Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OahZLrnr35FoDZSLMzfvY-c0ASU.roa
File:                     OahZLrnr35FoDZSLMzfvY-c0ASU.roa (raw, json)
Hash identifier:          ifj+R2IZOc42FbuXn1hB9J0LpbHGqtCE1VJg05oZWhM=
Subject key identifier:   39:A8:59:2E:B9:EB:DF:91:68:0D:94:8B:33:37:EF:63:E7:34:01:25
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018768ED69D12C9A978D3AEC764A06BF544D
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OahZLrnr35FoDZSLMzfvY-c0ASU.roa
Signing time:             Mon 10 Apr 2023 02:10:02 +0000
ROA not before:           Mon 10 Apr 2023 02:10:02 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:68:ed:69:d1:2c:9a:97:8d:3a:ec:76:4a:06:bf:54:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 10 02:10:02 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=39a8592eb9ebdf91680d948b3337ef63e7340125
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:4a:0d:5f:76:e1:80:71:55:49:88:4f:ac:04:
                    bb:61:a6:ff:88:54:96:7a:9d:24:20:30:20:a1:2c:
                    66:47:a0:fb:97:f1:d0:0b:87:b5:c2:5e:d0:55:5d:
                    d6:14:7e:44:76:13:d1:12:53:8a:f1:fe:ef:cf:81:
                    84:f6:87:f5:67:96:4e:3f:b8:2e:67:4d:dc:ea:ee:
                    03:9b:a2:28:05:23:5d:8e:4e:46:88:7c:b2:c1:9d:
                    26:fc:8d:44:49:1c:8d:bf:6c:be:ff:67:69:71:15:
                    bc:8b:4f:ca:44:63:60:93:33:7d:74:10:48:be:fc:
                    d7:7f:e0:8d:7d:a2:e4:64:81:0b:ae:7e:e5:66:55:
                    d4:2e:dc:ff:ad:48:07:ec:18:44:16:64:24:fe:d2:
                    ac:91:82:0b:e1:e5:43:09:5c:9d:35:42:25:c8:55:
                    67:81:d6:d7:08:76:d3:9a:33:7d:6a:95:c3:78:0d:
                    48:c5:58:22:e0:11:68:70:72:b9:65:33:cd:5d:57:
                    d3:18:ea:a8:15:37:10:03:6b:76:8d:a3:c3:6b:21:
                    56:04:03:df:26:9a:c8:08:9e:88:dd:54:d7:d0:cd:
                    be:a8:05:f0:35:44:c6:30:99:3e:fa:1a:74:1d:13:
                    8f:6c:5b:33:99:ab:3c:be:59:9e:b1:fb:5d:74:09:
                    ff:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:A8:59:2E:B9:EB:DF:91:68:0D:94:8B:33:37:EF:63:E7:34:01:25
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OahZLrnr35FoDZSLMzfvY-c0ASU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         34:70:d2:c9:98:4c:d0:5a:62:5c:14:1a:24:b3:ab:4f:e8:a6:
         86:72:22:48:31:34:a7:cd:20:be:7b:03:b6:ac:2e:84:00:a3:
         91:f4:d2:fc:36:b5:32:cc:a0:d1:20:bc:34:a1:ad:05:7e:22:
         38:6b:67:24:01:f7:16:e5:e0:9a:14:a3:7f:46:d0:8b:47:2e:
         c0:96:ea:60:13:e1:42:76:ed:e9:c5:64:0b:a8:8d:39:21:ba:
         9d:42:69:1e:3c:51:8c:7f:cd:4f:4e:92:30:4a:13:c2:b0:9f:
         c3:b7:de:3f:82:05:f5:06:2d:90:98:d0:c1:d6:d7:5d:ec:91:
         6a:5a:c8:79:7f:fc:65:ae:45:33:50:2e:b0:2a:5f:02:28:8d:
         c3:3e:e6:f0:d0:e2:62:39:81:9d:d6:6f:4d:b1:5b:46:d4:7d:
         62:53:94:6a:ea:20:1b:c4:2c:c6:e2:a7:5d:8b:98:6b:fb:e5:
         91:d6:03:92:5a:2b:d9:9a:4b:74:55:41:f0:0a:30:d9:91:d9:
         74:be:a6:d2:e1:f7:88:e5:5e:0a:e9:84:ba:49:4d:6f:21:43:
         72:71:70:74:91:bf:3a:7d:ca:e1:5f:51:c6:28:00:48:fd:ff:
         54:69:b6:4a:b7:15:d6:ef:8c:57:2c:40:28:76:5d:9a:76:bd:
         ca:64:99:d5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdo7WnRLJqXjTrsdkoGv1RNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDEwMDIxMDAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWE4NTkyZWI5ZWJkZjkxNjgwZDk0OGIzMzM3ZWY2M2U3MzQwMTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlkoNX3bhgHFVSYhPrAS7Yab/iFSW
ep0kIDAgoSxmR6D7l/HQC4e1wl7QVV3WFH5EdhPRElOK8f7vz4GE9of1Z5ZOP7gu
Z03c6u4Dm6IoBSNdjk5GiHyywZ0m/I1ESRyNv2y+/2dpcRW8i0/KRGNgkzN9dBBI
vvzXf+CNfaLkZIELrn7lZlXULtz/rUgH7BhEFmQk/tKskYIL4eVDCVydNUIlyFVn
gdbXCHbTmjN9apXDeA1IxVgi4BFocHK5ZTPNXVfTGOqoFTcQA2t2jaPDayFWBAPf
JprICJ6I3VTX0M2+qAXwNUTGMJk++hp0HROPbFszmas8vlmesftddAn/eQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDmoWS6569+RaA2UizM372PnNAElMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvT2FoWkxybnIzNUZvRFpTTE16ZnZZLWMwQVNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADRw0smYTNBaYlwUGiSz
q0/opoZyIkgxNKfNIL57A7asLoQAo5H00vw2tTLMoNEgvDShrQV+IjhrZyQB9xbl
4JoUo39G0ItHLsCW6mAT4UJ27enFZAuojTkhup1CaR48UYx/zU9OkjBKE8Kwn8O3
3j+CBfUGLZCY0MHW113skWpayHl//GWuRTNQLrAqXwIojcM+5vDQ4mI5gZ3Wb02x
W0bUfWJTlGrqIBvELMbip12LmGv75ZHWA5JaK9maS3RVQfAKMNmR2XS+ptLh94jl
XgrphLpJTW8hQ3JxcHSRvzp9yuFfUcYoAEj9/1Rptkq3FdbvjFcsQCh2XZp2vcpk
mdU=
-----END CERTIFICATE-----