Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ObBjFVodHxsJk6dru5MEaXmVnjE.roa
File:                     ObBjFVodHxsJk6dru5MEaXmVnjE.roa (raw, json)
Hash identifier:          blVOu8p9xvtD7wHFGdBIAPsarbyC1+qQWq3hZqUuPh0=
Subject key identifier:   39:B0:63:15:5A:1D:1F:1B:09:93:A7:6B:BB:93:04:69:79:95:9E:31
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018840CBE71B61466CCD21CD88E61EC36A24
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ObBjFVodHxsJk6dru5MEaXmVnjE.roa
Signing time:             Mon 22 May 2023 00:11:24 +0000
ROA not before:           Mon 22 May 2023 00:11:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:40:cb:e7:1b:61:46:6c:cd:21:cd:88:e6:1e:c3:6a:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 22 00:11:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=39b063155a1d1f1b0993a76bbb93046979959e31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:5c:a8:22:9c:13:5f:4e:fe:dd:71:1a:37:81:
                    1c:af:84:09:69:1f:a7:ba:da:7f:50:c1:74:b3:a5:
                    51:72:3e:4e:47:b6:af:7a:b8:c9:7a:0e:7a:d0:68:
                    57:26:27:df:a7:84:52:8f:86:dd:75:39:27:80:e9:
                    cf:fe:36:35:90:a0:a2:d4:55:41:44:f9:06:5c:2c:
                    f7:d8:fb:9f:54:23:da:cb:25:1d:93:70:83:4d:f6:
                    45:94:e9:f5:08:ea:9a:47:ce:cb:c2:59:76:56:d1:
                    8d:a7:ac:2b:82:d2:04:d9:b0:ac:23:7c:ae:51:fe:
                    b0:dc:be:38:56:83:91:c5:ba:ef:47:5a:a4:04:23:
                    54:f9:74:c9:a4:b0:66:05:19:0e:67:39:c2:68:77:
                    df:01:26:bf:67:1d:c6:9c:4b:89:f5:9f:01:b5:b9:
                    d1:91:43:cf:c4:b0:bb:90:14:e9:4b:42:83:87:ae:
                    35:bd:e4:14:3d:91:c1:cd:c6:df:4f:0b:d8:15:c7:
                    b3:60:48:a5:1f:06:db:d9:bc:2f:2c:f4:e8:6c:ff:
                    ce:ed:49:ee:cc:09:e0:b6:43:76:73:49:5d:8d:70:
                    6a:f4:e2:c8:75:54:2c:b6:93:03:58:4f:e9:fe:6a:
                    0c:64:60:f8:8e:8f:50:65:98:b2:5c:90:7e:a7:06:
                    93:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:B0:63:15:5A:1D:1F:1B:09:93:A7:6B:BB:93:04:69:79:95:9E:31
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ObBjFVodHxsJk6dru5MEaXmVnjE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         4c:05:dc:4d:2c:ae:a8:96:78:ea:38:c2:a9:1f:fa:4f:f9:a0:
         b0:b1:56:6b:f0:4a:97:af:5f:77:47:eb:b6:2e:ba:21:1e:70:
         a5:91:1d:b0:6a:79:ec:ce:bc:80:62:16:c1:75:91:8e:00:45:
         2d:8e:03:b8:25:35:2c:fd:ca:37:3a:80:22:c1:ff:32:9e:fe:
         8d:9c:cc:ac:3b:f2:8f:6e:aa:a2:b0:4b:04:75:9f:a2:13:30:
         da:d8:ad:ce:9d:97:f7:ab:dd:6d:1e:ea:95:b8:68:b0:57:7f:
         af:75:97:fc:99:6d:cf:20:37:e6:28:b2:2d:4c:91:77:57:03:
         6a:8e:8a:6a:f3:a0:23:66:e3:2b:50:93:53:eb:2b:90:33:7e:
         6d:53:47:c6:3a:0d:e2:02:70:6d:fc:8e:79:19:ed:8a:00:34:
         f9:9a:f0:f4:2b:63:c3:29:12:3a:62:d5:31:84:57:e6:02:32:
         92:cf:1b:c7:0d:1a:ad:dc:a6:cc:0c:19:58:5e:36:96:ef:4e:
         02:fa:f4:16:aa:3f:90:d2:ca:ec:10:18:83:b0:f6:b4:f8:da:
         44:cb:4d:db:7d:bd:e3:9e:00:af:e9:94:86:d6:87:1b:e4:34:
         2e:64:31:e5:33:a3:b0:b0:3d:dc:0e:ab:86:cd:9c:a7:e1:69:
         0d:2c:2b:8f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhAy+cbYUZszSHNiOYew2okMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTIyMDAxMTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWIwNjMxNTVhMWQxZjFiMDk5M2E3NmJiYjkzMDQ2OTc5OTU5ZTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFyoIpwTX07+3XEaN4Ecr4QJaR+n
utp/UMF0s6VRcj5OR7averjJeg560GhXJiffp4RSj4bddTkngOnP/jY1kKCi1FVB
RPkGXCz32PufVCPayyUdk3CDTfZFlOn1COqaR87Lwll2VtGNp6wrgtIE2bCsI3yu
Uf6w3L44VoORxbrvR1qkBCNU+XTJpLBmBRkOZznCaHffASa/Zx3GnEuJ9Z8BtbnR
kUPPxLC7kBTpS0KDh641veQUPZHBzcbfTwvYFcezYEilHwbb2bwvLPTobP/O7Unu
zAngtkN2c0ldjXBq9OLIdVQstpMDWE/p/moMZGD4jo9QZZiyXJB+pwaTjwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDmwYxVaHR8bCZOna7uTBGl5lZ4xMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvT2JCakZWb2RIeHNKazZkcnU1TUVhWG1WbmpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEwF3E0srqiWeOo4wqkf
+k/5oLCxVmvwSpevX3dH67YuuiEecKWRHbBqeezOvIBiFsF1kY4ARS2OA7glNSz9
yjc6gCLB/zKe/o2czKw78o9uqqKwSwR1n6ITMNrYrc6dl/er3W0e6pW4aLBXf691
l/yZbc8gN+Yosi1MkXdXA2qOimrzoCNm4ytQk1PrK5Azfm1TR8Y6DeICcG38jnkZ
7YoANPma8PQrY8MpEjpi1TGEV+YCMpLPG8cNGq3cpswMGVheNpbvTgL69BaqP5DS
yuwQGIOw9rT42kTLTdt9veOeAK/plIbWhxvkNC5kMeUzo7CwPdwOq4bNnKfhaQ0s
K48=
-----END CERTIFICATE-----