Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KkDoMuvpCOYX26nXxYrwsc7P5dg.roa
File:                     KkDoMuvpCOYX26nXxYrwsc7P5dg.roa (raw, json)
Hash identifier:          j24g3Y9KR0a4zri7yH2VKULvqL6Q6SJlUuwD+XeIRHU=
Subject key identifier:   2A:40:E8:32:EB:E9:08:E6:17:DB:A9:D7:C5:8A:F0:B1:CE:CF:E5:D8
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01877FABDA551CEE672225B41EF20E1BEF58
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KkDoMuvpCOYX26nXxYrwsc7P5dg.roa
Signing time:             Fri 14 Apr 2023 12:09:41 +0000
ROA not before:           Fri 14 Apr 2023 12:09:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:7f:ab:da:55:1c:ee:67:22:25:b4:1e:f2:0e:1b:ef:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 14 12:09:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2a40e832ebe908e617dba9d7c58af0b1cecfe5d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:3e:d5:da:81:08:9c:8e:95:f2:35:34:d4:3e:
                    f5:15:f7:7f:07:70:b3:da:5f:af:f1:f6:7a:15:d5:
                    59:c0:b2:2a:26:25:41:15:c5:d3:a8:bf:06:e8:28:
                    1b:00:b7:0a:b9:a6:71:67:ff:7d:4f:a7:d8:f6:fa:
                    84:22:d3:2e:66:6a:39:35:58:10:25:17:41:74:26:
                    f9:9c:1c:3d:87:5c:a1:07:8c:ba:11:0c:b6:4d:b2:
                    65:d2:27:b2:c5:a1:15:9d:73:1e:2a:9c:e4:de:90:
                    ed:72:1f:1a:5a:e4:88:06:d2:27:dd:ad:73:2f:b6:
                    64:e5:b0:72:48:a4:8c:9a:34:cc:8b:36:22:1f:23:
                    1c:bd:a9:f6:c6:3f:f7:9d:ef:66:74:3e:d3:f4:fe:
                    6a:66:a1:ad:43:90:54:be:28:f5:37:09:86:89:1c:
                    40:15:6b:3b:67:a2:1b:33:0a:f8:d2:8e:83:3a:b0:
                    09:6a:b7:2b:8b:66:6b:9c:ff:21:7d:ea:69:b8:f0:
                    e2:d3:fe:13:1a:fb:6b:a2:4f:e5:66:a4:93:99:f9:
                    e5:fd:46:d5:b6:3d:6f:b6:8b:8c:21:ec:b9:92:77:
                    66:a5:3e:76:e8:83:8d:2c:f7:72:86:f4:1a:b5:7c:
                    0b:79:45:2f:0c:85:7a:01:97:5d:62:8c:cf:d8:b9:
                    8f:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:40:E8:32:EB:E9:08:E6:17:DB:A9:D7:C5:8A:F0:B1:CE:CF:E5:D8
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KkDoMuvpCOYX26nXxYrwsc7P5dg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         23:24:95:2d:36:1a:c6:aa:ab:86:99:88:f6:09:22:b0:dd:73:
         2c:c6:62:db:de:e0:66:51:33:13:46:cb:dd:80:45:e8:cc:83:
         8e:e5:24:c0:3e:88:70:fe:3e:5b:ab:98:f3:bd:e1:66:dd:f2:
         a4:8f:07:44:0d:54:0a:43:eb:ed:c6:0e:e1:73:84:75:8f:6b:
         0d:3d:eb:ad:a8:da:d8:23:28:14:ec:22:ca:bb:03:06:93:48:
         b9:0f:54:36:8a:47:67:fd:dd:f1:19:b8:39:d7:cf:e4:8e:aa:
         d6:96:81:4f:e1:ce:69:78:9a:71:63:51:47:1f:62:90:9f:01:
         ee:a4:df:8e:0a:ae:f4:1a:d1:7f:a8:3f:ab:47:d3:c1:59:b3:
         aa:cc:1c:93:cf:e0:5f:ba:d6:eb:05:a3:98:cb:f1:65:0f:3e:
         72:a4:71:cf:77:be:03:26:c5:e1:8c:f5:7a:93:f7:42:64:bb:
         ab:48:46:bf:0e:d4:30:c4:a5:13:0c:d3:5b:d1:dd:03:19:72:
         3b:a8:0e:14:ad:7b:b7:d4:c1:ff:18:e5:0e:25:8e:65:36:45:
         75:18:58:7c:bd:c4:e3:d8:36:69:6f:a3:8f:65:4b:03:fb:fb:
         b8:e9:bb:08:a5:5f:0e:c1:e0:a0:8f:c4:d6:78:23:4e:4d:07:
         ae:74:da:0b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYd/q9pVHO5nIiW0HvIOG+9YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDE0MTIwOTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTQwZTgzMmViZTkwOGU2MTdkYmE5ZDdjNThhZjBiMWNlY2ZlNWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApj7V2oEInI6V8jU01D71Ffd/B3Cz
2l+v8fZ6FdVZwLIqJiVBFcXTqL8G6CgbALcKuaZxZ/99T6fY9vqEItMuZmo5NVgQ
JRdBdCb5nBw9h1yhB4y6EQy2TbJl0ieyxaEVnXMeKpzk3pDtch8aWuSIBtIn3a1z
L7Zk5bBySKSMmjTMizYiHyMcvan2xj/3ne9mdD7T9P5qZqGtQ5BUvij1NwmGiRxA
FWs7Z6IbMwr40o6DOrAJarcri2ZrnP8hfeppuPDi0/4TGvtrok/lZqSTmfnl/UbV
tj1vtouMIey5kndmpT526IONLPdyhvQatXwLeUUvDIV6AZddYozP2LmPGwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCpA6DLr6QjmF9up18WK8LHOz+XYMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvS2tEb011dnBDT1lYMjZuWHhZcndzYzdQNWRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACMklS02Gsaqq4aZiPYJ
IrDdcyzGYtve4GZRMxNGy92ARejMg47lJMA+iHD+PlurmPO94Wbd8qSPB0QNVApD
6+3GDuFzhHWPaw09662o2tgjKBTsIsq7AwaTSLkPVDaKR2f93fEZuDnXz+SOqtaW
gU/hzml4mnFjUUcfYpCfAe6k344KrvQa0X+oP6tH08FZs6rMHJPP4F+61usFo5jL
8WUPPnKkcc93vgMmxeGM9XqT90Jku6tIRr8O1DDEpRMM01vR3QMZcjuoDhSte7fU
wf8Y5Q4ljmU2RXUYWHy9xOPYNmlvo49lSwP7+7jpuwilXw7B4KCPxNZ4I05NB650
2gs=
-----END CERTIFICATE-----