Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PrW4328x-oAj2aiAy01yW_PxqWE.roa
File:                     PrW4328x-oAj2aiAy01yW_PxqWE.roa (raw, json)
Hash identifier:          IsiQKsK0goPwhsE76iXPJ694iK+RBzYDWSoWZdphMBY=
Subject key identifier:   3E:B5:B8:DF:6F:31:FA:80:23:D9:A8:80:CB:4D:72:5B:F3:F1:A9:61
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018835A28AC2C4FA78D0F5915D5F2FE5BA7A
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PrW4328x-oAj2aiAy01yW_PxqWE.roa
Signing time:             Fri 19 May 2023 20:10:24 +0000
ROA not before:           Fri 19 May 2023 20:10:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:35:a2:8a:c2:c4:fa:78:d0:f5:91:5d:5f:2f:e5:ba:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 19 20:10:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3eb5b8df6f31fa8023d9a880cb4d725bf3f1a961
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:68:f2:76:a7:39:49:74:89:60:ec:7b:2c:42:
                    39:7a:75:1e:ec:35:d1:8a:dc:c2:46:61:1e:af:1d:
                    a0:1a:04:7c:8d:9a:30:02:32:5b:7a:98:7c:e2:69:
                    8c:c1:c7:de:d4:04:e1:f8:1e:9f:b2:03:1c:64:13:
                    0a:72:65:5e:b8:29:61:45:a7:2c:51:05:e9:aa:f7:
                    8b:c8:aa:61:a1:81:22:68:89:73:99:c7:2c:31:f0:
                    9d:52:e4:e2:2e:b4:f5:87:24:4d:6d:85:bc:04:21:
                    e4:13:af:6d:58:23:86:41:05:1e:9c:99:f1:d1:8a:
                    b8:a4:b2:95:d7:3a:e7:ab:6b:e0:db:86:8f:20:e3:
                    7a:2a:b8:3e:4e:bb:29:10:e5:3c:42:3f:65:42:aa:
                    0b:b6:6c:d5:58:7e:30:c9:87:46:74:83:dd:5f:f6:
                    00:3f:2d:fb:26:57:14:54:93:d0:c6:11:32:72:4a:
                    db:4c:ba:2c:37:c5:a7:03:c8:ea:5c:87:e7:93:f8:
                    b4:f8:cb:ef:16:f7:ee:08:96:b5:ce:f0:4f:32:a8:
                    5d:2c:52:dc:cd:c0:92:88:c6:91:69:f1:12:42:b0:
                    10:19:41:ed:c1:f2:46:2d:34:e5:cb:a4:60:4b:d7:
                    c7:03:dd:94:61:93:c6:c0:cd:fb:17:41:f7:c4:3c:
                    ce:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:B5:B8:DF:6F:31:FA:80:23:D9:A8:80:CB:4D:72:5B:F3:F1:A9:61
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PrW4328x-oAj2aiAy01yW_PxqWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         27:8c:46:fd:48:4c:92:47:07:e3:13:fb:ae:c3:47:79:6d:88:
         20:f6:91:91:a9:db:93:6b:1d:ad:84:34:78:47:4e:3f:91:62:
         25:69:f6:e6:a4:56:18:f5:37:1a:aa:a3:7e:82:cf:40:ee:27:
         c5:41:32:d1:d4:0c:78:65:2c:cd:ed:42:06:db:b9:02:13:75:
         3e:4a:5e:20:9e:b8:65:0b:4a:51:cf:9d:2e:16:70:a0:80:7b:
         6c:f1:2f:4f:8d:f0:42:70:f3:6a:5e:84:a5:34:dd:61:c6:f3:
         61:4c:77:99:bf:22:dc:7a:2a:4e:13:43:61:f7:82:f8:99:7a:
         f4:86:94:d2:07:dc:48:25:26:22:c1:4e:5c:f8:70:09:dc:c9:
         9c:18:93:db:93:3e:fd:bd:7c:ce:b9:7d:08:ca:f4:eb:a2:6b:
         e3:6b:8e:40:d9:8a:de:08:10:24:67:bc:d5:bb:6a:da:16:de:
         2f:b3:1d:2b:f7:8b:6b:25:65:85:ae:b5:76:f4:70:8b:c6:c5:
         f8:bf:b5:43:2a:86:4b:22:a7:95:13:ae:31:86:c8:df:e5:9f:
         9a:97:9c:3d:a1:77:6b:e0:3d:6c:97:2a:bf:19:a9:62:b8:76:
         d9:3b:b1:de:7e:88:1b:d4:01:21:c2:d6:1c:aa:b9:a7:37:8f:
         b9:0c:3c:cc
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYg1oorCxPp40PWRXV8v5bp6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTE5MjAxMDI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWI1YjhkZjZmMzFmYTgwMjNkOWE4ODBjYjRkNzI1YmYzZjFhOTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkGjydqc5SXSJYOx7LEI5enUe7DXR
itzCRmEerx2gGgR8jZowAjJbeph84mmMwcfe1ATh+B6fsgMcZBMKcmVeuClhRacs
UQXpqveLyKphoYEiaIlzmccsMfCdUuTiLrT1hyRNbYW8BCHkE69tWCOGQQUenJnx
0Yq4pLKV1zrnq2vg24aPION6Krg+TrspEOU8Qj9lQqoLtmzVWH4wyYdGdIPdX/YA
Py37JlcUVJPQxhEyckrbTLosN8WnA8jqXIfnk/i0+MvvFvfuCJa1zvBPMqhdLFLc
zcCSiMaRafESQrAQGUHtwfJGLTTly6RgS9fHA92UYZPGwM37F0H3xDzOnQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFD61uN9vMfqAI9mogMtNclvz8alhMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUHJXNDMyOHgtb0FqMmFpQXkwMXlXX1B4cVdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACeMRv1ITJJHB+MT+67D
R3ltiCD2kZGp25NrHa2ENHhHTj+RYiVp9uakVhj1Nxqqo36Cz0DuJ8VBMtHUDHhl
LM3tQgbbuQITdT5KXiCeuGULSlHPnS4WcKCAe2zxL0+N8EJw82pehKU03WHG82FM
d5m/Itx6Kk4TQ2H3gviZevSGlNIH3EglJiLBTlz4cAncyZwYk9uTPv29fM65fQjK
9Ouia+NrjkDZit4IECRnvNW7atoW3i+zHSv3i2slZYWutXb0cIvGxfi/tUMqhksi
p5UTrjGGyN/ln5qXnD2hd2vgPWyXKr8ZqWK4dtk7sd5+iBvUASHC1hyquac3j7kM
PMw=
-----END CERTIFICATE-----