Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OjUf9CFQwhXuCRKh6vSLSqorfXA.roa
File:                     OjUf9CFQwhXuCRKh6vSLSqorfXA.roa (raw, json)
Hash identifier:          ek8kgBNfodUOr4RWt81XXnSotuikD5EJa2ORkyBLGXE=
Subject key identifier:   3A:35:1F:F4:21:50:C2:15:EE:09:12:A1:EA:F4:8B:4A:AA:2B:7D:70
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018739190994655C109D7202BD52B35D83C9
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OjUf9CFQwhXuCRKh6vSLSqorfXA.roa
Signing time:             Fri 31 Mar 2023 19:15:54 +0000
ROA not before:           Fri 31 Mar 2023 19:15:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:39:19:09:94:65:5c:10:9d:72:02:bd:52:b3:5d:83:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 31 19:15:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3a351ff42150c215ee0912a1eaf48b4aaa2b7d70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:d3:7c:1f:04:83:20:58:fd:70:81:23:cf:a9:
                    29:0f:25:21:6f:22:33:c1:6a:91:76:7f:57:ef:55:
                    32:1a:a3:43:04:c3:68:5b:73:74:ff:1a:c7:76:16:
                    97:92:fb:af:92:71:81:e1:2b:6c:d7:9f:02:64:2f:
                    79:cf:c1:56:ea:66:3b:91:86:a0:41:83:5c:cc:49:
                    7a:67:c1:4f:39:a1:f3:5f:d0:32:3a:8b:d7:08:e7:
                    e0:a3:84:d8:db:37:c5:68:88:0a:d3:f9:f6:51:09:
                    f1:a0:e4:aa:6f:c2:fb:58:f6:94:8c:00:e3:8c:1d:
                    7a:f9:e7:e9:02:84:a9:4f:20:40:af:4d:37:4f:cb:
                    7b:52:ee:5b:b0:db:8b:40:ae:79:ba:13:97:6a:6c:
                    e6:60:c3:f2:e9:b5:57:36:83:4b:6e:08:1a:cd:dd:
                    99:2c:43:20:b2:c2:05:42:5e:62:be:14:57:f7:0e:
                    32:0f:5d:91:a1:ac:b0:e8:c3:60:ff:7e:95:04:03:
                    8e:5a:fa:2a:4b:d2:5f:af:83:2c:60:01:d0:cc:fb:
                    22:90:8e:ae:e7:0d:7e:50:84:98:3e:97:1c:ff:b4:
                    ea:58:e7:af:dd:4b:00:2a:37:d6:f1:c9:04:ce:56:
                    f0:90:79:18:91:da:e0:36:49:a8:b5:1a:22:85:cf:
                    5b:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:35:1F:F4:21:50:C2:15:EE:09:12:A1:EA:F4:8B:4A:AA:2B:7D:70
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OjUf9CFQwhXuCRKh6vSLSqorfXA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:1f:41:64:6b:80:de:c9:09:2d:70:c0:41:93:a1:63:b9:3c:
         21:da:04:cd:bf:b5:2b:1f:49:b0:8d:ce:d8:6a:9b:49:a5:41:
         bc:0a:0d:ff:b5:0f:53:64:18:e9:b9:ad:67:9e:97:b3:99:a1:
         26:70:c7:3c:f3:9b:aa:e0:74:c9:cd:d0:f3:0e:d2:36:e5:8a:
         5a:96:41:3d:66:2b:48:33:67:ba:13:bd:8c:10:d0:2f:c0:87:
         50:be:77:f1:63:c7:c3:1b:a4:4e:dc:52:0e:16:51:47:9f:8a:
         9b:4d:d5:c4:48:d6:f9:c9:db:cd:dd:51:cb:34:9d:9c:f5:64:
         5f:f7:54:5d:09:91:61:6c:a1:74:39:5d:1e:7d:9f:8d:ed:48:
         16:be:4d:e6:21:cb:ae:e7:1b:42:72:e1:47:d8:b0:8b:e2:7d:
         8a:0d:f1:07:c3:27:7c:cb:df:6f:19:70:8a:33:40:e4:17:92:
         2d:04:53:41:6a:b0:a2:86:93:fc:13:18:0a:4a:15:f1:51:df:
         e9:2b:e8:f8:f1:c9:ff:a9:fd:8a:96:bd:2a:52:2f:b5:a5:ab:
         ec:1f:cc:ca:55:8a:8d:dd:93:a4:12:d5:c2:2a:14:9c:83:4a:
         fc:53:c4:6d:38:77:12:4b:f1:b5:c5:fd:9d:b2:b1:29:48:f9:
         4d:c4:9f:ef
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYc5GQmUZVwQnXICvVKzXYPJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzMxMTkxNTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTM1MWZmNDIxNTBjMjE1ZWUwOTEyYTFlYWY0OGI0YWFhMmI3ZDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAitN8HwSDIFj9cIEjz6kpDyUhbyIz
wWqRdn9X71UyGqNDBMNoW3N0/xrHdhaXkvuvknGB4Sts158CZC95z8FW6mY7kYag
QYNczEl6Z8FPOaHzX9AyOovXCOfgo4TY2zfFaIgK0/n2UQnxoOSqb8L7WPaUjADj
jB16+efpAoSpTyBAr003T8t7Uu5bsNuLQK55uhOXamzmYMPy6bVXNoNLbggazd2Z
LEMgssIFQl5ivhRX9w4yD12Roayw6MNg/36VBAOOWvoqS9Jfr4MsYAHQzPsikI6u
5w1+UISYPpcc/7TqWOev3UsAKjfW8ckEzlbwkHkYkdrgNkmotRoihc9brwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDo1H/QhUMIV7gkSoer0i0qqK31wMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvT2pVZjlDRlF3aFh1Q1JLaDZ2U0xTcW9yZlhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAI4fQWRrgN7JCS1wwEGT
oWO5PCHaBM2/tSsfSbCNzthqm0mlQbwKDf+1D1NkGOm5rWeel7OZoSZwxzzzm6rg
dMnN0PMO0jblilqWQT1mK0gzZ7oTvYwQ0C/Ah1C+d/Fjx8MbpE7cUg4WUUefiptN
1cRI1vnJ283dUcs0nZz1ZF/3VF0JkWFsoXQ5XR59n43tSBa+TeYhy67nG0Jy4UfY
sIvifYoN8QfDJ3zL328ZcIozQOQXki0EU0FqsKKGk/wTGApKFfFR3+kr6Pjxyf+p
/YqWvSpSL7Wlq+wfzMpVio3dk6QS1cIqFJyDSvxTxG04dxJL8bXF/Z2ysSlI+U3E
n+8=
-----END CERTIFICATE-----