Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OGDp9WPpxAYvDI87rSUN_J0FQEs.roa
File:                     OGDp9WPpxAYvDI87rSUN_J0FQEs.roa (raw, json)
Hash identifier:          SSYA8EdsaX0+JhMRAkyl97g5fcavRLwYfdpvvTQT5hk=
Subject key identifier:   38:60:E9:F5:63:E9:C4:06:2F:0C:8F:3B:AD:25:0D:FC:9D:05:40:4B
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187465CB9FEE019C9C2C18619AFFED80025
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OGDp9WPpxAYvDI87rSUN_J0FQEs.roa
Signing time:             Mon 03 Apr 2023 09:04:54 +0000
ROA not before:           Mon 03 Apr 2023 09:04:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:187:465c:41ba/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:46:5c:b9:fe:e0:19:c9:c2:c1:86:19:af:fe:d8:00:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  3 09:04:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3860e9f563e9c4062f0c8f3bad250dfc9d05404b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:23:86:93:26:e7:47:f7:2e:0a:4d:38:1c:69:
                    9c:48:0f:ac:57:53:2b:90:04:06:82:25:7c:66:fb:
                    7a:9f:ee:b6:09:fe:eb:45:53:9d:64:44:f8:3d:18:
                    f0:01:a8:8f:71:ca:85:d1:87:d4:82:d7:3b:a6:bc:
                    58:57:c0:00:2a:34:39:88:bc:42:fb:e4:75:02:86:
                    5d:25:cb:31:cf:9b:be:e2:a5:0f:5f:03:fc:18:9c:
                    cd:26:a3:00:5f:7d:bd:96:30:9a:43:ed:77:a5:33:
                    35:e9:b3:f2:41:db:06:ab:9e:0a:c9:35:af:ad:1d:
                    6f:86:e3:4a:25:54:a3:82:b1:8d:99:8c:66:5a:26:
                    9d:d4:0e:49:c7:78:17:3f:d8:85:c9:26:52:cc:83:
                    a7:41:c5:54:5b:c2:a5:35:0d:1c:8b:33:45:dd:df:
                    a8:26:e2:28:bb:e2:f7:c0:05:ae:0a:33:37:b3:c7:
                    14:bd:fd:48:ab:a9:96:86:61:27:97:d9:71:9a:c4:
                    e8:77:8b:43:7a:32:ed:89:c1:cd:5e:da:17:68:c5:
                    e9:4a:1d:54:8b:09:94:2d:9f:e5:f7:e0:63:60:69:
                    b4:20:8f:50:c1:d5:31:cb:9b:4e:54:22:36:40:12:
                    0a:3f:7e:d3:f5:c5:d1:a5:68:be:d9:e5:ad:46:b2:
                    c1:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:60:E9:F5:63:E9:C4:06:2F:0C:8F:3B:AD:25:0D:FC:9D:05:40:4B
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OGDp9WPpxAYvDI87rSUN_J0FQEs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:5e:af:61:53:27:7f:53:66:b2:33:4b:e6:c4:f9:98:f5:1a:
         ea:1d:ef:6a:e4:e5:37:f6:53:a7:d4:d0:26:ef:2d:73:fb:78:
         18:b2:f2:54:65:bd:52:75:ed:24:ce:ea:05:1e:31:72:99:77:
         aa:b1:d4:90:4b:21:15:91:09:08:8d:81:96:39:80:e9:46:36:
         c5:21:47:a9:62:7e:ff:12:f1:24:1d:87:19:e4:0f:10:2c:25:
         58:40:6e:9e:83:7b:56:a8:34:cc:f3:9c:a9:6f:0a:5a:32:cf:
         07:1f:d5:c5:03:5f:07:e7:e6:87:85:6f:5e:6d:94:9b:98:62:
         c3:dd:3f:11:54:2a:59:51:d6:8f:40:8e:3a:26:dd:46:b3:ec:
         71:f8:75:d2:74:4f:fc:96:e3:8b:65:24:89:dc:5f:dc:4b:97:
         e4:96:46:4b:9f:1b:ef:f4:f1:de:71:e8:47:de:96:83:2c:13:
         8e:d5:62:a9:73:0b:45:02:36:39:d1:ff:4a:57:90:31:d7:fb:
         4b:30:51:ef:5b:4b:4c:d9:8f:83:5e:a6:59:b5:e8:ea:d5:cd:
         a9:79:04:39:0a:ae:70:e1:05:28:81:06:c3:53:04:d1:31:41:
         e6:22:f5:32:b6:d7:35:8d:c0:56:b3:81:e3:78:19:e5:a6:21:
         e3:62:20:b9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdGXLn+4BnJwsGGGa/+2AAlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDAzMDkwNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODYwZTlmNTYzZTljNDA2MmYwYzhmM2JhZDI1MGRmYzlkMDU0MDRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriOGkybnR/cuCk04HGmcSA+sV1Mr
kAQGgiV8Zvt6n+62Cf7rRVOdZET4PRjwAaiPccqF0YfUgtc7prxYV8AAKjQ5iLxC
++R1AoZdJcsxz5u+4qUPXwP8GJzNJqMAX329ljCaQ+13pTM16bPyQdsGq54KyTWv
rR1vhuNKJVSjgrGNmYxmWiad1A5Jx3gXP9iFySZSzIOnQcVUW8KlNQ0cizNF3d+o
JuIou+L3wAWuCjM3s8cUvf1Iq6mWhmEnl9lxmsTod4tDejLticHNXtoXaMXpSh1U
iwmULZ/l9+BjYGm0II9QwdUxy5tOVCI2QBIKP37T9cXRpWi+2eWtRrLBSwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDhg6fVj6cQGLwyPO60lDfydBUBLMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvT0dEcDlXUHB4QVl2REk4N3JTVU5fSjBGUUVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJ5er2FTJ39TZrIzS+bE
+Zj1Guod72rk5Tf2U6fU0CbvLXP7eBiy8lRlvVJ17STO6gUeMXKZd6qx1JBLIRWR
CQiNgZY5gOlGNsUhR6lifv8S8SQdhxnkDxAsJVhAbp6De1aoNMzznKlvCloyzwcf
1cUDXwfn5oeFb15tlJuYYsPdPxFUKllR1o9Ajjom3Uaz7HH4ddJ0T/yW44tlJInc
X9xLl+SWRkufG+/08d5x6EfeloMsE47VYqlzC0UCNjnR/0pXkDHX+0swUe9bS0zZ
j4Neplm16OrVzal5BDkKrnDhBSiBBsNTBNExQeYi9TK21zWNwFazgeN4GeWmIeNi
ILk=
-----END CERTIFICATE-----