Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/MkTVi1tQmFqkmJugoxNc4CBcnPM.roa
File:                     MkTVi1tQmFqkmJugoxNc4CBcnPM.roa (raw, json)
Hash identifier:          3e7v8uHJpDR13REg8jzTgUtKrsR//NTuQkUFHWlr640=
Subject key identifier:   32:44:D5:8B:5B:50:98:5A:A4:98:9B:A0:A3:13:5C:E0:20:5C:9C:F3
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187A56FD2CF8A1E446BB2F2E4AF02C7BAE2
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/MkTVi1tQmFqkmJugoxNc4CBcnPM.roa
Signing time:             Fri 21 Apr 2023 20:09:41 +0000
ROA not before:           Fri 21 Apr 2023 20:09:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:a5:6f:d2:cf:8a:1e:44:6b:b2:f2:e4:af:02:c7:ba:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 21 20:09:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3244d58b5b50985aa4989ba0a3135ce0205c9cf3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:7e:96:df:94:3b:b3:df:a0:5e:2a:59:13:fd:
                    8f:68:57:cb:16:f0:ef:29:0a:e1:1d:49:55:d1:a6:
                    ae:b9:5c:8c:b0:7a:60:dd:ca:01:50:51:e8:30:46:
                    a8:c3:09:80:7c:a5:ee:26:13:60:64:0b:2c:3e:a6:
                    e6:96:1f:63:c6:1c:25:14:50:e9:b0:7b:63:da:84:
                    e2:b8:a9:e7:41:38:ad:26:b2:7e:43:96:5b:e7:7d:
                    e6:ee:2e:42:20:7b:94:9a:ae:40:cb:67:f2:26:de:
                    b6:46:19:21:f2:34:e0:c1:44:15:a3:29:38:a9:df:
                    ea:70:c2:e6:2b:fd:db:7c:e3:ec:6a:28:7c:38:5f:
                    b7:c1:4a:53:b5:17:8b:76:f3:eb:39:1e:e5:d7:6b:
                    d1:03:43:f8:79:ff:41:40:cc:0a:32:8f:68:2c:71:
                    a1:5a:95:36:31:9c:8b:74:12:ad:4c:65:17:42:b0:
                    86:8b:5e:02:a5:0f:dd:46:7a:93:22:1e:69:d4:a6:
                    05:05:1c:35:55:14:b1:e7:0d:54:9d:aa:12:f3:12:
                    06:fe:62:5d:ba:0c:61:6f:f8:1d:fb:86:a3:45:23:
                    62:14:e0:0b:fe:a1:60:5b:30:64:c1:28:51:b7:c2:
                    df:25:4f:1a:27:2c:c5:30:53:46:ff:28:eb:05:05:
                    37:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:44:D5:8B:5B:50:98:5A:A4:98:9B:A0:A3:13:5C:E0:20:5C:9C:F3
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/MkTVi1tQmFqkmJugoxNc4CBcnPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:bc:eb:3a:2c:dd:56:8d:9d:29:f1:b9:21:56:ce:05:fd:7f:
         1c:76:65:c4:5e:ce:b5:aa:84:b9:66:05:f7:36:ee:8e:b2:c8:
         f9:21:d8:71:4c:76:0d:82:40:5d:db:8a:8d:8e:86:0a:94:cd:
         dd:8f:b9:0c:04:00:7b:59:cd:a1:b6:89:04:b1:37:a1:19:53:
         2a:77:ba:a5:10:d8:4e:3f:20:02:1d:20:62:3a:4e:fe:57:59:
         60:b2:7a:ed:51:40:c9:fd:cb:8c:5c:c5:55:01:74:54:69:fc:
         b6:2a:dc:c9:da:17:b8:ec:6d:bc:5b:36:91:5f:f6:18:ff:00:
         94:33:7c:23:db:db:e6:1a:57:fa:3d:d3:58:db:c1:2d:44:a4:
         a8:29:9f:38:e4:25:b3:36:e8:3d:6e:64:1a:62:46:78:11:1a:
         ca:59:1c:7c:88:de:ad:43:10:4a:0b:79:d6:bb:ed:8e:2b:cc:
         2f:30:79:dc:da:6d:0e:2b:5c:ad:e7:b6:a2:02:d0:7e:35:63:
         e9:1b:28:26:18:fe:f1:3c:79:e8:66:d5:9f:cb:40:1e:e4:c1:
         5f:17:5a:4f:b3:4c:4e:26:de:b0:9b:44:42:2d:82:f1:e5:ca:
         5b:00:0c:74:0b:8a:a4:e1:30:47:ba:45:0b:d0:36:23:d4:ce:
         7e:3a:cc:de
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYelb9LPih5Ea7Ly5K8Cx7riMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDIxMjAwOTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjQ0ZDU4YjViNTA5ODVhYTQ5ODliYTBhMzEzNWNlMDIwNWM5Y2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4H6W35Q7s9+gXipZE/2PaFfLFvDv
KQrhHUlV0aauuVyMsHpg3coBUFHoMEaowwmAfKXuJhNgZAssPqbmlh9jxhwlFFDp
sHtj2oTiuKnnQTitJrJ+Q5Zb533m7i5CIHuUmq5Ay2fyJt62Rhkh8jTgwUQVoyk4
qd/qcMLmK/3bfOPsaih8OF+3wUpTtReLdvPrOR7l12vRA0P4ef9BQMwKMo9oLHGh
WpU2MZyLdBKtTGUXQrCGi14CpQ/dRnqTIh5p1KYFBRw1VRSx5w1UnaoS8xIG/mJd
ugxhb/gd+4ajRSNiFOAL/qFgWzBkwShRt8LfJU8aJyzFMFNG/yjrBQU3UwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDJE1YtbUJhapJiboKMTXOAgXJzzMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvTWtUVmkxdFFtRnFrbUp1Z294TmM0Q0JjblBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFG86zos3VaNnSnxuSFW
zgX9fxx2ZcRezrWqhLlmBfc27o6yyPkh2HFMdg2CQF3bio2OhgqUzd2PuQwEAHtZ
zaG2iQSxN6EZUyp3uqUQ2E4/IAIdIGI6Tv5XWWCyeu1RQMn9y4xcxVUBdFRp/LYq
3MnaF7jsbbxbNpFf9hj/AJQzfCPb2+YaV/o901jbwS1EpKgpnzjkJbM26D1uZBpi
RngRGspZHHyI3q1DEEoLeda77Y4rzC8wedzabQ4rXK3ntqIC0H41Y+kbKCYY/vE8
eehm1Z/LQB7kwV8XWk+zTE4m3rCbREItgvHlylsADHQLiqThMEe6RQvQNiPUzn46
zN4=
-----END CERTIFICATE-----