Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/MzIt9sKlvAPibsPlPC053V9bt-g.roa
File:                     MzIt9sKlvAPibsPlPC053V9bt-g.roa (raw, json)
Hash identifier:          OTy9KGYDAKt2sLjCm0y+UNdH+se4PXIkMiaS1J8ZEco=
Subject key identifier:   33:32:2D:F6:C2:A5:BC:03:E2:6E:C3:E5:3C:2D:39:DD:5F:5B:B7:E8
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186DC2F033FDA35A61196E6C2CF952B8781
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/MzIt9sKlvAPibsPlPC053V9bt-g.roa
Signing time:             Mon 13 Mar 2023 18:15:13 +0000
ROA not before:           Mon 13 Mar 2023 18:15:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:dc:2f:03:3f:da:35:a6:11:96:e6:c2:cf:95:2b:87:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 13 18:15:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=33322df6c2a5bc03e26ec3e53c2d39dd5f5bb7e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:b2:2f:ac:f4:b1:7b:a7:67:0e:cf:9f:f4:72:
                    72:1c:b6:21:43:0a:79:51:98:34:1e:5b:a5:7d:61:
                    ff:fa:f3:7a:cd:69:94:e6:9a:5e:d4:c2:4a:ab:39:
                    01:e0:6b:0f:22:3a:d3:fe:fc:fe:9f:d9:7d:4d:a2:
                    d2:81:e5:b9:cb:23:19:e7:5b:33:28:5c:66:50:2f:
                    82:13:e4:65:ce:96:23:70:89:77:d4:5b:27:99:e1:
                    ff:b8:92:e4:2a:a7:33:49:1c:1a:b8:06:e6:19:25:
                    61:c7:9d:0e:62:0b:d0:56:a6:5c:62:29:45:a0:f6:
                    8d:dd:95:8c:ae:27:e4:79:30:e4:bb:d8:da:d3:16:
                    9a:6c:83:c9:df:e8:c1:cc:4b:41:ea:04:6f:c9:eb:
                    ee:b7:23:44:7c:77:be:8a:db:f8:10:b5:83:9d:18:
                    ae:dc:d7:26:ad:ac:da:e6:ae:11:85:2b:b0:81:77:
                    ba:ba:1a:49:42:0f:bc:85:48:34:e7:0e:ce:6e:18:
                    02:15:09:ff:b4:aa:1f:d9:af:14:d3:0f:ff:7c:10:
                    7a:9e:0f:45:5a:5d:6c:a4:d6:9c:1c:94:30:c0:95:
                    91:08:b2:79:73:ed:f9:3c:50:2d:dc:2e:90:df:e7:
                    b7:23:ec:c7:ff:ac:62:bc:4f:bf:2e:01:d0:02:b7:
                    d2:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:32:2D:F6:C2:A5:BC:03:E2:6E:C3:E5:3C:2D:39:DD:5F:5B:B7:E8
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/MzIt9sKlvAPibsPlPC053V9bt-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         44:ec:74:61:6c:8e:0a:8c:00:f7:0b:da:88:0d:48:94:fb:7e:
         01:48:5b:49:e8:a5:e8:98:01:93:53:63:94:50:e7:ae:11:32:
         a3:6b:d0:42:de:98:5a:cd:44:04:a0:62:52:43:57:d5:f4:e3:
         4c:22:59:9f:0e:fe:d8:62:ea:b8:d3:4f:11:ba:89:77:b0:e4:
         d4:ab:1c:4d:7d:c9:6a:23:43:cd:a7:57:8d:a4:7a:03:49:76:
         91:db:1c:aa:ff:be:2d:a6:da:63:33:c4:f4:ee:9a:a8:d9:2d:
         53:9a:cc:62:ac:a0:89:0b:ec:0b:7f:b1:a2:8a:d3:3a:6f:37:
         e0:94:d8:41:a9:66:fa:c1:5e:08:02:20:8e:fe:a1:a1:44:79:
         68:db:80:a3:88:a1:6e:7a:2a:df:20:d6:52:fb:56:16:63:8c:
         ee:2d:83:f3:cc:89:89:c6:d1:2f:58:4a:c3:e7:1e:51:25:17:
         8c:0b:db:89:d9:57:7d:14:37:b6:4d:8e:6b:e6:14:5d:fd:99:
         7e:52:b5:e6:a0:9b:e2:59:f8:71:fa:2b:4a:c7:49:4f:17:19:
         41:d2:8d:c6:42:f8:d2:22:53:b3:31:84:5b:30:d2:c7:9b:cd:
         a8:0d:10:9e:bc:d7:51:0f:8f:69:b4:71:92:4f:ac:ec:e8:2d:
         6d:a1:c8:29
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbcLwM/2jWmEZbmws+VK4eBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzEzMTgxNTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzMyMmRmNmMyYTViYzAzZTI2ZWMzZTUzYzJkMzlkZDVmNWJiN2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjrIvrPSxe6dnDs+f9HJyHLYhQwp5
UZg0HlulfWH/+vN6zWmU5ppe1MJKqzkB4GsPIjrT/vz+n9l9TaLSgeW5yyMZ51sz
KFxmUC+CE+RlzpYjcIl31FsnmeH/uJLkKqczSRwauAbmGSVhx50OYgvQVqZcYilF
oPaN3ZWMrifkeTDku9ja0xaabIPJ3+jBzEtB6gRvyevutyNEfHe+itv4ELWDnRiu
3Ncmraza5q4RhSuwgXe6uhpJQg+8hUg05w7ObhgCFQn/tKof2a8U0w//fBB6ng9F
Wl1spNacHJQwwJWRCLJ5c+35PFAt3C6Q3+e3I+zH/6xivE+/LgHQArfS0wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDMyLfbCpbwD4m7D5TwtOd1fW7foMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvTXpJdDlzS2x2QVBpYnNQbFBDMDUzVjlidC1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAETsdGFsjgqMAPcL2ogN
SJT7fgFIW0nopeiYAZNTY5RQ564RMqNr0ELemFrNRASgYlJDV9X040wiWZ8O/thi
6rjTTxG6iXew5NSrHE19yWojQ82nV42kegNJdpHbHKr/vi2m2mMzxPTumqjZLVOa
zGKsoIkL7At/saKK0zpvN+CU2EGpZvrBXggCII7+oaFEeWjbgKOIoW56Kt8g1lL7
VhZjjO4tg/PMiYnG0S9YSsPnHlElF4wL24nZV30UN7ZNjmvmFF39mX5Steagm+JZ
+HH6K0rHSU8XGUHSjcZC+NIiU7MxhFsw0sebzagNEJ6811EPj2m0cZJPrOzoLW2h
yCk=
-----END CERTIFICATE-----