Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Kp3jFVTW5Ikim05qKsiGsGTbE50.roa
File:                     Kp3jFVTW5Ikim05qKsiGsGTbE50.roa (raw, json)
Hash identifier:          SvEf5+gK+NBA4jF+hDtcm3pwNEIK65HjUSBJzLWN/9U=
Subject key identifier:   2A:9D:E3:15:54:D6:E4:89:22:9B:4E:6A:2A:C8:86:B0:64:DB:13:9D
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01870DEDDF8AC71FA9BCA2718853AF67C8B6
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Kp3jFVTW5Ikim05qKsiGsGTbE50.roa
Signing time:             Thu 23 Mar 2023 10:05:05 +0000
ROA not before:           Thu 23 Mar 2023 10:05:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:ded:4cf4/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:0d:ed:df:8a:c7:1f:a9:bc:a2:71:88:53:af:67:c8:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 23 10:05:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2a9de31554d6e489229b4e6a2ac886b064db139d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ec:fe:13:43:5b:d8:07:f6:05:8f:47:92:2a:
                    60:47:f2:bc:5b:bc:5d:d6:0c:57:db:f2:4e:97:a7:
                    a0:e0:af:03:eb:2b:9e:03:9d:41:38:f3:aa:9c:ef:
                    39:a6:1c:d5:e7:0d:b2:a9:9a:5c:e7:cb:92:ee:4a:
                    de:48:85:06:0f:68:1c:11:3d:bf:a4:06:09:12:fd:
                    14:88:00:b5:51:48:2c:a3:79:74:8c:1c:b2:82:8e:
                    9a:f9:32:3a:22:fa:c1:3d:a5:56:fd:66:a4:54:df:
                    86:4c:31:8e:d4:7d:ce:53:2b:63:4f:e4:d0:77:05:
                    32:d1:e7:8d:bc:3a:af:9c:da:94:74:15:bb:e7:6f:
                    69:f2:85:9e:d8:44:46:49:6c:a9:86:b6:55:68:f2:
                    4b:32:a3:fd:b3:3a:bd:6e:be:36:9f:90:14:67:0d:
                    5e:b3:f4:de:44:91:69:9b:01:8b:fd:3a:a0:82:e8:
                    80:4b:f7:76:33:77:b4:a6:48:51:08:16:0a:ca:e2:
                    8b:4b:33:4d:e1:63:8d:8f:4c:2f:38:d6:b0:d5:33:
                    b4:f9:d5:e2:11:4d:10:46:c1:1a:52:65:b4:30:f1:
                    96:2a:80:61:f1:d0:35:ff:2c:f8:06:d6:89:5c:6f:
                    06:91:43:cb:02:0d:4c:06:52:1f:68:35:aa:29:fe:
                    3a:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:9D:E3:15:54:D6:E4:89:22:9B:4E:6A:2A:C8:86:B0:64:DB:13:9D
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Kp3jFVTW5Ikim05qKsiGsGTbE50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:1b:36:32:0b:39:92:55:3e:6d:47:71:4a:34:24:5a:cd:39:
         1c:ac:4f:65:a9:a6:63:64:20:b7:09:b2:46:05:d3:d9:7f:a8:
         6b:a0:e6:ef:21:bd:7e:35:8a:c8:0a:47:f6:4d:61:9a:15:86:
         77:83:f2:8a:fa:8f:69:10:33:27:07:5a:1c:eb:26:f5:32:d1:
         26:a0:11:d7:30:9e:33:55:54:a9:d0:8f:dd:04:50:60:b2:c8:
         a5:1a:d4:0f:fd:12:32:14:f1:b7:fb:93:dd:87:e3:17:bd:b6:
         64:0d:00:ad:bb:8c:1f:a9:00:75:2c:6b:7a:46:de:b3:c2:b3:
         0a:13:0a:62:64:43:69:17:5d:68:39:d1:ad:6f:d3:ba:e2:9c:
         cc:61:78:0e:3e:e1:61:b8:3c:24:0a:e0:45:29:f8:a2:bf:3c:
         93:f2:c6:1d:c5:d8:be:bd:78:f8:b7:2c:1b:7a:6d:4b:c9:b3:
         9e:3c:71:fd:2b:f9:e2:70:99:78:0c:dc:b3:be:c8:49:1d:44:
         b3:29:ef:75:f9:c0:52:ff:11:06:c7:a4:dc:ef:f1:7d:67:35:
         8f:37:fc:79:33:81:cd:3d:76:af:2b:f2:00:14:be:c5:eb:af:
         b4:0a:31:35:b0:21:3d:67:a0:c3:16:ce:7a:3d:5f:12:d4:f6:
         54:8e:5c:2e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcN7d+Kxx+pvKJxiFOvZ8i2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzIzMTAwNTA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTlkZTMxNTU0ZDZlNDg5MjI5YjRlNmEyYWM4ODZiMDY0ZGIxMzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquz+E0Nb2Af2BY9HkipgR/K8W7xd
1gxX2/JOl6eg4K8D6yueA51BOPOqnO85phzV5w2yqZpc58uS7kreSIUGD2gcET2/
pAYJEv0UiAC1UUgso3l0jByygo6a+TI6IvrBPaVW/WakVN+GTDGO1H3OUytjT+TQ
dwUy0eeNvDqvnNqUdBW7529p8oWe2ERGSWyphrZVaPJLMqP9szq9br42n5AUZw1e
s/TeRJFpmwGL/TqgguiAS/d2M3e0pkhRCBYKyuKLSzNN4WONj0wvONaw1TO0+dXi
EU0QRsEaUmW0MPGWKoBh8dA1/yz4BtaJXG8GkUPLAg1MBlIfaDWqKf46cQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCqd4xVU1uSJIptOairIhrBk2xOdMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvS3AzakZWVFc1SWtpbTA1cUtzaUdzR1RiRTUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFEbNjILOZJVPm1HcUo0
JFrNORysT2WppmNkILcJskYF09l/qGug5u8hvX41isgKR/ZNYZoVhneD8or6j2kQ
MycHWhzrJvUy0SagEdcwnjNVVKnQj90EUGCyyKUa1A/9EjIU8bf7k92H4xe9tmQN
AK27jB+pAHUsa3pG3rPCswoTCmJkQ2kXXWg50a1v07rinMxheA4+4WG4PCQK4EUp
+KK/PJPyxh3F2L69ePi3LBt6bUvJs548cf0r+eJwmXgM3LO+yEkdRLMp73X5wFL/
EQbHpNzv8X1nNY83/Hkzgc09dq8r8gAUvsXrr7QKMTWwIT1noMMWzno9XxLU9lSO
XC4=
-----END CERTIFICATE-----