Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KUJi2YxEJZbNtQq_QmFFG3cSjzc.roa
File:                     KUJi2YxEJZbNtQq_QmFFG3cSjzc.roa (raw, json)
Hash identifier:          DAD1vzk1QW8UoAQe9Q8pueJ7ilkRt+c8p5wJ+qGTAeE=
Subject key identifier:   29:42:62:D9:8C:44:25:96:CD:B5:0A:BF:42:61:45:1B:77:12:8F:37
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187A0119D73FBAF10965427DEF992917B3F
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KUJi2YxEJZbNtQq_QmFFG3cSjzc.roa
Signing time:             Thu 20 Apr 2023 19:08:41 +0000
ROA not before:           Thu 20 Apr 2023 19:08:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:a0:11:9d:73:fb:af:10:96:54:27:de:f9:92:91:7b:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 20 19:08:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=294262d98c442596cdb50abf4261451b77128f37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:92:05:ff:2a:5a:79:ae:72:ab:16:f5:d0:35:
                    73:74:01:34:57:a1:4c:8a:7e:6d:87:81:6d:9f:f1:
                    40:0a:82:5d:cb:ea:70:b8:ad:ab:29:ac:e0:e0:5b:
                    f1:05:43:ab:dc:33:6f:8b:26:5a:e0:44:0f:4a:cd:
                    0a:b1:35:7e:92:77:cd:2a:53:84:df:81:59:9a:78:
                    79:10:25:6f:0e:0f:ca:f8:33:c2:63:00:30:86:be:
                    37:2c:5e:83:ad:66:7d:31:61:1e:3e:16:cb:a4:9a:
                    a0:5b:5c:ca:99:00:b2:33:61:38:a3:5c:ae:7c:13:
                    db:7c:5c:ce:0e:46:eb:6d:84:15:27:3b:38:f0:3e:
                    6c:84:0f:ed:de:4c:6a:d5:70:2c:87:c6:0d:1b:27:
                    5e:a4:54:d8:2e:90:0f:3b:00:e3:22:fa:bb:83:42:
                    b1:b6:1e:b0:e8:14:3c:53:7b:2d:68:27:da:e9:07:
                    84:aa:e5:e9:9b:e3:3b:c4:6e:da:7a:88:15:99:a2:
                    70:11:d1:27:ae:9a:46:2a:85:72:fa:bc:ec:fb:d7:
                    c3:0f:52:d5:0a:1c:1c:68:00:7a:bf:aa:d2:be:d7:
                    76:71:50:71:27:58:ba:c4:54:22:3c:c2:6e:a4:65:
                    30:88:06:c8:63:36:65:3a:b9:8e:7a:d1:6a:b0:6f:
                    7f:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:42:62:D9:8C:44:25:96:CD:B5:0A:BF:42:61:45:1B:77:12:8F:37
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KUJi2YxEJZbNtQq_QmFFG3cSjzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:6c:97:3b:a3:9c:e4:e7:7e:e3:3a:00:2a:50:fc:99:b1:01:
         b2:2b:97:1f:dc:fd:8c:93:14:38:90:38:7b:b7:df:68:94:f3:
         35:3d:56:25:07:d7:9a:1e:9e:b2:06:8d:a6:19:f7:24:40:ba:
         0a:d1:d3:42:f0:a4:05:22:92:59:3a:db:82:83:fa:7d:f6:54:
         f6:50:38:64:c8:ac:db:41:03:c2:0d:d9:3b:55:ed:38:bc:ed:
         b6:97:8f:22:40:92:11:e9:12:4d:2d:28:62:18:d6:cc:c8:dc:
         52:00:f6:eb:27:0b:29:33:24:fb:7c:28:9a:92:1f:23:39:1b:
         00:7c:f1:f9:a5:d3:a6:a2:29:4d:58:35:ee:74:24:0d:29:83:
         df:f3:19:90:22:7b:d5:58:0a:c6:44:90:a2:d3:2d:a9:bd:d7:
         68:26:ba:d5:05:5f:6c:cd:1d:6e:0f:c0:54:fa:9a:4a:90:b3:
         b2:18:cb:ac:d5:e0:27:35:94:8f:bf:52:e6:ae:e1:72:32:a8:
         f3:8d:95:f4:b3:c5:19:1a:2c:bd:7b:b9:c5:76:c5:d7:43:ac:
         6e:21:d2:21:29:67:ff:ee:71:e8:a3:5b:5b:22:74:ad:7d:6c:
         3c:df:ee:3d:58:5d:68:85:14:22:ab:eb:ab:20:90:8a:6d:94:
         7e:66:08:95
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYegEZ1z+68QllQn3vmSkXs/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDIwMTkwODQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTQyNjJkOThjNDQyNTk2Y2RiNTBhYmY0MjYxNDUxYjc3MTI4ZjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh5IF/ypaea5yqxb10DVzdAE0V6FM
in5th4Ftn/FACoJdy+pwuK2rKazg4FvxBUOr3DNviyZa4EQPSs0KsTV+knfNKlOE
34FZmnh5ECVvDg/K+DPCYwAwhr43LF6DrWZ9MWEePhbLpJqgW1zKmQCyM2E4o1yu
fBPbfFzODkbrbYQVJzs48D5shA/t3kxq1XAsh8YNGydepFTYLpAPOwDjIvq7g0Kx
th6w6BQ8U3staCfa6QeEquXpm+M7xG7aeogVmaJwEdEnrppGKoVy+rzs+9fDD1LV
ChwcaAB6v6rSvtd2cVBxJ1i6xFQiPMJupGUwiAbIYzZlOrmOetFqsG9/tQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFClCYtmMRCWWzbUKv0JhRRt3Eo83MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvS1VKaTJZeEVKWmJOdFFxX1FtRkZHM2NTanpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHpslzujnOTnfuM6ACpQ
/JmxAbIrlx/c/YyTFDiQOHu332iU8zU9ViUH15oenrIGjaYZ9yRAugrR00LwpAUi
klk624KD+n32VPZQOGTIrNtBA8IN2TtV7Ti87baXjyJAkhHpEk0tKGIY1szI3FIA
9usnCykzJPt8KJqSHyM5GwB88fml06aiKU1YNe50JA0pg9/zGZAie9VYCsZEkKLT
Lam912gmutUFX2zNHW4PwFT6mkqQs7IYy6zV4Cc1lI+/Uuau4XIyqPONlfSzxRka
LL17ucV2xddDrG4h0iEpZ//uceijW1sidK19bDzf7j1YXWiFFCKr66sgkIptlH5m
CJU=
-----END CERTIFICATE-----