Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/JBSODuWFLdNV-DdmWgLo2p6YWK0.roa
File:                     JBSODuWFLdNV-DdmWgLo2p6YWK0.roa (raw, json)
Hash identifier:          Su/hCSUqLthwYOeVIzNdUPgAkbu6ztWUZLFXAF1I47M=
Subject key identifier:   24:14:8E:0E:E5:85:2D:D3:55:F8:37:66:5A:02:E8:DA:9E:98:58:AD
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187582BDDB1C7DA768B2E04535E744255F0
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/JBSODuWFLdNV-DdmWgLo2p6YWK0.roa
Signing time:             Thu 06 Apr 2023 20:04:42 +0000
ROA not before:           Thu 06 Apr 2023 20:04:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:187:582b:c527/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:58:2b:dd:b1:c7:da:76:8b:2e:04:53:5e:74:42:55:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  6 20:04:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=24148e0ee5852dd355f837665a02e8da9e9858ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:87:24:5b:7c:70:81:29:79:f0:22:88:7c:9c:
                    ea:5e:9a:40:f0:56:54:94:20:69:0b:7e:2c:f5:dc:
                    3d:bd:d8:af:e1:83:d2:3d:6f:ac:57:05:7e:db:ba:
                    be:b7:5e:75:d4:70:35:47:9a:9a:b5:40:86:9f:d8:
                    5f:0b:c9:33:cc:02:73:d5:ef:80:11:55:31:d8:b8:
                    fa:62:c1:25:19:fc:9c:f7:3e:ba:0e:ef:37:f9:30:
                    ab:78:82:a7:f0:45:8f:8b:01:a8:2a:1c:f3:02:30:
                    78:23:0a:3f:f8:12:6f:3a:d5:3f:38:bc:00:aa:2c:
                    c5:82:02:b9:35:80:0c:24:f4:bd:02:f6:23:d4:8b:
                    05:6c:f1:f0:40:e3:7f:7a:90:e0:11:77:c0:c5:f6:
                    d8:7c:09:87:32:8c:0d:46:1e:8d:e4:5b:63:4c:36:
                    10:9b:c8:01:4a:aa:8d:51:95:d7:5a:89:39:ff:7f:
                    ab:28:64:2c:28:60:44:ab:16:4c:1b:80:c4:63:88:
                    5b:ae:ba:b1:5d:4a:2d:3d:ae:f7:f0:93:2a:c0:b4:
                    87:e1:c5:6d:0a:bf:00:88:f4:87:24:22:f9:66:b3:
                    d1:06:49:4f:c7:d0:a3:13:a0:54:82:ac:b6:e3:bc:
                    ae:32:62:27:87:0e:20:8a:b9:2d:ca:8d:b0:b2:1e:
                    d9:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:14:8E:0E:E5:85:2D:D3:55:F8:37:66:5A:02:E8:DA:9E:98:58:AD
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/JBSODuWFLdNV-DdmWgLo2p6YWK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         7d:e8:01:50:c9:ab:bf:8d:b0:44:67:57:d2:81:30:43:41:89:
         b9:8b:fc:d5:43:db:cf:0c:ec:ac:80:a1:fa:5e:b1:1e:6b:85:
         fc:32:6b:fe:cd:d5:65:86:47:74:0b:8a:40:6e:cb:cd:4c:e4:
         f3:62:d4:f9:05:79:6f:0c:f1:cb:9b:ab:e3:26:5d:b3:54:89:
         bb:ab:f5:cd:90:28:07:dc:0a:2d:d2:1a:ef:33:c3:3a:34:eb:
         87:ba:5f:97:5e:12:07:cf:dd:93:d3:65:14:7f:5a:68:5c:10:
         3e:63:c0:1d:ce:d1:fe:ef:a6:35:b2:b7:15:9d:37:f1:35:b5:
         88:da:e1:29:ad:15:99:b3:f6:cd:f7:c4:30:b9:be:f4:b6:11:
         82:b5:f3:3c:a2:64:ee:80:c9:ca:2e:8e:ec:f7:df:e7:f8:53:
         45:67:16:97:64:96:fb:5f:2b:43:e6:7e:71:45:ed:41:1a:b5:
         06:0d:94:84:04:94:c6:72:15:67:f5:36:a7:d1:de:c3:75:ae:
         d1:87:c8:94:49:3e:17:98:22:61:0a:d8:24:fb:5d:30:44:6e:
         ad:ae:6b:67:35:e7:db:8e:ae:ab:5a:16:ae:ee:40:7e:83:e6:
         c7:55:ed:24:83:c9:a3:64:90:16:a2:74:29:65:09:75:44:b7:
         2f:36:17:03
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdYK92xx9p2iy4EU150QlXwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDA2MjAwNDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDE0OGUwZWU1ODUyZGQzNTVmODM3NjY1YTAyZThkYTllOTg1OGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqockW3xwgSl58CKIfJzqXppA8FZU
lCBpC34s9dw9vdiv4YPSPW+sVwV+27q+t1511HA1R5qatUCGn9hfC8kzzAJz1e+A
EVUx2Lj6YsElGfyc9z66Du83+TCreIKn8EWPiwGoKhzzAjB4Iwo/+BJvOtU/OLwA
qizFggK5NYAMJPS9AvYj1IsFbPHwQON/epDgEXfAxfbYfAmHMowNRh6N5FtjTDYQ
m8gBSqqNUZXXWok5/3+rKGQsKGBEqxZMG4DEY4hbrrqxXUotPa738JMqwLSH4cVt
Cr8AiPSHJCL5ZrPRBklPx9CjE6BUgqy247yuMmInhw4girktyo2wsh7ZWwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCQUjg7lhS3TVfg3ZloC6NqemFitMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSkJTT0R1V0ZMZE5WLURkbVdnTG8ycDZZV0swLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAH3oAVDJq7+NsERnV9KB
MENBibmL/NVD288M7KyAofpesR5rhfwya/7N1WWGR3QLikBuy81M5PNi1PkFeW8M
8cubq+MmXbNUibur9c2QKAfcCi3SGu8zwzo064e6X5deEgfP3ZPTZRR/WmhcED5j
wB3O0f7vpjWytxWdN/E1tYja4SmtFZmz9s33xDC5vvS2EYK18zyiZO6Aycoujuz3
3+f4U0VnFpdklvtfK0PmfnFF7UEatQYNlIQElMZyFWf1NqfR3sN1rtGHyJRJPheY
ImEK2CT7XTBEbq2ua2c159uOrqtaFq7uQH6D5sdV7SSDyaNkkBaidCllCXVEty82
FwM=
-----END CERTIFICATE-----