Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/IoYWIzT9C-4vsEqxQYFn8pY7K-E.roa
File:                     IoYWIzT9C-4vsEqxQYFn8pY7K-E.roa (raw, json)
Hash identifier:          4WrBYz+1kUHIm5lTDEqnwIGnQ9+n2JNdwPYRMxNIIcs=
Subject key identifier:   22:86:16:23:34:FD:0B:EE:2F:B0:4A:B1:41:81:67:F2:96:3B:2B:E1
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187A3B3CADF1876513424EBF6191E4C05E4
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/IoYWIzT9C-4vsEqxQYFn8pY7K-E.roa
Signing time:             Fri 21 Apr 2023 12:04:41 +0000
ROA not before:           Fri 21 Apr 2023 12:04:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:187:a3b3:749e/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:a3:b3:ca:df:18:76:51:34:24:eb:f6:19:1e:4c:05:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 21 12:04:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2286162334fd0bee2fb04ab1418167f2963b2be1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:9f:32:c5:85:6d:66:8d:04:a5:d7:82:9e:a5:
                    ce:78:58:a6:38:4a:7c:b9:d6:54:a7:0e:91:29:04:
                    2d:31:dd:ce:04:e7:13:38:5e:a9:aa:3e:c4:97:90:
                    e2:af:8f:0b:18:60:74:22:9f:7b:25:dd:b4:c2:b0:
                    07:a4:5b:b6:a5:5d:04:99:8a:64:c9:50:dd:64:b8:
                    da:67:c3:1f:99:66:f4:83:a8:61:37:b4:93:d0:cb:
                    46:f2:c8:03:5d:e2:2b:76:29:b1:63:ae:f3:77:81:
                    b7:01:51:e1:14:9b:3f:95:e6:a1:00:eb:91:33:24:
                    6d:08:fb:61:01:67:ba:97:45:9d:5e:4a:17:26:84:
                    5a:af:8f:5d:44:f1:c6:ed:78:a9:31:e1:9e:c8:09:
                    03:4e:ff:4e:d8:1a:c7:a4:04:dc:dd:ae:a1:fc:09:
                    8f:f5:09:4c:19:07:d1:b0:89:a2:03:53:1a:85:b6:
                    b7:9a:6e:b1:22:5d:dc:43:70:1f:a3:de:18:3d:6c:
                    ee:04:3c:41:c4:f5:cd:06:c3:82:a9:f8:cd:ea:b3:
                    47:16:d6:99:ad:5f:1c:fd:0e:8a:2a:10:80:32:3b:
                    0e:83:cd:c7:d6:a4:20:6c:ed:a8:23:85:6f:be:1f:
                    97:b1:ad:2c:40:92:de:04:42:78:75:ca:ff:23:5b:
                    52:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:86:16:23:34:FD:0B:EE:2F:B0:4A:B1:41:81:67:F2:96:3B:2B:E1
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/IoYWIzT9C-4vsEqxQYFn8pY7K-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:cd:0e:57:00:cf:77:c9:01:05:56:98:ae:c7:2d:38:80:a0:
         a7:c9:e5:57:7a:b3:3d:83:d0:c5:13:eb:37:c3:2b:0b:e4:fe:
         15:8f:fe:c1:be:99:22:af:ff:12:62:ad:da:01:95:9d:72:7f:
         14:44:b1:67:e3:61:26:88:dc:68:e2:1b:73:d7:81:4c:90:3e:
         6d:bd:7e:75:a0:3b:37:79:0e:02:d0:c6:26:b2:f3:fe:fb:4e:
         ca:10:11:18:0f:88:06:13:8e:b2:82:cc:37:9e:d7:10:5e:b7:
         62:a6:8a:86:02:40:a6:d5:ee:48:76:99:6f:75:a5:79:54:cc:
         b8:cf:a0:6c:a9:ac:d7:13:2c:5f:a3:eb:86:3f:ba:b8:2a:64:
         a8:e4:c8:42:aa:1e:77:6b:5d:bd:d8:48:8f:d6:64:1c:18:47:
         dc:2c:3e:97:33:c8:76:17:3e:ec:38:52:71:93:6e:e1:9c:f3:
         15:37:40:88:c2:62:3c:f2:dc:6c:e9:06:1b:0c:ab:ca:a2:bb:
         78:cd:ae:e8:01:f3:18:62:cc:21:8a:ea:07:db:57:79:48:08:
         b8:84:10:13:76:16:87:bf:e6:71:50:89:5a:59:ff:30:76:3c:
         9e:8a:d7:9c:ac:f3:5c:d4:f5:eb:74:8b:58:d3:4b:ae:eb:dc:
         74:7c:59:b1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYejs8rfGHZRNCTr9hkeTAXkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDIxMTIwNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjg2MTYyMzM0ZmQwYmVlMmZiMDRhYjE0MTgxNjdmMjk2M2IyYmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvJ8yxYVtZo0EpdeCnqXOeFimOEp8
udZUpw6RKQQtMd3OBOcTOF6pqj7El5Dir48LGGB0Ip97Jd20wrAHpFu2pV0EmYpk
yVDdZLjaZ8MfmWb0g6hhN7ST0MtG8sgDXeIrdimxY67zd4G3AVHhFJs/leahAOuR
MyRtCPthAWe6l0WdXkoXJoRar49dRPHG7XipMeGeyAkDTv9O2BrHpATc3a6h/AmP
9QlMGQfRsImiA1Mahba3mm6xIl3cQ3Afo94YPWzuBDxBxPXNBsOCqfjN6rNHFtaZ
rV8c/Q6KKhCAMjsOg83H1qQgbO2oI4Vvvh+Xsa0sQJLeBEJ4dcr/I1tSpwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCKGFiM0/QvuL7BKsUGBZ/KWOyvhMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSW9ZV0l6VDlDLTR2c0VxeFFZRm44cFk3Sy1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFLNDlcAz3fJAQVWmK7H
LTiAoKfJ5Vd6sz2D0MUT6zfDKwvk/hWP/sG+mSKv/xJirdoBlZ1yfxREsWfjYSaI
3GjiG3PXgUyQPm29fnWgOzd5DgLQxiay8/77TsoQERgPiAYTjrKCzDee1xBet2Km
ioYCQKbV7kh2mW91pXlUzLjPoGyprNcTLF+j64Y/urgqZKjkyEKqHndrXb3YSI/W
ZBwYR9wsPpczyHYXPuw4UnGTbuGc8xU3QIjCYjzy3GzpBhsMq8qiu3jNrugB8xhi
zCGK6gfbV3lICLiEEBN2Foe/5nFQiVpZ/zB2PJ6K15ys81zU9et0i1jTS67r3HR8
WbE=
-----END CERTIFICATE-----