Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OSxhPMwIijRUc378g2KVZiXzNxw.roa
File:                     OSxhPMwIijRUc378g2KVZiXzNxw.roa (raw, json)
Hash identifier:          dCpWUeXCT3DkrZCYS1Yd5Yx9sx5TASPw+Ot+2Ea0Dks=
Subject key identifier:   39:2C:61:3C:CC:08:8A:34:54:73:7E:FC:83:62:95:66:25:F3:37:1C
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186D964E4F4B7B6E5905CEBA3BDE99FB605
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OSxhPMwIijRUc378g2KVZiXzNxw.roa
Signing time:             Mon 13 Mar 2023 05:15:13 +0000
ROA not before:           Mon 13 Mar 2023 05:15:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:d9:64:e4:f4:b7:b6:e5:90:5c:eb:a3:bd:e9:9f:b6:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 13 05:15:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=392c613ccc088a3454737efc8362956625f3371c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:e5:b2:d0:72:12:e0:10:9e:91:8a:93:11:ed:
                    63:0a:0d:c3:f4:da:b9:f8:6e:83:81:06:b1:03:ee:
                    91:c9:f5:57:bd:4a:6a:38:dd:da:21:5b:fc:63:3d:
                    2b:bd:d0:34:bb:cf:35:59:1a:1d:a8:b2:21:25:6f:
                    0d:ec:e6:01:85:99:f9:21:03:64:b8:68:59:48:93:
                    87:f8:fb:bc:84:79:ff:80:2b:4e:c8:dc:20:60:0e:
                    04:51:64:7b:ee:5e:c1:16:aa:0d:eb:9c:6d:da:41:
                    d0:30:08:aa:63:e1:78:77:88:41:7e:98:31:8c:de:
                    74:b8:a0:8e:cc:0f:46:10:73:85:58:91:9d:2d:b1:
                    ad:d2:42:56:11:de:9a:f8:d4:ae:ab:db:c5:9e:a4:
                    86:47:03:89:06:cc:66:56:ec:c0:f2:0a:72:54:a7:
                    5f:e3:d7:83:80:35:78:7d:57:60:d9:8c:9d:4f:37:
                    74:d2:a4:58:38:ab:9e:be:a5:62:3f:88:48:c5:e5:
                    c4:7c:01:ae:6c:e5:f9:5e:90:d5:9b:1e:13:1b:8d:
                    73:e2:51:7e:6f:a7:84:a5:cd:92:0e:b8:90:52:8d:
                    84:42:68:c5:e6:b4:71:d0:dc:ae:86:6f:5c:ee:2c:
                    da:0f:aa:d0:22:ba:33:72:0d:7b:72:a5:ca:bc:4c:
                    97:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:2C:61:3C:CC:08:8A:34:54:73:7E:FC:83:62:95:66:25:F3:37:1C
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OSxhPMwIijRUc378g2KVZiXzNxw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         42:b3:bf:c6:0e:bc:fa:cf:75:5f:37:91:66:16:79:6e:ce:32:
         e0:25:61:96:dc:75:56:c8:fd:53:dc:27:3f:6f:0e:24:9a:da:
         42:1f:3d:ca:b3:57:4c:fd:d8:a0:55:c3:a8:8c:79:f5:54:4a:
         ef:d6:45:7d:43:a7:8c:2f:4a:eb:f1:51:60:ca:ce:74:3e:f6:
         a7:ae:1c:0c:85:01:5e:eb:af:98:03:06:1a:d6:cf:ab:fc:ec:
         55:6a:cc:6d:58:16:5b:da:9d:b1:63:33:dc:ac:b4:c7:85:82:
         d3:99:72:67:00:56:8c:21:55:9c:2f:d7:46:07:c5:44:b6:9a:
         c5:c0:8f:da:59:5e:c4:43:f1:87:9a:9c:63:eb:bf:51:78:ab:
         57:b6:3e:d5:50:1c:6e:6c:c1:f1:9c:dc:8d:67:52:a5:70:d8:
         b3:33:bb:1e:f1:4a:7e:99:80:77:a3:ec:e4:b2:73:cf:c3:55:
         f6:4d:97:41:9d:d9:f1:42:e3:31:8b:d9:0c:0c:b7:59:f1:ca:
         19:2a:b7:d5:18:6c:4e:1c:76:45:ef:e8:c9:4c:1c:d2:ef:2c:
         05:62:86:0c:91:0b:25:47:22:de:97:be:7a:bc:41:d0:d8:f4:
         a9:d7:c4:b9:77:a1:f9:c1:60:52:8a:34:7a:ea:2a:9f:be:5c:
         72:64:80:38
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbZZOT0t7blkFzro73pn7YFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzEzMDUxNTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTJjNjEzY2NjMDg4YTM0NTQ3MzdlZmM4MzYyOTU2NjI1ZjMzNzFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6uWy0HIS4BCekYqTEe1jCg3D9Nq5
+G6DgQaxA+6RyfVXvUpqON3aIVv8Yz0rvdA0u881WRodqLIhJW8N7OYBhZn5IQNk
uGhZSJOH+Pu8hHn/gCtOyNwgYA4EUWR77l7BFqoN65xt2kHQMAiqY+F4d4hBfpgx
jN50uKCOzA9GEHOFWJGdLbGt0kJWEd6a+NSuq9vFnqSGRwOJBsxmVuzA8gpyVKdf
49eDgDV4fVdg2YydTzd00qRYOKuevqViP4hIxeXEfAGubOX5XpDVmx4TG41z4lF+
b6eEpc2SDriQUo2EQmjF5rRx0Nyuhm9c7izaD6rQIrozcg17cqXKvEyXVwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDksYTzMCIo0VHN+/INilWYl8zccMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvT1N4aFBNd0lpalJVYzM3OGcyS1ZaaVh6Tnh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEKzv8YOvPrPdV83kWYW
eW7OMuAlYZbcdVbI/VPcJz9vDiSa2kIfPcqzV0z92KBVw6iMefVUSu/WRX1Dp4wv
SuvxUWDKznQ+9qeuHAyFAV7rr5gDBhrWz6v87FVqzG1YFlvanbFjM9ystMeFgtOZ
cmcAVowhVZwv10YHxUS2msXAj9pZXsRD8YeanGPrv1F4q1e2PtVQHG5swfGc3I1n
UqVw2LMzux7xSn6ZgHej7OSyc8/DVfZNl0Gd2fFC4zGL2QwMt1nxyhkqt9UYbE4c
dkXv6MlMHNLvLAVihgyRCyVHIt6Xvnq8QdDY9KnXxLl3ofnBYFKKNHrqKp++XHJk
gDg=
-----END CERTIFICATE-----