Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OfEUQAGhkbl8Os2cfOJFV97pLSU.roa
File:                     OfEUQAGhkbl8Os2cfOJFV97pLSU.roa (raw, json)
Hash identifier:          Jce02irSUpz7sRXLIV6yFqrzZ2UodCESYRfwG15xOzA=
Subject key identifier:   39:F1:14:40:01:A1:91:B9:7C:3A:CD:9C:7C:E2:45:57:DE:E9:2D:25
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01873BE065B3A02A1F96C2AC991FCA0ED001
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OfEUQAGhkbl8Os2cfOJFV97pLSU.roa
Signing time:             Sat 01 Apr 2023 08:12:54 +0000
ROA not before:           Sat 01 Apr 2023 08:12:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:3b:e0:65:b3:a0:2a:1f:96:c2:ac:99:1f:ca:0e:d0:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  1 08:12:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=39f1144001a191b97c3acd9c7ce24557dee92d25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:b5:71:43:5d:75:f5:91:4e:c3:70:c0:87:bd:
                    ab:4c:3f:80:1b:c5:09:25:f4:3b:98:b6:f0:eb:25:
                    2f:32:4a:72:ea:f3:7d:bc:cb:03:b5:45:a5:48:dd:
                    8e:f7:89:7b:cc:6f:3d:67:4b:40:d8:92:83:d6:9d:
                    c9:0d:89:9b:05:75:1f:fa:0a:ec:34:15:4e:e8:6f:
                    3d:92:5d:60:14:9c:f1:ff:cf:73:e0:05:af:21:66:
                    07:d9:b0:d2:9e:4c:44:64:66:2d:77:1a:62:b3:b7:
                    d5:35:19:01:d5:cd:db:1c:83:9b:9c:c1:42:99:1a:
                    c6:15:14:43:ac:9f:91:db:99:a4:84:62:5f:25:9f:
                    7e:ad:d2:60:5e:ca:46:4b:a2:9b:20:61:19:70:8d:
                    d4:2b:d3:a5:c5:c6:62:10:bd:ae:70:4d:d9:b5:b5:
                    99:65:b7:a4:ee:53:53:28:d2:fa:fd:39:61:80:b7:
                    4a:d0:a3:d4:c0:13:83:d6:e8:c8:42:3a:df:77:f3:
                    89:22:bf:4b:fb:9c:6d:3f:c3:6d:14:84:78:7c:6b:
                    64:61:d0:e6:14:20:d8:e1:0e:a1:28:ed:f1:16:ca:
                    50:33:71:e6:08:99:6a:78:f1:e0:22:26:d8:30:59:
                    78:81:0d:c3:c2:1b:2f:42:e9:b5:88:43:ce:25:43:
                    8c:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:F1:14:40:01:A1:91:B9:7C:3A:CD:9C:7C:E2:45:57:DE:E9:2D:25
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OfEUQAGhkbl8Os2cfOJFV97pLSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         76:d6:52:6f:e0:1b:a9:a2:1d:54:25:c1:a6:30:f1:14:61:78:
         6f:16:ea:cd:86:0c:52:97:8e:7e:e1:f5:d9:d5:39:9a:0d:9c:
         ae:b7:6e:ae:41:3b:75:e2:95:83:8b:10:17:d1:6d:4b:38:ea:
         cc:4f:41:ff:73:d9:b0:de:c7:de:36:42:03:fb:72:31:61:da:
         26:9f:b2:b9:26:68:17:6c:63:85:df:bd:73:ed:2c:99:ac:09:
         4a:92:7e:4a:a8:ff:87:7f:b0:e7:18:77:85:63:96:f6:28:e6:
         94:b9:fa:cd:4a:b4:3a:f7:77:fb:36:f0:c1:c4:1e:82:41:78:
         b6:73:6f:2f:47:09:ef:7d:f2:4e:c8:ab:8a:92:4c:10:d7:2c:
         d7:46:e7:f1:28:11:7c:4f:1e:51:68:75:28:52:6d:1b:01:ee:
         84:1a:9f:eb:3c:11:b7:f3:4a:98:a0:53:03:a5:c1:69:e7:1b:
         06:58:6d:92:0e:c6:e0:3a:80:82:dd:b0:6f:43:2c:cb:91:6d:
         8c:29:c3:5a:b8:cc:6b:ea:86:d3:fb:35:b4:b0:9c:cd:87:d7:
         e7:0b:4c:ef:3d:d8:25:80:90:c6:bc:19:16:0c:df:b2:39:75:
         30:eb:9e:3d:9e:8e:8d:17:3d:1b:53:f6:f8:28:ce:41:1b:91:
         c6:aa:b7:b0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYc74GWzoCoflsKsmR/KDtABMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDAxMDgxMjU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWYxMTQ0MDAxYTE5MWI5N2MzYWNkOWM3Y2UyNDU1N2RlZTkyZDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv7VxQ1119ZFOw3DAh72rTD+AG8UJ
JfQ7mLbw6yUvMkpy6vN9vMsDtUWlSN2O94l7zG89Z0tA2JKD1p3JDYmbBXUf+grs
NBVO6G89kl1gFJzx/89z4AWvIWYH2bDSnkxEZGYtdxpis7fVNRkB1c3bHIObnMFC
mRrGFRRDrJ+R25mkhGJfJZ9+rdJgXspGS6KbIGEZcI3UK9OlxcZiEL2ucE3ZtbWZ
Zbek7lNTKNL6/TlhgLdK0KPUwBOD1ujIQjrfd/OJIr9L+5xtP8NtFIR4fGtkYdDm
FCDY4Q6hKO3xFspQM3HmCJlqePHgIibYMFl4gQ3DwhsvQum1iEPOJUOMXwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDnxFEABoZG5fDrNnHziRVfe6S0lMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvT2ZFVVFBR2hrYmw4T3MyY2ZPSkZWOTdwTFNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHbWUm/gG6miHVQlwaYw
8RRheG8W6s2GDFKXjn7h9dnVOZoNnK63bq5BO3XilYOLEBfRbUs46sxPQf9z2bDe
x942QgP7cjFh2iafsrkmaBdsY4XfvXPtLJmsCUqSfkqo/4d/sOcYd4VjlvYo5pS5
+s1KtDr3d/s28MHEHoJBeLZzby9HCe998k7Iq4qSTBDXLNdG5/EoEXxPHlFodShS
bRsB7oQan+s8EbfzSpigUwOlwWnnGwZYbZIOxuA6gILdsG9DLMuRbYwpw1q4zGvq
htP7NbSwnM2H1+cLTO892CWAkMa8GRYM37I5dTDrnj2ejo0XPRtT9vgozkEbkcaq
t7A=
-----END CERTIFICATE-----