Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/NmfBGhBHAlb-6DP0lvfaxzzsNT8.roa
File:                     NmfBGhBHAlb-6DP0lvfaxzzsNT8.roa (raw, json)
Hash identifier:          rC3QcJdu9fG/t3IO71/oTdXbCfEK8KVnizLJZXOJkaY=
Subject key identifier:   36:67:C1:1A:10:47:02:56:FE:E8:33:F4:96:F7:DA:C7:3C:EC:35:3F
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018822F74138F169D7FD5CC4B51864C8DA17
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/NmfBGhBHAlb-6DP0lvfaxzzsNT8.roa
Signing time:             Tue 16 May 2023 05:10:09 +0000
ROA not before:           Tue 16 May 2023 05:10:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:22:f7:41:38:f1:69:d7:fd:5c:c4:b5:18:64:c8:da:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 16 05:10:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3667c11a10470256fee833f496f7dac73cec353f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:af:cd:33:74:ab:64:20:8b:4f:cc:94:31:0d:
                    77:4b:9e:6e:d0:e3:82:85:07:dd:af:b1:05:4b:0e:
                    cc:10:db:d1:46:9d:b9:12:4f:89:39:01:f5:a9:5d:
                    68:95:74:8b:9f:4d:8c:95:45:2d:cc:49:b7:2e:82:
                    cd:ae:9d:ef:eb:8e:85:96:1d:17:b5:ea:56:4f:5e:
                    4e:80:2f:23:a6:1e:ce:d7:18:8b:a0:59:51:75:64:
                    44:c3:3f:c1:d7:2e:7d:53:7b:d6:4f:67:ad:a2:af:
                    ad:79:60:2c:9a:8e:2a:5f:f9:e1:60:94:55:67:d2:
                    0c:03:f4:c2:92:72:0c:8d:ac:1b:d8:69:9b:df:d4:
                    32:79:18:c7:a0:9f:cc:eb:07:06:e1:75:5d:64:e7:
                    52:93:71:e9:6f:d1:5d:88:64:13:1d:04:25:63:9c:
                    5f:ad:77:8a:8a:c6:a6:64:fb:c7:04:48:e3:c1:55:
                    14:30:61:70:71:90:ba:75:7a:1d:6a:31:6a:a4:a7:
                    44:bd:6f:88:9e:d8:2e:28:38:0e:4d:8d:6d:07:df:
                    b4:09:23:12:70:18:3c:36:27:22:01:09:63:d4:5a:
                    92:24:0c:82:68:91:31:bc:54:ed:26:a6:1a:56:0d:
                    09:7f:6b:d2:12:1d:a4:73:df:7b:bd:97:f6:2d:98:
                    72:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:67:C1:1A:10:47:02:56:FE:E8:33:F4:96:F7:DA:C7:3C:EC:35:3F
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/NmfBGhBHAlb-6DP0lvfaxzzsNT8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         44:ac:90:62:02:ed:cb:dd:18:c9:7f:f0:d1:e5:69:40:17:01:
         75:ac:4d:be:7c:2d:01:1f:5a:91:64:04:0c:f0:50:14:e1:b4:
         9c:5a:f7:53:cb:d7:ec:18:8a:4b:43:49:71:78:4b:3c:95:0b:
         d2:99:64:60:16:63:9c:ca:ec:bd:c6:0b:6d:a5:88:92:98:e5:
         d3:33:e3:28:ba:45:a2:bb:ef:e2:c8:d3:cd:a0:3e:00:5e:1c:
         d2:1a:0d:f4:c9:bc:2c:09:84:8b:8d:ec:c4:68:f5:61:5d:f9:
         1e:ec:fc:78:d6:cd:91:c4:7b:00:a2:f9:c5:ee:4c:69:7d:23:
         fc:4d:1b:5e:33:2b:fe:fd:2f:b2:f7:95:e9:d1:90:44:d2:28:
         4a:52:cc:91:79:ab:77:5c:90:9a:8b:87:48:32:26:ce:3a:55:
         6f:ac:aa:b8:57:ab:00:9c:a2:d9:83:bb:aa:80:b5:2b:d6:f6:
         cd:b1:13:74:3e:5b:64:aa:74:8b:20:cb:95:b1:1b:bd:c7:e7:
         f5:c7:e9:8c:02:52:60:70:e3:4a:ef:85:76:43:54:d3:26:df:
         8e:04:c6:38:fb:a7:bb:11:af:8c:a4:6f:88:2c:8f:7f:73:fa:
         a5:f6:4f:b7:09:fd:d7:bb:9f:94:88:f5:f3:cf:aa:22:34:b9:
         ef:fd:06:48
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgi90E48WnX/VzEtRhkyNoXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTE2MDUxMDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjY3YzExYTEwNDcwMjU2ZmVlODMzZjQ5NmY3ZGFjNzNjZWMzNTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgK/NM3SrZCCLT8yUMQ13S55u0OOC
hQfdr7EFSw7MENvRRp25Ek+JOQH1qV1olXSLn02MlUUtzEm3LoLNrp3v646Flh0X
tepWT15OgC8jph7O1xiLoFlRdWREwz/B1y59U3vWT2etoq+teWAsmo4qX/nhYJRV
Z9IMA/TCknIMjawb2Gmb39QyeRjHoJ/M6wcG4XVdZOdSk3Hpb9FdiGQTHQQlY5xf
rXeKisamZPvHBEjjwVUUMGFwcZC6dXodajFqpKdEvW+IntguKDgOTY1tB9+0CSMS
cBg8NiciAQlj1FqSJAyCaJExvFTtJqYaVg0Jf2vSEh2kc997vZf2LZhyKwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDZnwRoQRwJW/ugz9Jb32sc87DU/MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvTm1mQkdoQkhBbGItNkRQMGx2ZmF4enpzTlQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAESskGIC7cvdGMl/8NHl
aUAXAXWsTb58LQEfWpFkBAzwUBThtJxa91PL1+wYiktDSXF4SzyVC9KZZGAWY5zK
7L3GC22liJKY5dMz4yi6RaK77+LI082gPgBeHNIaDfTJvCwJhIuN7MRo9WFd+R7s
/HjWzZHEewCi+cXuTGl9I/xNG14zK/79L7L3lenRkETSKEpSzJF5q3dckJqLh0gy
Js46VW+sqrhXqwCcotmDu6qAtSvW9s2xE3Q+W2SqdIsgy5WxG73H5/XH6YwCUmBw
40rvhXZDVNMm344Exjj7p7sRr4ykb4gsj39z+qX2T7cJ/de7n5SI9fPPqiI0ue/9
Bkg=
-----END CERTIFICATE-----