Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/NjR8pk0rPP_4fIVRd7IQWN1UhMk.roa
File:                     NjR8pk0rPP_4fIVRd7IQWN1UhMk.roa (raw, json)
Hash identifier:          JgctHLoyQCEzUkpTjyIUwoPIto6tH/9dT2ATO2PAWdk=
Subject key identifier:   36:34:7C:A6:4D:2B:3C:FF:F8:7C:85:51:77:B2:10:58:DD:54:84:C9
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187C977C2E397A02314E1BF0EC1C4CA5AE4
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/NjR8pk0rPP_4fIVRd7IQWN1UhMk.roa
Signing time:             Fri 28 Apr 2023 20:04:41 +0000
ROA not before:           Fri 28 Apr 2023 20:04:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:187:c977:120c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:c9:77:c2:e3:97:a0:23:14:e1:bf:0e:c1:c4:ca:5a:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 28 20:04:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=36347ca64d2b3cfff87c855177b21058dd5484c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:fa:a7:5e:7f:a4:80:1d:11:55:5a:8a:3a:b5:
                    54:f5:c9:58:88:4f:eb:ca:25:89:a9:46:c4:7a:1e:
                    60:e3:e9:0d:5c:0c:58:d1:12:51:70:e3:38:1a:20:
                    f6:44:f1:e9:7c:36:a9:ba:cf:61:62:d1:82:d3:aa:
                    97:94:d5:72:aa:60:88:ed:c3:b0:14:9d:e4:73:b8:
                    69:63:0d:4e:9c:59:0b:f0:24:7e:46:05:b3:41:e2:
                    61:ba:ad:8f:f3:5f:42:c3:0f:ed:24:bd:f9:ab:53:
                    84:65:eb:bd:ad:1d:5b:b7:8f:b5:53:d0:57:6e:ae:
                    7d:14:22:31:74:2b:07:d0:76:c9:c0:d3:af:c9:e0:
                    66:7f:77:f3:56:86:f2:35:7e:d4:c5:a8:19:7c:9d:
                    12:ca:d3:23:35:a2:62:11:6e:02:45:d4:70:ab:01:
                    f7:f9:90:2a:e8:98:e7:f6:96:25:f0:fd:83:81:48:
                    0b:b3:62:91:08:58:bd:6b:d6:e9:20:01:3a:3a:d3:
                    6c:85:19:a5:c5:78:01:ee:75:52:87:97:5d:c3:6b:
                    84:e5:ce:91:9f:31:cf:16:4d:f4:92:dd:1f:12:d4:
                    da:20:fb:43:ec:d5:fe:13:a2:52:f0:e2:3e:ae:a1:
                    43:3e:45:bc:c6:40:2e:58:e2:6b:95:b4:d9:dc:89:
                    8e:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:34:7C:A6:4D:2B:3C:FF:F8:7C:85:51:77:B2:10:58:DD:54:84:C9
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/NjR8pk0rPP_4fIVRd7IQWN1UhMk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         00:14:73:cb:1f:0c:6f:c8:b7:ee:7b:e8:2b:89:63:f4:b3:a5:
         b9:dd:73:5b:df:bc:b7:5a:28:d8:ac:60:46:b0:20:38:19:8d:
         bc:61:9f:92:76:9e:7a:7e:08:a8:1e:ea:4e:33:eb:73:74:75:
         af:69:5e:88:d1:45:2d:53:42:1d:c1:3e:97:1d:b2:61:9c:fa:
         19:8b:39:a4:73:09:c3:71:99:47:2f:97:bc:3b:a8:7b:ec:95:
         80:3f:80:19:f2:46:41:5a:cd:73:ab:7e:fe:74:0d:d6:ee:98:
         be:fd:7c:05:5a:5a:8c:1d:5f:ac:9d:ea:4b:a6:ee:25:bd:cf:
         87:cd:d4:fd:7d:6b:2f:45:35:9c:15:85:ab:f5:b0:08:4d:fc:
         a6:52:90:3c:dc:03:56:e7:44:4a:30:c5:d4:6c:f8:16:5d:3d:
         81:3f:3a:7a:3e:39:49:03:8c:3c:c0:a4:a0:05:09:c4:4c:e3:
         6c:26:6e:f5:c8:60:d6:ff:ad:1d:2b:88:cb:f0:35:78:c4:0d:
         8f:e1:c0:28:4b:6c:78:41:f1:90:50:a0:75:d1:55:cc:6d:05:
         34:15:df:26:dc:ce:ec:fa:ca:96:4d:24:ab:db:0f:f5:e1:80:
         25:91:9a:72:5d:60:e0:dc:8a:eb:2e:f9:88:93:2b:a7:c0:78:
         51:ea:e8:c8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfJd8Ljl6AjFOG/DsHEylrkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDI4MjAwNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjM0N2NhNjRkMmIzY2ZmZjg3Yzg1NTE3N2IyMTA1OGRkNTQ4NGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPqnXn+kgB0RVVqKOrVU9clYiE/r
yiWJqUbEeh5g4+kNXAxY0RJRcOM4GiD2RPHpfDapus9hYtGC06qXlNVyqmCI7cOw
FJ3kc7hpYw1OnFkL8CR+RgWzQeJhuq2P819Cww/tJL35q1OEZeu9rR1bt4+1U9BX
bq59FCIxdCsH0HbJwNOvyeBmf3fzVobyNX7UxagZfJ0SytMjNaJiEW4CRdRwqwH3
+ZAq6Jjn9pYl8P2DgUgLs2KRCFi9a9bpIAE6OtNshRmlxXgB7nVSh5ddw2uE5c6R
nzHPFk30kt0fEtTaIPtD7NX+E6JS8OI+rqFDPkW8xkAuWOJrlbTZ3ImOTwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDY0fKZNKzz/+HyFUXeyEFjdVITJMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvTmpSOHBrMHJQUF80ZklWUmQ3SVFXTjFVaE1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAAUc8sfDG/It+576CuJ
Y/Szpbndc1vfvLdaKNisYEawIDgZjbxhn5J2nnp+CKge6k4z63N0da9pXojRRS1T
Qh3BPpcdsmGc+hmLOaRzCcNxmUcvl7w7qHvslYA/gBnyRkFazXOrfv50DdbumL79
fAVaWowdX6yd6kum7iW9z4fN1P19ay9FNZwVhav1sAhN/KZSkDzcA1bnREowxdRs
+BZdPYE/Ono+OUkDjDzApKAFCcRM42wmbvXIYNb/rR0riMvwNXjEDY/hwChLbHhB
8ZBQoHXRVcxtBTQV3ybczuz6ypZNJKvbD/XhgCWRmnJdYODciusu+YiTK6fAeFHq
6Mg=
-----END CERTIFICATE-----