Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/JacA9Fsnu5oOEvbVw_xNmghqewk.roa
File:                     JacA9Fsnu5oOEvbVw_xNmghqewk.roa (raw, json)
Hash identifier:          seVIsFdbaFgqRd7MUscRmQR+wogyqSTUzg553vOZDsQ=
Subject key identifier:   25:A7:00:F4:5B:27:BB:9A:0E:12:F6:D5:C3:FC:4D:9A:08:6A:7B:09
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01881A2A24FECD142BA9BBC4119887D756F9
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/JacA9Fsnu5oOEvbVw_xNmghqewk.roa
Signing time:             Sun 14 May 2023 12:09:09 +0000
ROA not before:           Sun 14 May 2023 12:09:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:1a:2a:24:fe:cd:14:2b:a9:bb:c4:11:98:87:d7:56:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 14 12:09:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=25a700f45b27bb9a0e12f6d5c3fc4d9a086a7b09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:f4:24:b0:19:85:7c:19:79:0e:c9:ce:77:68:
                    31:d2:32:3b:58:30:41:d2:4a:5c:8b:bf:e1:70:78:
                    95:cc:1f:2e:15:32:93:3f:2d:37:20:86:c1:67:75:
                    be:2c:9c:80:ef:4a:f6:8a:04:0c:3d:3f:29:9b:a2:
                    d4:95:3d:e6:ee:50:ef:98:6d:33:ff:4a:2e:56:ac:
                    59:05:93:37:98:26:17:b3:bb:e2:33:a6:a8:ba:eb:
                    6c:70:a8:93:1f:2b:2e:fc:be:c3:61:81:47:6c:52:
                    e5:03:46:40:d9:70:01:e6:35:e4:58:6c:ba:b8:5f:
                    3e:68:5d:4f:58:0e:9b:4c:52:3f:11:91:1d:e9:7f:
                    d5:0f:4d:04:e8:b1:c1:c4:bf:e0:12:60:43:73:dd:
                    5f:af:ab:6e:9c:b2:9e:bd:31:34:5e:b2:e2:68:1a:
                    41:da:fa:6b:a3:b1:49:ad:5f:23:28:3f:b6:da:9b:
                    05:5a:73:be:cb:e8:88:de:6e:e7:93:d8:9f:2e:ea:
                    f6:d4:f5:f1:7f:51:a3:0f:e2:04:01:ee:da:03:bb:
                    0a:cc:ee:d5:c5:da:59:c2:e8:88:33:4b:0c:a4:f0:
                    09:14:9f:e6:f3:01:bf:d6:00:13:32:bb:11:a3:4f:
                    c9:8b:e3:d8:f2:92:59:50:fc:39:bd:d7:59:21:62:
                    f6:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:A7:00:F4:5B:27:BB:9A:0E:12:F6:D5:C3:FC:4D:9A:08:6A:7B:09
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/JacA9Fsnu5oOEvbVw_xNmghqewk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:6f:84:39:c2:90:28:17:7b:ca:4b:22:66:54:4f:ba:98:db:
         2a:8d:3b:f2:b3:4c:cf:a7:d7:55:90:65:07:46:62:87:07:54:
         30:c1:a7:17:67:a0:b8:dc:c1:46:51:a4:5c:41:2d:5d:ce:16:
         d6:c4:15:53:08:40:42:78:ee:70:61:0d:56:ac:d5:8e:e0:df:
         d6:52:7a:72:e7:9f:e4:e5:a3:d0:39:97:e4:4a:f8:a8:81:ac:
         dc:53:d1:03:31:ba:e1:b1:44:59:ec:06:75:81:44:fb:ad:b9:
         d0:28:3e:80:e2:06:04:2c:70:3b:8c:f7:db:c4:a4:87:52:20:
         65:4c:8c:ea:cc:db:f8:2c:b1:48:c0:52:50:0f:be:1b:15:a8:
         45:25:09:49:9e:69:fc:09:0e:8b:31:36:00:6a:69:9a:de:7d:
         8a:3e:92:b3:c1:48:d2:08:63:de:3a:3d:40:78:ca:a5:4e:0d:
         9f:f0:ba:ac:fd:c1:45:d8:5d:5a:ba:20:e6:ef:22:dc:8f:93:
         11:7f:6d:15:11:3b:c6:c3:3a:6c:7a:b6:33:9c:5c:63:b8:83:
         db:70:9c:9a:95:cf:f0:03:ae:ff:c5:9c:fd:ad:a3:58:6a:cc:
         d1:a8:ff:14:0e:d1:9a:7d:6a:4c:88:58:ac:8f:ac:58:05:5c:
         ff:d4:c8:4b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgaKiT+zRQrqbvEEZiH11b5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTE0MTIwOTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWE3MDBmNDViMjdiYjlhMGUxMmY2ZDVjM2ZjNGQ5YTA4NmE3YjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh/QksBmFfBl5DsnOd2gx0jI7WDBB
0kpci7/hcHiVzB8uFTKTPy03IIbBZ3W+LJyA70r2igQMPT8pm6LUlT3m7lDvmG0z
/0ouVqxZBZM3mCYXs7viM6aouutscKiTHysu/L7DYYFHbFLlA0ZA2XAB5jXkWGy6
uF8+aF1PWA6bTFI/EZEd6X/VD00E6LHBxL/gEmBDc91fr6tunLKevTE0XrLiaBpB
2vpro7FJrV8jKD+22psFWnO+y+iI3m7nk9ifLur21PXxf1GjD+IEAe7aA7sKzO7V
xdpZwuiIM0sMpPAJFJ/m8wG/1gATMrsRo0/Ji+PY8pJZUPw5vddZIWL2PwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCWnAPRbJ7uaDhL21cP8TZoIansJMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSmFjQTlGc251NW9PRXZiVndfeE5tZ2hxZXdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFFvhDnCkCgXe8pLImZU
T7qY2yqNO/KzTM+n11WQZQdGYocHVDDBpxdnoLjcwUZRpFxBLV3OFtbEFVMIQEJ4
7nBhDVas1Y7g39ZSenLnn+Tlo9A5l+RK+KiBrNxT0QMxuuGxRFnsBnWBRPutudAo
PoDiBgQscDuM99vEpIdSIGVMjOrM2/gssUjAUlAPvhsVqEUlCUmeafwJDosxNgBq
aZrefYo+krPBSNIIY946PUB4yqVODZ/wuqz9wUXYXVq6IObvItyPkxF/bRURO8bD
Omx6tjOcXGO4g9twnJqVz/ADrv/FnP2to1hqzNGo/xQO0Zp9akyIWKyPrFgFXP/U
yEs=
-----END CERTIFICATE-----