Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KEpykmDczQ3L0cEiTcb9C0lXbCw.roa
File:                     KEpykmDczQ3L0cEiTcb9C0lXbCw.roa (raw, json)
Hash identifier:          alZcQBMfHx09qOVIVYuNlW0IKVOuOkrOd1xDHMNWIeY=
Subject key identifier:   28:4A:72:92:60:DC:CD:0D:CB:D1:C1:22:4D:C6:FD:0B:49:57:6C:2C
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01898A259751F523AED3F5F880A26E0B62A3
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KEpykmDczQ3L0cEiTcb9C0lXbCw.roa
Signing time:             Mon 24 Jul 2023 23:04:26 +0000
ROA not before:           Mon 24 Jul 2023 23:04:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:189:8a25:7abe/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:8a:25:97:51:f5:23:ae:d3:f5:f8:80:a2:6e:0b:62:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 24 23:04:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=284a729260dccd0dcbd1c1224dc6fd0b49576c2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:ec:d0:c0:90:7e:b6:07:da:fd:50:42:04:67:
                    99:11:67:93:42:51:ae:5a:f6:17:68:5f:51:19:ff:
                    8e:ae:c5:8f:a6:90:c4:11:28:9e:a7:c4:8c:5a:71:
                    df:40:47:db:62:ed:8e:42:7f:ca:83:15:41:f2:c0:
                    f0:0f:9e:dc:ca:45:fe:71:85:28:cb:10:f1:23:3c:
                    21:16:c0:15:9c:ba:89:d4:30:91:f8:39:0c:a1:13:
                    f7:62:f6:f2:00:90:52:0e:87:7f:61:c5:d9:da:ed:
                    cc:08:f0:27:95:a2:ee:c9:24:39:e3:7e:2f:c0:7e:
                    91:e0:d5:6c:fd:ca:a0:7f:7d:95:1f:59:54:7d:eb:
                    3d:90:03:88:a2:10:32:c3:60:fe:37:f7:7e:f9:c7:
                    5a:53:c6:a1:bb:42:2b:36:cf:d3:7d:2b:c8:12:c2:
                    72:d8:ba:da:e6:76:49:ff:b9:c9:75:4a:9d:35:e7:
                    88:cc:4d:fd:3e:ba:7f:86:04:14:78:5e:52:53:40:
                    24:a1:e3:97:b2:4f:1f:84:30:8d:91:c3:31:9b:5c:
                    a9:c8:a4:ce:71:d2:36:fa:c0:d2:af:61:33:10:5d:
                    4c:fb:bd:08:68:f4:68:23:8b:14:5c:84:06:51:0b:
                    26:6e:64:22:e3:3b:57:39:75:e7:3f:16:cc:3f:4d:
                    a2:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:4A:72:92:60:DC:CD:0D:CB:D1:C1:22:4D:C6:FD:0B:49:57:6C:2C
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KEpykmDczQ3L0cEiTcb9C0lXbCw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2f:e8:80:56:6e:55:2a:1f:cf:f8:c1:14:41:41:48:32:b0:40:
         bc:4b:6a:06:fc:51:1f:60:96:17:fd:4f:99:b8:b6:6b:ee:8d:
         eb:3c:d7:0e:72:7f:c2:a7:02:58:0f:b7:48:66:d7:df:d9:52:
         de:8c:b0:fa:0d:d3:93:98:aa:df:bc:f9:35:8d:5e:0c:92:55:
         0f:87:1c:b9:ee:5a:83:1d:78:2e:6d:9c:71:57:a1:f7:5a:c8:
         22:e6:2e:90:2c:f0:13:c1:f5:82:68:13:dc:0d:a6:d3:6a:66:
         74:6a:6d:5a:36:b4:c1:1e:08:40:c3:c8:09:07:d9:61:50:60:
         91:d8:19:75:aa:f6:76:97:f5:d4:87:2f:77:8f:19:e5:31:01:
         0c:3b:2c:86:3f:e1:6b:7e:95:60:a5:e9:54:52:74:5b:50:b5:
         9c:b5:5c:ca:d6:2d:3b:fa:78:5c:d9:4a:e9:ee:2e:1d:66:77:
         64:f1:15:7a:6c:88:0d:2d:3f:61:a3:2a:5b:33:17:fa:d0:d4:
         e8:5c:33:61:ba:46:84:82:e7:8f:79:ee:ea:00:60:7a:3e:83:
         7c:86:67:13:ac:32:ad:4c:74:56:bc:eb:4b:14:25:7f:77:46:
         2d:4e:36:93:e5:51:62:81:7d:6e:ac:45:0d:e1:64:5a:07:3d:
         64:43:e3:65
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYmKJZdR9SOu0/X4gKJuC2KjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzI0MjMwNDI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODRhNzI5MjYwZGNjZDBkY2JkMWMxMjI0ZGM2ZmQwYjQ5NTc2YzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnOzQwJB+tgfa/VBCBGeZEWeTQlGu
WvYXaF9RGf+OrsWPppDEESiep8SMWnHfQEfbYu2OQn/KgxVB8sDwD57cykX+cYUo
yxDxIzwhFsAVnLqJ1DCR+DkMoRP3YvbyAJBSDod/YcXZ2u3MCPAnlaLuySQ5434v
wH6R4NVs/cqgf32VH1lUfes9kAOIohAyw2D+N/d++cdaU8ahu0IrNs/TfSvIEsJy
2Lra5nZJ/7nJdUqdNeeIzE39Prp/hgQUeF5SU0AkoeOXsk8fhDCNkcMxm1ypyKTO
cdI2+sDSr2EzEF1M+70IaPRoI4sUXIQGUQsmbmQi4ztXOXXnPxbMP02iSQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFChKcpJg3M0Ny9HBIk3G/QtJV2wsMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvS0VweWttRGN6UTNMMGNFaVRjYjlDMGxYYkN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAC/ogFZuVSofz/jBFEFB
SDKwQLxLagb8UR9glhf9T5m4tmvujes81w5yf8KnAlgPt0hm19/ZUt6MsPoN05OY
qt+8+TWNXgySVQ+HHLnuWoMdeC5tnHFXofdayCLmLpAs8BPB9YJoE9wNptNqZnRq
bVo2tMEeCEDDyAkH2WFQYJHYGXWq9naX9dSHL3ePGeUxAQw7LIY/4Wt+lWCl6VRS
dFtQtZy1XMrWLTv6eFzZSunuLh1md2TxFXpsiA0tP2GjKlszF/rQ1OhcM2G6RoSC
54957uoAYHo+g3yGZxOsMq1MdFa860sUJX93Ri1ONpPlUWKBfW6sRQ3hZFoHPWRD
42U=
-----END CERTIFICATE-----