Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/P0H1uvAtl5MOqP9Hym2qSHO-8ec.roa
File:                     P0H1uvAtl5MOqP9Hym2qSHO-8ec.roa (raw, json)
Hash identifier:          u5TKopW6xgMcZwCv0MP8xjWRWTr1o9YitvBP4DZaXDA=
Subject key identifier:   3F:41:F5:BA:F0:2D:97:93:0E:A8:FF:47:CA:6D:AA:48:73:BE:F1:E7
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186DA80B84DECD6BFD66969D053D81E9BF5
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/P0H1uvAtl5MOqP9Hym2qSHO-8ec.roa
Signing time:             Mon 13 Mar 2023 10:25:13 +0000
ROA not before:           Mon 13 Mar 2023 10:25:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:da:80:b8:4d:ec:d6:bf:d6:69:69:d0:53:d8:1e:9b:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 13 10:25:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3f41f5baf02d97930ea8ff47ca6daa4873bef1e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:80:f8:de:4f:fb:50:5a:9e:e9:be:45:4f:ec:
                    d6:c9:25:4a:27:2c:d7:af:d5:c7:81:4a:47:a8:b7:
                    28:5f:ae:a6:2a:86:72:21:91:e4:45:c8:53:76:33:
                    de:bd:04:d1:64:cc:ec:de:de:c1:49:eb:a2:93:6f:
                    04:b9:3e:dd:cb:5f:6b:2f:f7:ec:10:62:6e:68:11:
                    59:44:3a:03:be:47:ab:b5:60:94:ea:58:01:45:3c:
                    f7:a0:c1:50:f1:75:07:71:63:81:31:34:7e:4e:af:
                    b2:19:6c:c6:e3:0e:fe:a3:07:4f:4f:8b:69:77:af:
                    6b:3b:20:f3:fd:d3:ee:33:f8:fa:0e:cc:83:fa:7e:
                    84:45:f5:04:aa:38:1e:4c:6c:fb:89:f6:92:d8:8d:
                    06:34:8e:52:b5:b4:a1:10:54:61:1a:56:24:b6:ed:
                    02:b0:fe:1d:df:41:01:bb:6e:79:70:2a:90:bf:2d:
                    92:8d:46:64:84:7e:3e:de:89:20:93:56:fd:d4:22:
                    5a:50:3e:a1:8d:ed:df:81:ec:31:e0:46:5c:74:ad:
                    a6:38:a8:78:d9:0a:8b:73:b6:a8:3e:14:e7:47:93:
                    d6:20:36:38:8d:b8:25:9b:7d:99:7f:44:ff:1a:4c:
                    85:c4:57:93:12:6e:d9:d0:39:91:83:57:31:7a:06:
                    76:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:41:F5:BA:F0:2D:97:93:0E:A8:FF:47:CA:6D:AA:48:73:BE:F1:E7
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/P0H1uvAtl5MOqP9Hym2qSHO-8ec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a5:e4:45:86:f6:67:bf:8e:51:5f:18:4b:ce:a7:59:9d:2a:83:
         c7:65:9c:c2:26:ad:ec:2f:0a:cf:c7:89:5b:84:7f:46:7c:5c:
         d3:46:80:a7:f5:5c:36:a9:bc:4c:0a:95:77:4d:74:36:92:00:
         4c:92:c8:b5:49:be:12:e8:bf:04:dd:6c:31:b4:c8:13:82:9c:
         6f:e7:20:4f:0e:3b:be:9a:46:b1:a9:9b:37:97:0c:04:4c:ee:
         1b:0e:b8:1b:15:bd:a8:a7:d5:4e:3d:7a:e7:46:60:1c:ba:bc:
         15:5b:39:4b:21:04:0d:dd:bc:df:3c:32:98:b8:38:9e:9c:05:
         67:fe:bb:7a:79:f9:bd:bc:f8:96:56:c0:1f:31:e2:bf:12:44:
         81:a9:2c:2c:16:91:37:cb:60:80:f4:4f:1e:05:31:9a:8c:52:
         9f:c5:17:98:50:89:26:dd:26:54:b4:b5:ef:cf:b9:af:21:09:
         43:5c:42:c9:ec:ee:81:a7:f0:5a:67:31:82:bf:2f:5e:b3:8c:
         f5:71:07:57:79:fa:51:02:88:35:9a:99:6f:ca:78:ee:c0:1d:
         59:4b:af:9c:27:a3:ff:d6:81:e9:bf:65:fa:41:e4:3e:0f:7e:
         28:7c:8c:5f:a4:ec:66:ab:51:e5:90:c0:83:0e:f4:98:82:86:
         95:e3:c4:1e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbagLhN7Na/1mlp0FPYHpv1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzEzMTAyNTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjQxZjViYWYwMmQ5NzkzMGVhOGZmNDdjYTZkYWE0ODczYmVmMWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkYD43k/7UFqe6b5FT+zWySVKJyzX
r9XHgUpHqLcoX66mKoZyIZHkRchTdjPevQTRZMzs3t7BSeuik28EuT7dy19rL/fs
EGJuaBFZRDoDvkertWCU6lgBRTz3oMFQ8XUHcWOBMTR+Tq+yGWzG4w7+owdPT4tp
d69rOyDz/dPuM/j6DsyD+n6ERfUEqjgeTGz7ifaS2I0GNI5StbShEFRhGlYktu0C
sP4d30EBu255cCqQvy2SjUZkhH4+3okgk1b91CJaUD6hje3fgewx4EZcdK2mOKh4
2QqLc7aoPhTnR5PWIDY4jbglm32Zf0T/GkyFxFeTEm7Z0DmRg1cxegZ2UwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFD9B9brwLZeTDqj/R8ptqkhzvvHnMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUDBIMXV2QXRsNU1PcVA5SHltMnFTSE8tOGVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKXkRYb2Z7+OUV8YS86n
WZ0qg8dlnMImrewvCs/HiVuEf0Z8XNNGgKf1XDapvEwKlXdNdDaSAEySyLVJvhLo
vwTdbDG0yBOCnG/nIE8OO76aRrGpmzeXDARM7hsOuBsVvain1U49eudGYBy6vBVb
OUshBA3dvN88Mpi4OJ6cBWf+u3p5+b28+JZWwB8x4r8SRIGpLCwWkTfLYID0Tx4F
MZqMUp/FF5hQiSbdJlS0te/Pua8hCUNcQsns7oGn8FpnMYK/L16zjPVxB1d5+lEC
iDWamW/KeO7AHVlLr5wno//Wgem/ZfpB5D4Pfih8jF+k7GarUeWQwIMO9JiChpXj
xB4=
-----END CERTIFICATE-----