:67:08:65:1e:56:de:44:a2:12:09:3b:03:08:
         a2:76:8f:ce:11:1d:10:20:92:42:00:68:aa:f6:e1:10:2b:1c:
         dc:18:79:be:52:36:07:00:24:73:e7:d8:5e:43:9b:43:36:bf:
         cb:58:60:a1:2c:d0:09:23:19:4b:d8:f1:d9:75:cc:40:52:f1:
         75:49:1b:26:d3:ac:dd:58:7b:09:58:23:2f:fa:c6:7c:92:0d:
         06:1b:06:8c:8d:db:48:20:75:80:94:ce:e9:18:1d:29:a3:d2:
         6f:22:94:e8:de:ca:0e:d5:3b:a2:a7:bf:c6:f0:a4:cf:7a:ee:
         1d:7d:7e:1e:30:e3:3a:d3:43:c7:19:e4:4c:31:22:26:93:cd:
         be:a2:75:83
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYebyM8VIeEdj5S9G6l+3IJOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDE5MjMxMDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjFiNWU0NDRlNzNjZTJmYjdhYTE1NTAwMzNmNmJlMDgxOWNjMjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkWXS+PLnHj8ZxOjaIhGUkwfcRPno
deMZG9Db7WHQvtrwqv6+VVpaE6ZbSJ0Y0tjprK5+8mqXYwjYZ4/IVI4NR1WUSz3H
I+lyFeDsvxZuW2DM8lIxbOMoyhEKMXhFn6iqucki7354FhIenSsPbNDhMzHpIfDi
G6oRvk6l8f1Rj94bhMWq0f3Em+i5dDhDlmCE7GOWTZsxQI99WH43minzETHiYC73
T5q3XL6W444SGGbxZB8xpfvsF4vDZAWSG18kawUIT3T3k6dQD7k0DOsBOxl8J/vo
gAo2XG0lWbZEQ6uqoNZ1/R2JAsmOtehxclHpus2puQk01uWRhhT7czyzJwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCIbXkROc84vt6oVUAM/a+CBnMKBMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSWh0ZVJFNXp6aS0zcWhWUUF6OXI0SUdjd29FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAE0HPU1uQ8dj5m2fdpjX
VAd81adQ6ceFktsPcvpjlxdCjngRtEGEkWoTcKE1PyduPIQc5/2ZXCC/raIfCSmM
hp5XiO1xoJTiIYEisKlHf/+K08y4t8AJE+MRJ5tOc3s6GXOdErtLVke66WDxTwlO
fjt2ZwhlHlbeRKISCTsDCKJ2j84RHRAgkkIAaKr24RArHNwYeb5SNgcAJHPn2F5D
m0M2v8tYYKEs0AkjGUvY8dl1zEBS8XVJGybTrN1YewlYIy/6xnySDQYbBoyN20gg
dYCUzukYHSmj0m8ilOjeyg7VO6Knv8bwpM967h19fh4w4zrTQ8cZ5EwxIiaTzb6i
dYM=
-----END CERTIFICATE-----