Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/J0df83zhfqcFtyukJ1-TQT7OpRA.roa
File:                     J0df83zhfqcFtyukJ1-TQT7OpRA.roa (raw, json)
Hash identifier:          YMpoMBgyUCrRHDWwbwfFYBF6iLlIMHKrf58c7tP5gaE=
Subject key identifier:   27:47:5F:F3:7C:E1:7E:A7:05:B7:2B:A4:27:5F:93:41:3E:CE:A5:10
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187DEBB340A348245195C1F165D3B0748DA
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/J0df83zhfqcFtyukJ1-TQT7OpRA.roa
Signing time:             Tue 02 May 2023 23:10:23 +0000
ROA not before:           Tue 02 May 2023 23:10:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:de:bb:34:0a:34:82:45:19:5c:1f:16:5d:3b:07:48:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  2 23:10:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=27475ff37ce17ea705b72ba4275f93413ecea510
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:af:ee:61:c0:45:c7:31:0c:9e:dc:42:bf:01:
                    d3:2e:e5:c1:f3:d5:c0:70:22:cb:57:6f:8e:2f:56:
                    0d:d6:de:4e:af:9b:b5:b0:28:c3:ad:e3:04:a4:74:
                    eb:e7:a6:82:3e:8b:5d:02:0a:61:a2:81:99:13:89:
                    c3:5f:30:43:02:cb:40:51:ad:2f:75:c6:79:29:9d:
                    46:57:27:61:62:d7:40:29:ce:bc:21:c4:9e:8b:d4:
                    f8:83:75:09:7e:30:1d:11:fe:ed:e3:89:f8:c6:81:
                    89:12:b3:71:0a:c9:0a:4b:8f:69:86:4c:5b:26:fc:
                    f5:d4:ca:68:91:fc:19:14:0d:84:a9:65:a6:54:5a:
                    60:5e:55:e1:42:6d:f1:8b:67:f6:e6:f4:ff:33:d6:
                    fb:03:89:a7:f4:61:da:45:fd:21:3a:d3:3a:9d:00:
                    ff:9d:5a:57:15:21:c8:4b:d6:fc:1e:07:17:08:9b:
                    1d:4c:4c:3d:9d:b9:0d:ae:c8:5f:4e:45:ac:ca:26:
                    8f:20:75:0c:f3:7e:90:9a:18:4c:b8:02:e8:af:c4:
                    47:f2:a6:f1:18:40:85:78:2f:89:94:ee:99:cf:3b:
                    ce:c6:2e:83:ff:79:83:ee:05:7e:13:a6:f1:76:ea:
                    b8:b6:42:2d:aa:70:c6:71:14:0c:4c:31:aa:3d:8a:
                    53:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:47:5F:F3:7C:E1:7E:A7:05:B7:2B:A4:27:5F:93:41:3E:CE:A5:10
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/J0df83zhfqcFtyukJ1-TQT7OpRA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         85:0b:09:0a:65:8d:27:e1:19:63:bb:bd:11:c2:1a:6d:14:be:
         0e:8f:29:ba:11:87:a4:76:31:df:42:16:db:80:5c:0b:56:34:
         bc:50:7e:a6:da:7b:dc:17:8a:00:a2:13:39:9c:78:fa:b8:02:
         6a:d5:2e:37:d5:a7:4e:f3:68:ee:61:1c:73:18:27:49:93:95:
         e2:84:95:e2:93:9c:bb:20:6c:3b:61:55:e2:13:a8:f5:20:f5:
         aa:fe:93:c7:2b:77:e2:26:da:fb:ee:c5:0f:09:9b:41:ad:15:
         ad:8e:14:95:9f:db:2e:a4:de:66:e9:ef:30:aa:0a:0c:68:7d:
         b2:49:01:e1:de:f5:6e:34:58:25:58:0d:08:5f:1f:6a:4c:60:
         27:c5:88:2b:20:97:03:91:8b:84:7e:ff:18:21:4d:26:f7:00:
         b2:c5:d5:6a:1b:c6:5d:a9:d0:e2:4a:97:a8:31:19:e5:a3:2d:
         c6:9e:b4:03:34:81:60:92:04:3e:20:97:b6:6e:26:68:aa:71:
         e1:cc:d8:f6:69:68:3e:aa:08:ae:f2:1a:dc:39:e3:6a:95:a0:
         d0:4c:9a:58:34:b8:c8:0b:b4:f6:81:07:03:74:43:bd:b9:9f:
         ab:c4:ae:05:6b:9e:1a:ed:0a:1b:b5:0d:74:c0:57:4c:e4:03:
         11:97:be:df
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfeuzQKNIJFGVwfFl07B0jaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTAyMjMxMDIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzQ3NWZmMzdjZTE3ZWE3MDViNzJiYTQyNzVmOTM0MTNlY2VhNTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgq/uYcBFxzEMntxCvwHTLuXB89XA
cCLLV2+OL1YN1t5Or5u1sCjDreMEpHTr56aCPotdAgphooGZE4nDXzBDAstAUa0v
dcZ5KZ1GVydhYtdAKc68IcSei9T4g3UJfjAdEf7t44n4xoGJErNxCskKS49phkxb
Jvz11MpokfwZFA2EqWWmVFpgXlXhQm3xi2f25vT/M9b7A4mn9GHaRf0hOtM6nQD/
nVpXFSHIS9b8HgcXCJsdTEw9nbkNrshfTkWsyiaPIHUM836QmhhMuALor8RH8qbx
GECFeC+JlO6ZzzvOxi6D/3mD7gV+E6bxduq4tkItqnDGcRQMTDGqPYpT/QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCdHX/N84X6nBbcrpCdfk0E+zqUQMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSjBkZjgzemhmcWNGdHl1a0oxLVRRVDdPcFJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIULCQpljSfhGWO7vRHC
Gm0Uvg6PKboRh6R2Md9CFtuAXAtWNLxQfqbae9wXigCiEzmcePq4AmrVLjfVp07z
aO5hHHMYJ0mTleKEleKTnLsgbDthVeITqPUg9ar+k8crd+Im2vvuxQ8Jm0GtFa2O
FJWf2y6k3mbp7zCqCgxofbJJAeHe9W40WCVYDQhfH2pMYCfFiCsglwORi4R+/xgh
TSb3ALLF1Wobxl2p0OJKl6gxGeWjLcaetAM0gWCSBD4gl7ZuJmiqceHM2PZpaD6q
CK7yGtw542qVoNBMmlg0uMgLtPaBBwN0Q725n6vErgVrnhrtChu1DXTAV0zkAxGX
vt8=
-----END CERTIFICATE-----