Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OvPbEiadiSvzfoiHLHdjB5Yr2-4.roa
File:                     OvPbEiadiSvzfoiHLHdjB5Yr2-4.roa (raw, json)
Hash identifier:          IOIxCV/J5OVyefnOkPJj5clc9eJcJkaGGIRdeJq99b0=
Subject key identifier:   3A:F3:DB:12:26:9D:89:2B:F3:7E:88:87:2C:77:63:07:96:2B:DB:EE
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188589C676E3E564FA6933CE8302DDAB1F3
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OvPbEiadiSvzfoiHLHdjB5Yr2-4.roa
Signing time:             Fri 26 May 2023 15:10:25 +0000
ROA not before:           Fri 26 May 2023 15:10:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:58:9c:67:6e:3e:56:4f:a6:93:3c:e8:30:2d:da:b1:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 26 15:10:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3af3db12269d892bf37e88872c776307962bdbee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:b2:57:f7:04:7a:6c:11:b3:05:23:cc:fb:1d:
                    47:6d:1c:2e:1a:73:96:45:1e:81:4e:1f:5c:f4:3b:
                    b0:6c:af:31:48:66:5d:5f:59:d8:00:72:56:96:21:
                    d3:3a:d5:30:82:d7:15:c4:b0:10:98:e1:7f:c2:24:
                    94:95:95:b7:e1:a1:26:77:e6:b8:90:2a:07:46:2a:
                    71:80:71:2c:79:77:fb:10:62:9b:93:dc:87:36:2d:
                    f7:9c:e8:fe:50:2e:cd:e0:c2:70:5b:22:e6:0f:38:
                    34:02:94:b4:11:e0:aa:d4:a4:a0:9d:2e:38:c7:96:
                    74:78:1a:92:38:c8:32:9a:67:97:21:b3:0a:51:53:
                    cf:8e:7f:5e:67:0a:0d:ea:ca:3f:fc:ed:27:15:ea:
                    89:34:d4:74:a0:e9:50:f7:30:6a:76:a7:23:d7:a0:
                    71:f2:05:30:09:53:47:bd:02:91:8a:b7:8d:62:3a:
                    be:39:c5:79:79:b1:7c:4a:73:14:07:a2:67:9a:93:
                    4d:22:17:da:36:42:1b:1a:39:57:b9:ea:21:b0:55:
                    3b:db:8a:ce:6d:27:dc:ae:9f:fe:5b:0a:6f:9e:6a:
                    83:e2:cd:de:d7:59:40:db:6e:f8:29:48:77:35:11:
                    da:d0:ab:52:b1:82:9d:7c:82:6e:58:0d:68:d6:d0:
                    f4:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:F3:DB:12:26:9D:89:2B:F3:7E:88:87:2C:77:63:07:96:2B:DB:EE
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OvPbEiadiSvzfoiHLHdjB5Yr2-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         16:ff:4a:86:33:b7:92:09:5f:55:82:ed:f4:38:20:8b:44:84:
         65:a0:4a:29:ba:62:d8:f3:e8:54:bc:da:90:0e:f8:6c:d1:c6:
         fa:a3:af:33:33:36:9a:ad:f4:1b:f2:81:26:e4:74:62:07:cd:
         72:b4:6d:ac:5a:13:24:19:2e:48:93:19:10:fb:8d:4c:ba:0c:
         98:17:b6:fd:dd:b0:41:05:21:7d:84:db:fa:3c:2e:ed:0d:fc:
         2a:70:27:7b:1c:7f:c0:e0:2e:82:f4:00:0f:58:59:73:88:17:
         b3:cf:03:09:d7:32:1d:dd:20:55:a3:9b:d2:18:81:4b:a2:7f:
         0e:90:f5:be:64:6a:f4:ee:b9:fc:e2:6b:87:fe:1d:78:54:4c:
         0f:9d:a0:87:af:0e:24:be:31:dd:e7:5a:47:51:38:55:dc:b1:
         c3:7f:05:d7:ea:9a:fb:07:36:93:74:ef:cf:a3:ee:09:4b:65:
         28:33:32:f2:57:97:b5:77:b7:1f:59:99:ec:dd:38:a2:30:0f:
         14:e0:3c:5a:d2:8b:3a:16:b5:18:f7:c4:15:49:de:b3:3c:ef:
         87:83:c2:89:61:97:b5:c0:c3:70:05:38:75:0b:4c:71:f8:0e:
         cc:77:0d:29:55:fe:d1:12:45:5c:1b:97:aa:fa:12:b4:64:3b:
         de:8f:e8:ed
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhYnGduPlZPppM86DAt2rHzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTI2MTUxMDI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWYzZGIxMjI2OWQ4OTJiZjM3ZTg4ODcyYzc3NjMwNzk2MmJkYmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7JX9wR6bBGzBSPM+x1HbRwuGnOW
RR6BTh9c9DuwbK8xSGZdX1nYAHJWliHTOtUwgtcVxLAQmOF/wiSUlZW34aEmd+a4
kCoHRipxgHEseXf7EGKbk9yHNi33nOj+UC7N4MJwWyLmDzg0ApS0EeCq1KSgnS44
x5Z0eBqSOMgymmeXIbMKUVPPjn9eZwoN6so//O0nFeqJNNR0oOlQ9zBqdqcj16Bx
8gUwCVNHvQKRireNYjq+OcV5ebF8SnMUB6JnmpNNIhfaNkIbGjlXueohsFU724rO
bSfcrp/+WwpvnmqD4s3e11lA2274KUh3NRHa0KtSsYKdfIJuWA1o1tD08wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDrz2xImnYkr836Ihyx3YweWK9vuMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvT3ZQYkVpYWRpU3Z6Zm9pSExIZGpCNVlyMi00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABb/SoYzt5IJX1WC7fQ4
IItEhGWgSim6Ytjz6FS82pAO+GzRxvqjrzMzNpqt9BvygSbkdGIHzXK0baxaEyQZ
LkiTGRD7jUy6DJgXtv3dsEEFIX2E2/o8Lu0N/CpwJ3scf8DgLoL0AA9YWXOIF7PP
AwnXMh3dIFWjm9IYgUuifw6Q9b5kavTuufzia4f+HXhUTA+doIevDiS+Md3nWkdR
OFXcscN/BdfqmvsHNpN078+j7glLZSgzMvJXl7V3tx9ZmezdOKIwDxTgPFrSizoW
tRj3xBVJ3rM874eDwolhl7XAw3AFOHULTHH4Dsx3DSlV/tESRVwbl6r6ErRkO96P
6O0=
-----END CERTIFICATE-----