Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OM6JvvtZoeLYEKuZqPM_Ej-mRKM.roa
File:                     OM6JvvtZoeLYEKuZqPM_Ej-mRKM.roa (raw, json)
Hash identifier:          XV9D60MvjkNd8W5/wHRKWE+eykZi2s3rZVUCYHmS3DQ=
Subject key identifier:   38:CE:89:BE:FB:59:A1:E2:D8:10:AB:99:A8:F3:3F:12:3F:A6:44:A3
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187AB71E95699F872FF8414D2AD3D8335A3
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OM6JvvtZoeLYEKuZqPM_Ej-mRKM.roa
Signing time:             Sun 23 Apr 2023 00:09:41 +0000
ROA not before:           Sun 23 Apr 2023 00:09:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:ab:71:e9:56:99:f8:72:ff:84:14:d2:ad:3d:83:35:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 23 00:09:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=38ce89befb59a1e2d810ab99a8f33f123fa644a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:96:9b:d8:6f:b3:36:e7:49:95:51:9a:88:f4:
                    dd:ac:51:72:dc:ad:8a:00:e7:b1:e0:d1:16:f6:ee:
                    be:fa:1a:57:35:12:d2:c8:2f:a6:e5:ca:0e:63:dc:
                    43:fc:38:70:6f:3e:7e:59:5c:1a:94:ac:e0:cd:b6:
                    86:41:58:a2:8d:cd:eb:74:e2:51:35:af:6a:46:cc:
                    a4:0c:4e:f2:c6:c5:5c:49:a2:ad:9a:5d:27:18:b1:
                    67:c9:ce:d3:4f:57:c2:f1:c6:87:ac:6b:fe:f2:27:
                    96:0c:92:21:c9:0b:d4:2f:b0:0d:d8:b8:c5:d9:8e:
                    3c:28:db:4b:c6:71:2d:c2:15:1f:13:34:16:eb:26:
                    7e:df:2b:8c:02:7b:c6:c7:d0:22:a6:08:4e:7d:95:
                    3a:df:1f:88:20:6c:eb:80:77:d0:6d:30:1d:d4:d4:
                    38:a8:2f:e1:5c:6e:44:e5:91:46:01:a2:77:c9:b4:
                    da:af:3b:86:cc:20:4f:19:50:9d:ac:c7:f2:73:21:
                    9d:5a:c8:2d:b7:18:0e:cb:3a:82:bc:db:1c:b7:70:
                    32:2b:2d:29:f5:a0:9e:72:bb:6b:b1:32:49:cf:39:
                    d3:f7:2b:0b:17:30:07:84:8e:4c:10:de:6b:c9:67:
                    3c:27:51:78:65:be:b1:e9:86:1b:20:5b:41:84:27:
                    db:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:CE:89:BE:FB:59:A1:E2:D8:10:AB:99:A8:F3:3F:12:3F:A6:44:A3
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OM6JvvtZoeLYEKuZqPM_Ej-mRKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:f1:71:e5:15:4d:1f:e7:22:0d:4e:d9:73:dc:2f:98:2f:8f:
         e6:45:22:be:f5:2d:71:50:79:1a:98:d3:37:ab:7e:6c:4c:f9:
         d8:1f:81:18:fd:2c:b2:ff:22:ea:73:bd:ad:0b:9e:16:7c:bd:
         42:03:e9:3e:01:4c:43:10:42:14:92:32:84:a6:10:80:67:b5:
         01:79:f7:85:9c:5e:2b:50:91:d3:ea:22:47:63:71:1e:8e:8b:
         66:e5:07:22:2d:b1:c7:ca:b8:a7:34:97:73:77:39:fc:0e:53:
         b4:8b:38:5b:84:86:4c:7d:84:32:ab:ac:00:98:59:ba:c3:ed:
         21:e7:4c:35:a8:df:16:e9:79:73:f0:09:74:97:24:6e:00:9e:
         60:3c:ba:6e:c9:d2:31:7d:87:43:85:ba:e8:2a:bd:f8:bb:a0:
         cd:c3:b0:0d:ac:d4:1f:cc:a6:f4:08:6d:32:3d:fc:3f:94:ae:
         aa:6d:61:25:95:1e:03:3f:d6:a2:17:c5:d2:e7:b1:be:79:96:
         33:b2:60:83:1d:7a:a3:30:2b:23:b9:49:18:45:22:a0:64:15:
         1b:30:b6:88:e0:ad:be:e0:8b:3e:23:7e:7b:06:72:20:93:37:
         6a:05:b4:05:a3:e6:a0:37:e3:32:dc:4f:9d:1e:b8:9e:9d:fb:
         c6:c5:d7:af
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYercelWmfhy/4QU0q09gzWjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDIzMDAwOTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGNlODliZWZiNTlhMWUyZDgxMGFiOTlhOGYzM2YxMjNmYTY0NGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAppab2G+zNudJlVGaiPTdrFFy3K2K
AOex4NEW9u6++hpXNRLSyC+m5coOY9xD/Dhwbz5+WVwalKzgzbaGQViijc3rdOJR
Na9qRsykDE7yxsVcSaKtml0nGLFnyc7TT1fC8caHrGv+8ieWDJIhyQvUL7AN2LjF
2Y48KNtLxnEtwhUfEzQW6yZ+3yuMAnvGx9AipghOfZU63x+IIGzrgHfQbTAd1NQ4
qC/hXG5E5ZFGAaJ3ybTarzuGzCBPGVCdrMfycyGdWsgttxgOyzqCvNsct3AyKy0p
9aCecrtrsTJJzznT9ysLFzAHhI5MEN5ryWc8J1F4Zb6x6YYbIFtBhCfbSwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDjOib77WaHi2BCrmajzPxI/pkSjMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvT002SnZ2dFpvZUxZRUt1WnFQTV9Fai1tUktNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFDxceUVTR/nIg1O2XPc
L5gvj+ZFIr71LXFQeRqY0zerfmxM+dgfgRj9LLL/Iupzva0LnhZ8vUID6T4BTEMQ
QhSSMoSmEIBntQF594WcXitQkdPqIkdjcR6Oi2blByItscfKuKc0l3N3OfwOU7SL
OFuEhkx9hDKrrACYWbrD7SHnTDWo3xbpeXPwCXSXJG4AnmA8um7J0jF9h0OFuugq
vfi7oM3DsA2s1B/MpvQIbTI9/D+UrqptYSWVHgM/1qIXxdLnsb55ljOyYIMdeqMw
KyO5SRhFIqBkFRswtojgrb7giz4jfnsGciCTN2oFtAWj5qA34zLcT50euJ6d+8bF
168=
-----END CERTIFICATE-----