Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/O25eyIvsxqoIrWb8yhfWPECHuLg.roa
File:                     O25eyIvsxqoIrWb8yhfWPECHuLg.roa (raw, json)
Hash identifier:          gM4zpz0IzphLaFpMrWl4HwSMznr178JZhkYrlq9dBbg=
Subject key identifier:   3B:6E:5E:C8:8B:EC:C6:AA:08:AD:66:FC:CA:17:D6:3C:40:87:B8:B8
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01894DE269BAD46FF9B908C41E6F73761D77
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/O25eyIvsxqoIrWb8yhfWPECHuLg.roa
Signing time:             Thu 13 Jul 2023 06:13:51 +0000
ROA not before:           Thu 13 Jul 2023 06:13:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:4d:e2:69:ba:d4:6f:f9:b9:08:c4:1e:6f:73:76:1d:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 13 06:13:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3b6e5ec88becc6aa08ad66fcca17d63c4087b8b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:10:6d:ed:af:4a:0d:31:bd:e3:f7:3b:44:d6:
                    9b:46:9d:50:e2:9a:eb:74:f4:91:90:b8:9b:3c:92:
                    42:bb:9a:bf:0e:f4:a2:7e:5b:f3:b6:62:e7:2e:f6:
                    18:18:a5:eb:83:f5:b1:eb:fd:ee:2a:45:89:59:b6:
                    2d:5b:5e:cb:f4:6e:19:45:0e:1c:43:5b:9e:d4:de:
                    2b:4d:73:5c:b4:04:1c:0b:a0:69:00:94:43:77:4b:
                    b8:2c:80:82:7b:bb:0a:7c:29:e9:b7:b8:b2:0b:e4:
                    8f:8a:b7:74:7d:db:b1:0e:cc:42:7e:e5:eb:cb:2b:
                    ba:b9:a0:4a:91:0c:11:51:7c:63:5e:33:14:5a:8a:
                    0d:6e:ba:d1:55:d9:17:d7:66:88:fb:78:24:64:67:
                    b6:89:a9:e8:17:4c:41:a2:75:b8:6d:a9:cf:7d:dd:
                    ab:a8:66:7d:1e:8a:69:49:78:5a:26:48:9e:d8:5a:
                    9c:c9:06:63:d5:36:bd:2f:71:3c:cb:58:e8:3c:e9:
                    8b:1d:42:92:9b:4d:a1:b5:c6:46:ee:62:91:67:33:
                    f1:71:72:ed:44:63:af:94:17:30:21:d9:fd:9e:05:
                    24:e7:38:c1:9e:d1:a8:37:bc:64:f2:59:d5:f6:96:
                    7f:ec:eb:f8:96:fb:0c:79:4f:a1:fd:56:2d:0e:79:
                    6f:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:6E:5E:C8:8B:EC:C6:AA:08:AD:66:FC:CA:17:D6:3C:40:87:B8:B8
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/O25eyIvsxqoIrWb8yhfWPECHuLg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a1:80:d7:4f:bf:04:a6:9b:d9:d0:8a:dd:32:50:3d:4f:3a:79:
         77:d3:51:82:a6:f1:c9:fe:f5:39:e8:34:cb:3a:f4:00:d8:a9:
         cd:1b:68:e5:1c:73:74:41:7c:11:15:d2:4e:de:8f:c4:c8:76:
         9e:c8:df:b3:f2:26:97:31:84:5d:4f:7d:2c:b6:c5:a4:4f:75:
         1a:94:7d:93:cf:10:93:ce:d5:d9:42:13:4a:a2:9f:d1:96:42:
         5d:95:cd:81:17:7e:c3:a0:9c:4a:34:47:65:44:4c:5a:7d:86:
         f6:d4:89:9f:0c:86:73:63:bd:25:68:c4:2b:62:be:47:28:ec:
         1c:31:75:e5:30:13:70:42:93:2b:cd:97:7f:5c:d7:cb:e7:9b:
         f8:2e:c1:58:a3:a2:e1:24:ed:84:33:4b:5e:32:df:63:db:1f:
         38:9f:2e:98:eb:63:5a:11:d8:dd:d5:a8:04:ed:c0:a2:aa:22:
         2e:85:64:52:43:53:01:af:3b:22:79:6a:d9:5c:66:8d:1c:3b:
         4a:6f:b5:e6:cf:5b:f1:29:18:cf:b7:95:7c:72:ae:c2:91:7a:
         91:cb:3d:33:b1:b8:1a:e2:89:18:81:25:4b:0a:a1:fb:20:57:
         82:57:52:65:19:ac:93:7b:3f:a6:05:91:0c:94:c2:c8:f9:fe:
         a5:12:57:46
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlN4mm61G/5uQjEHm9zdh13MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzEzMDYxMzUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjZlNWVjODhiZWNjNmFhMDhhZDY2ZmNjYTE3ZDYzYzQwODdiOGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9hBt7a9KDTG94/c7RNabRp1Q4prr
dPSRkLibPJJCu5q/DvSiflvztmLnLvYYGKXrg/Wx6/3uKkWJWbYtW17L9G4ZRQ4c
Q1ue1N4rTXNctAQcC6BpAJRDd0u4LICCe7sKfCnpt7iyC+SPird0fduxDsxCfuXr
yyu6uaBKkQwRUXxjXjMUWooNbrrRVdkX12aI+3gkZGe2ianoF0xBonW4banPfd2r
qGZ9HoppSXhaJkie2FqcyQZj1Ta9L3E8y1joPOmLHUKSm02htcZG7mKRZzPxcXLt
RGOvlBcwIdn9ngUk5zjBntGoN7xk8lnV9pZ/7Ov4lvsMeU+h/VYtDnlvKQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDtuXsiL7MaqCK1m/MoX1jxAh7i4MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvTzI1ZXlJdnN4cW9JcldiOHloZldQRUNIdUxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKGA10+/BKab2dCK3TJQ
PU86eXfTUYKm8cn+9TnoNMs69ADYqc0baOUcc3RBfBEV0k7ej8TIdp7I37PyJpcx
hF1PfSy2xaRPdRqUfZPPEJPO1dlCE0qin9GWQl2VzYEXfsOgnEo0R2VETFp9hvbU
iZ8MhnNjvSVoxCtivkco7BwxdeUwE3BCkyvNl39c18vnm/guwVijouEk7YQzS14y
32PbHzifLpjrY1oR2N3VqATtwKKqIi6FZFJDUwGvOyJ5atlcZo0cO0pvtebPW/Ep
GM+3lXxyrsKRepHLPTOxuBriiRiBJUsKofsgV4JXUmUZrJN7P6YFkQyUwsj5/qUS
V0Y=
-----END CERTIFICATE-----