Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/JRADYlS2aZUGpfO6I3l5AyQJdkA.roa
File:                     JRADYlS2aZUGpfO6I3l5AyQJdkA.roa (raw, json)
Hash identifier:          wPjGCSD0lfl6tcoAdDytKWCh7bEfbujLe3b+FS6EBsA=
Subject key identifier:   25:10:03:62:54:B6:69:95:06:A5:F3:BA:23:79:79:03:24:09:76:40
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187ECE814935570FC93D6B74381DD592277
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/JRADYlS2aZUGpfO6I3l5AyQJdkA.roa
Signing time:             Fri 05 May 2023 17:14:05 +0000
ROA not before:           Fri 05 May 2023 17:14:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:ec:e8:14:93:55:70:fc:93:d6:b7:43:81:dd:59:22:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  5 17:14:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2510036254b6699506a5f3ba2379790324097640
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:24:7c:70:a3:28:11:8e:cb:61:6b:92:22:5b:
                    61:08:67:94:b9:02:15:ea:0a:fb:a6:79:93:0c:e1:
                    1c:91:fc:e0:a2:7f:fb:96:b5:5a:ab:65:f6:8f:e9:
                    e8:66:5f:d6:bf:4d:1d:78:1b:8a:0e:d4:3a:23:fc:
                    cf:11:ab:9a:9a:23:64:3a:e5:7a:88:11:dd:1b:c5:
                    9a:b3:51:98:84:12:0f:15:f2:ea:da:ad:30:ee:ca:
                    b1:d2:f6:cb:21:97:8a:4e:b7:16:ce:07:53:a9:7b:
                    ab:15:94:80:0b:d8:2a:be:e3:06:02:95:a4:f6:2b:
                    ea:f8:f4:b9:92:fc:66:2e:1a:47:97:5a:2e:37:49:
                    24:be:39:36:c6:0b:22:3f:9b:56:ac:8f:07:a8:c4:
                    a4:fc:7e:3c:9f:69:bd:e1:44:61:0c:13:8b:7c:a9:
                    60:cf:c6:67:37:db:30:ee:96:df:56:b9:57:37:8e:
                    58:2f:a0:d8:e9:8a:ed:47:b6:3e:c5:1c:0d:05:b9:
                    a5:b2:22:98:4f:42:12:e0:5d:48:9e:3e:3a:de:d4:
                    c4:60:ae:21:eb:ff:63:e3:e0:e1:67:cc:5c:4e:85:
                    d1:89:3e:d6:4a:fd:ff:0d:49:18:d3:fb:84:6f:1b:
                    a8:c1:71:e8:d2:2c:b9:a5:56:69:52:37:c4:91:51:
                    3f:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:10:03:62:54:B6:69:95:06:A5:F3:BA:23:79:79:03:24:09:76:40
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/JRADYlS2aZUGpfO6I3l5AyQJdkA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         55:fa:24:08:92:a6:e1:05:af:40:8c:d1:4c:c6:cb:5b:4d:04:
         0b:21:d1:c1:52:b6:06:5a:cd:a5:ac:d3:c2:fb:0e:b5:7a:dc:
         6a:f1:76:84:5c:66:35:83:92:02:aa:e5:c8:b1:e8:27:9e:b4:
         b1:6b:5e:d3:f3:90:88:6f:f9:c7:9c:2c:5b:24:23:6f:3c:40:
         70:37:90:b7:3b:f5:9e:cd:05:b7:e8:0c:2e:81:d5:45:ef:b5:
         16:4b:e5:7d:d3:df:56:17:cd:75:2b:9d:78:1c:b1:38:44:bb:
         35:5a:20:84:94:58:c8:48:dc:17:58:99:49:dd:65:3a:0d:51:
         d4:8b:d4:0c:32:e7:90:1b:40:b3:ca:41:f9:fa:40:11:0b:5d:
         05:a4:c4:4c:83:54:a6:c1:71:46:02:4e:58:7b:05:d8:5f:e7:
         2f:5b:48:cb:92:c4:9a:02:93:23:26:c6:7a:07:47:ec:5a:12:
         28:93:78:a9:45:3a:16:20:37:94:5b:8d:17:27:4a:05:ac:4d:
         e4:88:1a:d5:bc:f8:7f:f6:03:35:30:6e:eb:01:35:56:d8:e0:
         17:3f:e8:09:4c:54:67:04:ab:6b:dc:76:97:2e:96:22:20:0f:
         d9:71:c9:cf:7e:18:e9:86:68:65:58:18:f9:4c:46:e1:ff:a5:
         40:1a:19:37
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfs6BSTVXD8k9a3Q4HdWSJ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA1MTcxNDA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTEwMDM2MjU0YjY2OTk1MDZhNWYzYmEyMzc5NzkwMzI0MDk3NjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyR8cKMoEY7LYWuSIlthCGeUuQIV
6gr7pnmTDOEckfzgon/7lrVaq2X2j+noZl/Wv00deBuKDtQ6I/zPEauamiNkOuV6
iBHdG8Was1GYhBIPFfLq2q0w7sqx0vbLIZeKTrcWzgdTqXurFZSAC9gqvuMGApWk
9ivq+PS5kvxmLhpHl1ouN0kkvjk2xgsiP5tWrI8HqMSk/H48n2m94URhDBOLfKlg
z8ZnN9sw7pbfVrlXN45YL6DY6YrtR7Y+xRwNBbmlsiKYT0IS4F1Inj463tTEYK4h
6/9j4+DhZ8xcToXRiT7WSv3/DUkY0/uEbxuowXHo0iy5pVZpUjfEkVE/UwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCUQA2JUtmmVBqXzuiN5eQMkCXZAMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSlJBRFlsUzJhWlVHcGZPNkkzbDVBeVFKZGtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFX6JAiSpuEFr0CM0UzG
y1tNBAsh0cFStgZazaWs08L7DrV63GrxdoRcZjWDkgKq5cix6CeetLFrXtPzkIhv
+cecLFskI288QHA3kLc79Z7NBbfoDC6B1UXvtRZL5X3T31YXzXUrnXgcsThEuzVa
IISUWMhI3BdYmUndZToNUdSL1Awy55AbQLPKQfn6QBELXQWkxEyDVKbBcUYCTlh7
Bdhf5y9bSMuSxJoCkyMmxnoHR+xaEiiTeKlFOhYgN5RbjRcnSgWsTeSIGtW8+H/2
AzUwbusBNVbY4Bc/6AlMVGcEq2vcdpculiIgD9lxyc9+GOmGaGVYGPlMRuH/pUAa
GTc=
-----END CERTIFICATE-----