Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PSPOgipEA6etia-1vF3LRmV6K0U.roa
File:                     PSPOgipEA6etia-1vF3LRmV6K0U.roa (raw, json)
Hash identifier:          OB4+E/4No+9Zitp7WkdCbvGsZ9jPiUuK2uZ8I2Qzlgg=
Subject key identifier:   3D:23:CE:82:2A:44:03:A7:AD:89:AF:B5:BC:5D:CB:46:65:7A:2B:45
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187D6923FED8C8E12D81C6F2FEB98AFE25F
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PSPOgipEA6etia-1vF3LRmV6K0U.roa
Signing time:             Mon 01 May 2023 09:08:41 +0000
ROA not before:           Mon 01 May 2023 09:08:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:d6:92:3f:ed:8c:8e:12:d8:1c:6f:2f:eb:98:af:e2:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  1 09:08:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3d23ce822a4403a7ad89afb5bc5dcb46657a2b45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a2:68:37:6d:78:55:75:f2:61:1b:20:9d:24:
                    e5:61:40:ee:96:af:fd:94:19:f3:a3:db:fa:5d:87:
                    29:29:39:d9:da:6a:6e:65:ec:1b:b9:04:47:bf:b9:
                    d2:ce:7f:a2:dc:9c:68:42:a5:72:1a:c6:20:f1:ef:
                    f9:37:02:15:23:a0:94:99:9d:d3:68:b5:45:4a:29:
                    a6:6e:4f:36:cf:89:94:11:96:0a:ef:68:eb:64:a1:
                    b0:09:8d:40:33:85:21:17:33:e1:3b:72:59:11:49:
                    cb:09:7c:31:88:0c:73:cf:70:f6:fa:53:89:ae:84:
                    e4:6b:8b:29:18:80:34:d7:3d:12:a1:80:76:d7:56:
                    33:a6:89:3e:de:d4:49:52:43:79:64:ad:53:12:e4:
                    b2:4c:d6:b3:9a:73:69:f8:4f:2f:c9:4d:b0:88:59:
                    18:12:e0:c2:8c:ab:d3:02:1d:60:0b:d3:2e:be:ed:
                    dc:b2:f2:2c:7a:1c:8a:fa:b4:dc:1c:9f:fb:bd:22:
                    17:d2:2c:f0:4d:03:58:48:6b:9f:9f:58:6d:74:e4:
                    45:b5:a9:a8:10:f4:23:4b:50:02:2b:eb:4e:39:9b:
                    2f:8c:78:e4:6c:17:ff:96:f0:64:fa:30:ce:66:64:
                    d0:7e:24:ac:6c:fb:3b:ee:80:e4:ab:37:ce:9c:97:
                    fb:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:23:CE:82:2A:44:03:A7:AD:89:AF:B5:BC:5D:CB:46:65:7A:2B:45
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PSPOgipEA6etia-1vF3LRmV6K0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         3d:06:d0:8c:cc:1a:5d:ba:e7:0b:7e:e5:14:07:c0:4f:0d:0f:
         b3:34:92:7a:e7:d6:67:e8:f5:36:40:48:d2:7d:1a:b3:e8:88:
         04:46:18:41:e4:75:86:6a:4c:58:24:3a:2d:06:15:6f:ec:8b:
         37:9c:c6:e7:93:ff:62:aa:b4:a9:0d:06:ca:ae:0a:9d:58:97:
         c2:e1:cd:47:ea:39:eb:6b:bc:06:a1:c3:5c:1a:fc:b3:92:88:
         b1:a8:2f:a7:92:2e:db:8c:b7:71:ea:bc:c7:58:61:66:a2:37:
         96:98:45:f1:99:72:97:6a:8d:3c:9b:17:fa:61:c0:fb:08:0d:
         28:a2:60:8e:83:e0:38:b3:5b:15:bf:e8:e2:43:0b:49:8d:d6:
         f7:a4:63:e3:ed:4e:73:38:6e:48:07:6b:77:5b:16:bb:9a:20:
         ff:35:6e:7a:5f:30:25:51:e4:0a:b4:3e:b9:b5:34:5a:04:94:
         f1:04:b0:a3:c1:19:2f:ac:d8:e0:9f:8b:d3:ac:4e:0d:40:b8:
         7f:43:01:73:7d:93:2a:df:47:06:bb:15:6f:60:6c:26:91:f9:
         56:f5:49:6b:d8:38:05:1c:da:e5:f4:33:59:5c:9f:55:9a:07:
         ff:44:e9:a3:eb:7e:1d:18:0f:ad:26:62:80:28:62:0a:41:c3:
         e9:22:51:6a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfWkj/tjI4S2BxvL+uYr+JfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTAxMDkwODQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDIzY2U4MjJhNDQwM2E3YWQ4OWFmYjViYzVkY2I0NjY1N2EyYjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnaJoN214VXXyYRsgnSTlYUDulq/9
lBnzo9v6XYcpKTnZ2mpuZewbuQRHv7nSzn+i3JxoQqVyGsYg8e/5NwIVI6CUmZ3T
aLVFSimmbk82z4mUEZYK72jrZKGwCY1AM4UhFzPhO3JZEUnLCXwxiAxzz3D2+lOJ
roTka4spGIA01z0SoYB211Yzpok+3tRJUkN5ZK1TEuSyTNazmnNp+E8vyU2wiFkY
EuDCjKvTAh1gC9Muvu3csvIsehyK+rTcHJ/7vSIX0izwTQNYSGufn1htdORFtamo
EPQjS1ACK+tOOZsvjHjkbBf/lvBk+jDOZmTQfiSsbPs77oDkqzfOnJf7YQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFD0jzoIqRAOnrYmvtbxdy0ZleitFMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUFNQT2dpcEVBNmV0aWEtMXZGM0xSbVY2SzBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAD0G0IzMGl265wt+5RQH
wE8ND7M0knrn1mfo9TZASNJ9GrPoiARGGEHkdYZqTFgkOi0GFW/sizecxueT/2Kq
tKkNBsquCp1Yl8LhzUfqOetrvAahw1wa/LOSiLGoL6eSLtuMt3HqvMdYYWaiN5aY
RfGZcpdqjTybF/phwPsIDSiiYI6D4DizWxW/6OJDC0mN1vekY+PtTnM4bkgHa3db
FruaIP81bnpfMCVR5Aq0Prm1NFoElPEEsKPBGS+s2OCfi9OsTg1AuH9DAXN9kyrf
Rwa7FW9gbCaR+Vb1SWvYOAUc2uX0M1lcn1WaB/9E6aPrfh0YD60mYoAoYgpBw+ki
UWo=
-----END CERTIFICATE-----