Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Mrv4uBjvC9X5WuKd3v-QJvdZWYg.roa
File:                     Mrv4uBjvC9X5WuKd3v-QJvdZWYg.roa (raw, json)
Hash identifier:          KhJcrUof4bFn6RTZrIYm7bgXaa8AraZBpsyqCAG19UY=
Subject key identifier:   32:BB:F8:B8:18:EF:0B:D5:F9:5A:E2:9D:DE:FF:90:26:F7:59:59:88
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01882175D3D61B79938894D0E8E7FF831187
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Mrv4uBjvC9X5WuKd3v-QJvdZWYg.roa
Signing time:             Mon 15 May 2023 22:09:10 +0000
ROA not before:           Mon 15 May 2023 22:09:10 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:21:75:d3:d6:1b:79:93:88:94:d0:e8:e7:ff:83:11:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 15 22:09:10 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=32bbf8b818ef0bd5f95ae29ddeff9026f7595988
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:3b:48:5a:d3:b7:f2:5f:1b:5b:22:02:6e:9e:
                    42:30:c7:28:76:ff:99:5b:aa:68:9e:f2:be:4c:ae:
                    3b:7d:1c:49:aa:fd:b7:17:a4:e7:4f:0f:2d:d8:28:
                    b0:83:02:b3:53:1a:31:7c:53:76:79:7f:1f:d5:3c:
                    0e:be:b7:11:8e:03:6b:55:7b:9a:ae:ed:8f:db:25:
                    8b:2c:58:4e:8c:54:0d:5b:7e:d9:51:cb:ee:75:cf:
                    a4:9f:a4:ba:73:81:e3:73:f9:e3:d4:bd:18:68:8a:
                    a7:ea:14:ef:b1:6e:b6:22:13:b6:c2:c3:11:64:c5:
                    c5:65:46:11:47:67:c0:d6:11:cb:d9:b4:7d:ff:63:
                    fc:7e:c3:d2:2b:f3:fe:c8:a5:2b:d1:ca:8f:67:10:
                    f4:3c:f6:fd:1f:3d:b3:89:e7:ce:7a:4d:d7:83:00:
                    6f:c8:11:17:3e:ba:c5:3a:5d:84:ee:d9:fa:8d:71:
                    fc:33:02:7b:0f:05:b2:7b:64:f8:c4:d2:b6:cf:7e:
                    67:b1:56:f2:6b:b0:7e:42:77:b8:be:c9:5f:25:fb:
                    3d:61:c1:63:1a:5f:23:9b:eb:cf:78:cf:c6:cf:54:
                    15:0c:49:78:7d:08:3b:c2:de:9f:1d:25:f5:1d:32:
                    e9:cd:64:2f:f1:36:89:21:87:15:96:b0:f2:2c:0a:
                    70:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:BB:F8:B8:18:EF:0B:D5:F9:5A:E2:9D:DE:FF:90:26:F7:59:59:88
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Mrv4uBjvC9X5WuKd3v-QJvdZWYg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         b2:a7:c9:e7:96:f9:3e:63:25:59:1e:3f:ae:31:d6:54:91:d7:
         41:a6:58:9b:1f:eb:96:d4:70:66:0a:31:e2:3d:6b:e6:7c:44:
         1f:e1:a7:12:50:67:a7:84:da:cf:b6:2f:6b:80:e6:00:46:17:
         45:36:9f:35:e4:95:f1:b0:bb:e6:f3:8d:e4:27:30:a4:94:9d:
         bf:31:61:56:a8:79:89:f8:22:f6:5c:17:12:af:c3:5e:bf:41:
         0c:0f:6d:2d:ef:43:27:06:c7:31:bf:af:fb:c7:8a:03:91:87:
         0c:1a:37:fd:1a:92:d9:a2:de:f5:f2:b6:3d:b6:dd:11:30:77:
         da:c1:fb:2d:b0:12:be:83:2a:9f:67:c8:81:22:50:83:70:bf:
         89:b0:04:c8:2d:31:e9:13:3e:63:77:ea:a8:bc:22:7d:24:b8:
         5f:fa:05:f6:62:26:5d:d3:59:b1:fb:61:b2:9a:81:3e:a4:3f:
         b2:46:e3:b4:1c:d6:1d:30:a3:ad:cf:1a:51:b9:f7:f4:e2:ae:
         af:23:72:f5:3f:23:a8:4c:cf:1f:c7:c8:0c:ca:ec:9a:ba:d1:
         8c:eb:03:a2:d2:69:f4:50:84:ac:91:9b:82:fd:b1:ac:5d:6a:
         00:bd:33:52:0a:69:c9:cb:e9:20:33:37:14:a6:87:ef:5a:d2:
         9f:15:bf:67
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYghddPWG3mTiJTQ6Of/gxGHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTE1MjIwOTEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmJiZjhiODE4ZWYwYmQ1Zjk1YWUyOWRkZWZmOTAyNmY3NTk1OTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgTtIWtO38l8bWyICbp5CMMcodv+Z
W6ponvK+TK47fRxJqv23F6TnTw8t2CiwgwKzUxoxfFN2eX8f1TwOvrcRjgNrVXua
ru2P2yWLLFhOjFQNW37ZUcvudc+kn6S6c4Hjc/nj1L0YaIqn6hTvsW62IhO2wsMR
ZMXFZUYRR2fA1hHL2bR9/2P8fsPSK/P+yKUr0cqPZxD0PPb9Hz2ziefOek3XgwBv
yBEXPrrFOl2E7tn6jXH8MwJ7DwWye2T4xNK2z35nsVbya7B+Qne4vslfJfs9YcFj
Gl8jm+vPeM/Gz1QVDEl4fQg7wt6fHSX1HTLpzWQv8TaJIYcVlrDyLApwYwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDK7+LgY7wvV+Vrind7/kCb3WVmIMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvTXJ2NHVCanZDOVg1V3VLZDN2LVFKdmRaV1lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBALKnyeeW+T5jJVkeP64x
1lSR10GmWJsf65bUcGYKMeI9a+Z8RB/hpxJQZ6eE2s+2L2uA5gBGF0U2nzXklfGw
u+bzjeQnMKSUnb8xYVaoeYn4IvZcFxKvw16/QQwPbS3vQycGxzG/r/vHigORhwwa
N/0aktmi3vXytj223REwd9rB+y2wEr6DKp9nyIEiUINwv4mwBMgtMekTPmN36qi8
In0kuF/6BfZiJl3TWbH7YbKagT6kP7JG47Qc1h0wo63PGlG59/Tirq8jcvU/I6hM
zx/HyAzK7Jq60YzrA6LSafRQhKyRm4L9saxdagC9M1IKacnL6SAzNxSmh+9a0p8V
v2c=
-----END CERTIFICATE-----