Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/JUjlA7jbO8Y_1-VJUpbqjCaG3_U.roa
File:                     JUjlA7jbO8Y_1-VJUpbqjCaG3_U.roa (raw, json)
Hash identifier:          uCMTjywoAwqF1BHGXCgdJJLKygcdhA3SkofaqonkmHk=
Subject key identifier:   25:48:E5:03:B8:DB:3B:C6:3F:D7:E5:49:52:96:EA:8C:26:86:DF:F5
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018842EF630A5141A9ADC56C833149188169
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/JUjlA7jbO8Y_1-VJUpbqjCaG3_U.roa
Signing time:             Mon 22 May 2023 10:09:24 +0000
ROA not before:           Mon 22 May 2023 10:09:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:42:ef:63:0a:51:41:a9:ad:c5:6c:83:31:49:18:81:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 22 10:09:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2548e503b8db3bc63fd7e5495296ea8c2686dff5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:c9:0f:b2:1d:db:cf:63:2c:44:3f:19:6b:42:
                    53:4d:e9:eb:92:e2:6d:0d:a8:52:5a:e5:77:f0:cf:
                    d9:44:c4:6a:5e:43:aa:0a:58:d9:ec:f0:98:d0:05:
                    bc:34:e4:dc:02:65:eb:b3:04:86:f9:0f:99:f0:b5:
                    bb:2b:b2:f5:47:c0:60:3f:67:e2:52:e7:9d:3c:92:
                    c9:52:a0:29:77:45:2b:95:08:19:20:f2:ed:d4:90:
                    40:5f:74:fd:53:c4:04:e1:14:6d:df:fb:c4:fc:4a:
                    a0:d6:33:7a:2f:b3:06:cf:b6:fb:0d:30:04:aa:54:
                    89:70:92:df:a8:8c:77:97:ad:d1:a1:d2:b5:f9:80:
                    dd:5b:19:8b:7e:83:90:23:8a:23:a3:35:06:d6:af:
                    d6:ee:66:d7:3f:88:45:a0:ee:47:8b:88:d8:f6:e5:
                    ec:ef:7b:d4:5d:34:06:5e:3a:19:f7:2e:45:fc:fd:
                    c6:b0:d2:67:2c:6e:51:bc:7c:e8:62:33:c3:34:20:
                    84:6f:82:0c:36:a5:57:9b:b7:d3:f7:b9:33:24:38:
                    6e:6a:b1:a7:ea:dc:c5:6a:21:14:2c:49:6a:1c:29:
                    50:06:c7:69:fe:bf:33:9f:fe:60:d2:2b:85:03:c2:
                    41:0b:4f:26:73:84:4b:fe:ab:19:00:c2:c4:ad:38:
                    d6:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:48:E5:03:B8:DB:3B:C6:3F:D7:E5:49:52:96:EA:8C:26:86:DF:F5
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/JUjlA7jbO8Y_1-VJUpbqjCaG3_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2a:51:83:1a:45:78:5f:de:cc:48:81:7f:6d:bd:52:54:d5:b3:
         1a:34:41:e7:92:94:d2:7d:21:a3:a7:84:8f:72:3a:0e:f8:10:
         43:16:39:3e:0e:9e:7a:68:d7:76:91:30:75:5d:7d:34:09:73:
         3b:08:29:42:0a:da:d9:ef:c3:80:c8:9d:b1:ac:66:e8:55:ab:
         6d:e3:b6:9d:97:55:63:80:2b:15:1d:ef:b7:c6:f8:a4:f2:00:
         be:5e:ca:24:2a:d3:09:de:22:ff:80:c2:86:b6:85:d9:27:f7:
         ce:4d:2a:5c:e9:df:44:43:71:eb:1f:dd:87:7a:2c:91:25:c0:
         3b:af:9c:d9:b4:63:f2:65:90:54:94:43:68:a7:28:39:3b:f5:
         67:21:fa:a5:b9:4f:4e:e2:2f:d7:a3:71:50:93:db:71:e7:bd:
         fa:9d:73:e2:d3:b6:4c:cc:9e:11:4d:a1:de:68:47:37:b1:8c:
         21:c6:3f:b6:6a:fd:f5:06:c5:b4:db:6f:96:80:75:7c:9f:92:
         ed:1c:57:fa:e5:71:f5:72:07:d4:cc:b3:67:86:c1:dd:f6:5c:
         e8:fa:49:21:89:eb:b8:23:1a:af:02:c6:fc:27:8a:84:6d:97:
         89:b6:c1:98:5d:f4:f5:50:00:41:07:c8:14:45:19:77:8e:0c:
         ea:44:cb:ac
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhC72MKUUGprcVsgzFJGIFpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTIyMTAwOTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTQ4ZTUwM2I4ZGIzYmM2M2ZkN2U1NDk1Mjk2ZWE4YzI2ODZkZmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8kPsh3bz2MsRD8Za0JTTenrkuJt
DahSWuV38M/ZRMRqXkOqCljZ7PCY0AW8NOTcAmXrswSG+Q+Z8LW7K7L1R8BgP2fi
UuedPJLJUqApd0UrlQgZIPLt1JBAX3T9U8QE4RRt3/vE/Eqg1jN6L7MGz7b7DTAE
qlSJcJLfqIx3l63RodK1+YDdWxmLfoOQI4ojozUG1q/W7mbXP4hFoO5Hi4jY9uXs
73vUXTQGXjoZ9y5F/P3GsNJnLG5RvHzoYjPDNCCEb4IMNqVXm7fT97kzJDhuarGn
6tzFaiEULElqHClQBsdp/r8zn/5g0iuFA8JBC08mc4RL/qsZAMLErTjWVQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCVI5QO42zvGP9flSVKW6owmht/1MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSlVqbEE3amJPOFlfMS1WSlVwYnFqQ2FHM19VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACpRgxpFeF/ezEiBf229
UlTVsxo0QeeSlNJ9IaOnhI9yOg74EEMWOT4Onnpo13aRMHVdfTQJczsIKUIK2tnv
w4DInbGsZuhVq23jtp2XVWOAKxUd77fG+KTyAL5eyiQq0wneIv+Awoa2hdkn985N
Klzp30RDcesf3Yd6LJElwDuvnNm0Y/JlkFSUQ2inKDk79Wch+qW5T07iL9ejcVCT
23Hnvfqdc+LTtkzMnhFNod5oRzexjCHGP7Zq/fUGxbTbb5aAdXyfku0cV/rlcfVy
B9TMs2eGwd32XOj6SSGJ67gjGq8CxvwnioRtl4m2wZhd9PVQAEEHyBRFGXeODOpE
y6w=
-----END CERTIFICATE-----