Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/JzkXnnpyor9ti216EnC0VxsvL-Y.roa
File:                     JzkXnnpyor9ti216EnC0VxsvL-Y.roa (raw, json)
Hash identifier:          NHpvx8JUJAPgHR+rXrKRZ4n7SXV/loa+dgd7HUuQnAE=
Subject key identifier:   27:39:17:9E:7A:72:A2:BF:6D:8B:6D:7A:12:70:B4:57:1B:2F:2F:E6
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187AFF4667CE9990932D3F188A20D42EB47
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/JzkXnnpyor9ti216EnC0VxsvL-Y.roa
Signing time:             Sun 23 Apr 2023 21:10:42 +0000
ROA not before:           Sun 23 Apr 2023 21:10:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:af:f4:66:7c:e9:99:09:32:d3:f1:88:a2:0d:42:eb:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 23 21:10:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2739179e7a72a2bf6d8b6d7a1270b4571b2f2fe6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:76:73:e6:9f:df:e6:80:af:c6:6c:9e:83:1b:
                    48:76:13:79:c6:ba:57:fb:af:b5:54:29:d6:f2:ba:
                    00:f8:9e:6b:b9:d1:ff:a5:eb:6e:65:c2:66:4c:df:
                    d5:77:f3:e7:87:eb:3b:79:e7:d2:34:9e:d4:d4:67:
                    af:0f:df:57:6a:65:d9:26:56:7f:a8:f3:9b:06:ca:
                    6b:a8:c6:e5:f9:d7:7c:65:ce:ef:2d:dc:f6:a4:ef:
                    55:0f:35:17:81:43:b2:f5:75:40:6e:4b:08:44:c5:
                    6c:d4:9f:0b:f5:7b:4c:64:a8:57:9f:3e:6d:7a:44:
                    ce:57:11:2b:8d:e5:a2:75:e3:18:06:04:1c:c7:41:
                    4c:61:5c:0b:94:69:ac:60:d8:1f:bd:43:6f:8b:35:
                    23:89:f9:7d:d9:a2:42:ea:52:23:35:07:9e:99:c0:
                    12:57:95:bf:1a:5a:48:3c:82:5c:3f:3e:3e:a7:98:
                    d3:fa:bf:a6:00:f7:82:2e:a8:e8:71:42:ad:9d:76:
                    db:13:4e:8d:f9:eb:70:65:4a:a0:b7:97:b5:96:38:
                    b1:10:32:d8:ed:8f:d3:61:e7:5b:9f:5e:0c:81:f5:
                    c7:88:7b:ee:3f:d7:9c:58:d2:fb:92:41:ae:98:a0:
                    68:4f:a8:71:fd:d5:85:e1:ce:ee:c4:bd:2c:17:b7:
                    f3:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:39:17:9E:7A:72:A2:BF:6D:8B:6D:7A:12:70:B4:57:1B:2F:2F:E6
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/JzkXnnpyor9ti216EnC0VxsvL-Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         00:5e:fd:e5:4e:04:77:96:e9:01:c6:56:12:15:1d:97:b1:5d:
         e3:42:f5:1a:91:e2:c2:d5:57:6a:da:4f:a0:4d:33:d6:5b:8f:
         09:ec:09:e5:f7:81:09:ee:1d:e6:06:fc:68:19:c3:ef:56:bc:
         6f:a8:0b:80:18:ca:6a:1b:f5:c5:24:59:ba:9b:78:0f:b2:51:
         6f:4b:93:d8:7c:c7:42:9b:a6:14:8e:d1:ef:cc:ce:18:0e:ae:
         98:b4:f7:68:36:d3:ef:55:d8:c2:f9:73:d7:e8:9c:a5:c7:cb:
         8b:c3:a8:8f:c2:c5:57:c3:65:41:77:c3:1a:52:89:d6:e5:5b:
         f2:0a:30:9a:8c:e2:39:72:00:b0:1b:9f:5c:51:43:0f:1e:40:
         63:c8:e0:16:6c:9e:2d:7f:c6:48:fc:b1:93:96:e1:d6:a2:71:
         d3:49:63:27:54:53:0e:ec:c9:7d:47:8b:4d:a1:77:0d:83:31:
         bf:33:bc:b3:82:1a:07:36:41:7b:97:80:63:2f:5f:a8:cd:48:
         90:4b:b5:14:97:09:ef:80:b8:f4:95:93:73:8a:94:03:ae:3d:
         a3:b2:92:3b:f9:95:cf:57:ed:a9:c0:bc:79:b9:4c:d8:14:03:
         50:86:63:73:4a:4e:56:b7:85:fd:1c:4a:e0:aa:26:a9:0d:10:
         ea:d0:92:c9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYev9GZ86ZkJMtPxiKINQutHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDIzMjExMDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzM5MTc5ZTdhNzJhMmJmNmQ4YjZkN2ExMjcwYjQ1NzFiMmYyZmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmnZz5p/f5oCvxmyegxtIdhN5xrpX
+6+1VCnW8roA+J5rudH/petuZcJmTN/Vd/Pnh+s7eefSNJ7U1GevD99XamXZJlZ/
qPObBsprqMbl+dd8Zc7vLdz2pO9VDzUXgUOy9XVAbksIRMVs1J8L9XtMZKhXnz5t
ekTOVxErjeWideMYBgQcx0FMYVwLlGmsYNgfvUNvizUjifl92aJC6lIjNQeemcAS
V5W/GlpIPIJcPz4+p5jT+r+mAPeCLqjocUKtnXbbE06N+etwZUqgt5e1ljixEDLY
7Y/TYedbn14MgfXHiHvuP9ecWNL7kkGumKBoT6hx/dWF4c7uxL0sF7fzXQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCc5F556cqK/bYttehJwtFcbLy/mMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSnprWG5ucHlvcjl0aTIxNkVuQzBWeHN2TC1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAABe/eVOBHeW6QHGVhIV
HZexXeNC9RqR4sLVV2raT6BNM9ZbjwnsCeX3gQnuHeYG/GgZw+9WvG+oC4AYymob
9cUkWbqbeA+yUW9Lk9h8x0KbphSO0e/MzhgOrpi092g20+9V2ML5c9fonKXHy4vD
qI/CxVfDZUF3wxpSidblW/IKMJqM4jlyALAbn1xRQw8eQGPI4BZsni1/xkj8sZOW
4daicdNJYydUUw7syX1Hi02hdw2DMb8zvLOCGgc2QXuXgGMvX6jNSJBLtRSXCe+A
uPSVk3OKlAOuPaOykjv5lc9X7anAvHm5TNgUA1CGY3NKTla3hf0cSuCqJqkNEOrQ
ksk=
-----END CERTIFICATE-----