Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/MYMhdvNXTSbtk2IPQH6s6Do_Klg.roa
File:                     MYMhdvNXTSbtk2IPQH6s6Do_Klg.roa (raw, json)
Hash identifier:          gif3/GtI5PRlA5GpV4/Y/Zaa+9C1ETmQHWQd/qs6q8Q=
Subject key identifier:   31:83:21:76:F3:57:4D:26:ED:93:62:0F:40:7E:AC:E8:3A:3F:2A:58
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018822570A491F5FA573F3B1B531EF35AA7C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/MYMhdvNXTSbtk2IPQH6s6Do_Klg.roa
Signing time:             Tue 16 May 2023 02:15:09 +0000
ROA not before:           Tue 16 May 2023 02:15:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:22:57:0a:49:1f:5f:a5:73:f3:b1:b5:31:ef:35:aa:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 16 02:15:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=31832176f3574d26ed93620f407eace83a3f2a58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:43:24:c6:33:cc:fb:60:37:c0:cf:6c:a6:b4:
                    bc:f3:cd:48:64:9c:4b:0d:fe:67:ec:a4:05:d2:d5:
                    2f:a2:07:e5:6e:be:0d:1e:0f:d1:11:9d:e4:76:cb:
                    11:d3:d7:02:3b:fb:c4:8d:1f:f7:4b:25:25:bd:dd:
                    60:b2:03:b7:15:66:da:13:1b:9e:5c:aa:04:eb:ba:
                    bf:d9:f6:a0:ab:89:ff:86:b2:4b:5d:39:a6:8b:12:
                    49:a2:69:cf:5d:73:05:ca:aa:c4:a9:98:a4:f3:49:
                    22:32:9d:4e:b0:d0:f0:af:4f:41:f3:b9:fb:a4:57:
                    7d:30:b2:79:a0:db:e2:1a:3f:46:62:25:85:0d:e7:
                    b7:5e:56:f8:2c:63:56:b2:ee:d1:05:a1:db:45:d4:
                    c5:57:9c:9d:94:62:fc:d4:eb:bc:fa:e7:e2:81:42:
                    01:55:3a:ed:fb:6f:09:09:8a:c8:7e:40:11:be:aa:
                    14:6e:5b:c9:64:8e:00:3e:c5:3f:fd:6a:e3:ee:62:
                    fd:d7:ec:c2:96:c3:4a:52:e6:b7:33:d2:9d:2a:d3:
                    9b:b7:80:6f:24:c7:5b:26:95:1d:d5:0f:ec:15:6d:
                    ef:06:9b:ee:54:ba:10:09:c6:98:8c:fe:df:fd:4d:
                    f1:ac:64:a9:89:a6:13:ab:08:9f:30:19:66:35:67:
                    70:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:83:21:76:F3:57:4D:26:ED:93:62:0F:40:7E:AC:E8:3A:3F:2A:58
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/MYMhdvNXTSbtk2IPQH6s6Do_Klg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a2:8b:27:9d:4e:a1:c2:13:91:de:c9:77:1c:2f:a6:e8:c3:5d:
         f3:b2:03:04:8d:5d:f2:5b:be:41:9c:38:10:5e:eb:4d:ab:63:
         d5:7f:5d:e4:d2:f3:00:7c:cf:80:a5:85:f0:6f:d7:c5:5f:eb:
         e4:8a:f2:01:cd:f2:d4:f8:07:66:a9:3d:96:62:cd:59:14:32:
         49:33:19:d7:0d:38:92:ed:95:0c:f5:c3:14:3a:62:8b:64:24:
         cb:99:d0:7f:47:9d:6f:da:82:8c:fb:6a:c1:d2:9d:14:9d:8d:
         db:8a:3a:18:7c:b7:22:ab:09:15:7e:ec:4f:75:8f:ba:7b:8a:
         58:d7:fb:29:00:1c:2a:3d:cd:77:e1:cb:83:d5:75:7b:46:58:
         75:13:cc:52:92:0f:f4:63:8d:e7:a7:1f:b2:8b:73:07:5d:1e:
         03:ed:d0:49:08:7a:81:27:68:ec:54:7b:d7:5b:d6:1f:42:2d:
         14:b4:06:af:87:3e:71:07:32:35:c8:e1:90:c5:81:4b:d1:b4:
         d7:cd:67:08:a2:22:cb:ba:01:d4:8f:6f:0f:98:b8:6f:c7:13:
         c9:1c:4c:50:f6:fe:af:fb:64:e1:12:0a:3e:53:36:99:7f:c3:
         fd:0a:a0:b0:92:0e:42:fd:56:cc:ca:06:d6:e3:a1:34:ac:13:
         1f:8e:11:ff
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgiVwpJH1+lc/OxtTHvNap8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTE2MDIxNTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTgzMjE3NmYzNTc0ZDI2ZWQ5MzYyMGY0MDdlYWNlODNhM2YyYTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3EMkxjPM+2A3wM9sprS8881IZJxL
Df5n7KQF0tUvogflbr4NHg/REZ3kdssR09cCO/vEjR/3SyUlvd1gsgO3FWbaExue
XKoE67q/2fagq4n/hrJLXTmmixJJomnPXXMFyqrEqZik80kiMp1OsNDwr09B87n7
pFd9MLJ5oNviGj9GYiWFDee3Xlb4LGNWsu7RBaHbRdTFV5ydlGL81Ou8+ufigUIB
VTrt+28JCYrIfkARvqoUblvJZI4APsU//Wrj7mL91+zClsNKUua3M9KdKtObt4Bv
JMdbJpUd1Q/sFW3vBpvuVLoQCcaYjP7f/U3xrGSpiaYTqwifMBlmNWdwywIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDGDIXbzV00m7ZNiD0B+rOg6PypYMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvTVlNaGR2TlhUU2J0azJJUFFINnM2RG9fS2xnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKKLJ51OocITkd7Jdxwv
pujDXfOyAwSNXfJbvkGcOBBe602rY9V/XeTS8wB8z4ClhfBv18Vf6+SK8gHN8tT4
B2apPZZizVkUMkkzGdcNOJLtlQz1wxQ6YotkJMuZ0H9HnW/agoz7asHSnRSdjduK
Ohh8tyKrCRV+7E91j7p7iljX+ykAHCo9zXfhy4PVdXtGWHUTzFKSD/RjjeenH7KL
cwddHgPt0EkIeoEnaOxUe9db1h9CLRS0Bq+HPnEHMjXI4ZDFgUvRtNfNZwiiIsu6
AdSPbw+YuG/HE8kcTFD2/q/7ZOESCj5TNpl/w/0KoLCSDkL9VszKBtbjoTSsEx+O
Ef8=
-----END CERTIFICATE-----