Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Psa2Mc6lUtFu1DHbkbYiiIsn0gg.roa
File:                     Psa2Mc6lUtFu1DHbkbYiiIsn0gg.roa (raw, json)
Hash identifier:          sZhcLJMGYrMixCmq1H/YY9DrD5gNBMd/TEbgWbuV7EU=
Subject key identifier:   3E:C6:B6:31:CE:A5:52:D1:6E:D4:31:DB:91:B6:22:88:8B:27:D2:08
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188364582988678AEBFF99E5871FC16A1E6
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Psa2Mc6lUtFu1DHbkbYiiIsn0gg.roa
Signing time:             Fri 19 May 2023 23:08:24 +0000
ROA not before:           Fri 19 May 2023 23:08:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:36:45:82:98:86:78:ae:bf:f9:9e:58:71:fc:16:a1:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 19 23:08:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3ec6b631cea552d16ed431db91b622888b27d208
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:4c:4b:48:ee:68:5c:cf:ed:39:f5:d1:20:9d:
                    ba:da:a3:03:df:c9:71:10:09:3e:98:67:90:88:ae:
                    82:37:1d:aa:c7:18:05:7b:ca:ed:92:c3:52:51:79:
                    bd:86:22:f0:ef:7a:6b:af:2b:fa:55:0a:04:1c:30:
                    83:a5:2f:45:53:d0:43:37:89:74:88:69:c3:96:f5:
                    d5:dc:b5:d9:73:61:bd:f3:5f:f1:45:70:df:7f:64:
                    1c:d6:43:0d:8a:fc:b4:b9:96:6d:e1:3b:09:51:2b:
                    9e:5b:03:91:74:51:13:cc:71:d1:b3:c0:59:b8:21:
                    15:b2:3a:45:0f:96:87:35:9b:99:00:a0:59:ce:fd:
                    6b:be:db:2b:42:74:47:40:e5:25:cf:fd:67:90:70:
                    fd:76:0b:bf:d6:83:87:31:db:ff:5b:28:20:8c:0c:
                    3a:12:11:15:1e:f2:04:68:5b:c6:f6:62:ff:b7:3a:
                    81:32:8d:e1:e3:25:82:7f:33:33:4e:a6:26:9c:78:
                    aa:9f:7f:2a:fa:ef:8b:b4:a8:75:96:1b:a8:6f:c1:
                    bc:e0:26:8e:0c:a3:22:27:a3:9a:36:93:45:15:eb:
                    c6:b5:4e:4e:eb:a1:9e:68:4c:fd:4e:d2:34:8a:a6:
                    1e:75:12:d1:69:4f:c0:22:de:f0:0b:f2:d3:08:1d:
                    cb:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:C6:B6:31:CE:A5:52:D1:6E:D4:31:DB:91:B6:22:88:8B:27:D2:08
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Psa2Mc6lUtFu1DHbkbYiiIsn0gg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:d1:ce:2a:1c:76:09:21:97:15:c2:b2:8f:c4:07:5b:09:78:
         33:a4:26:e8:18:fa:d2:51:59:f2:90:ae:a6:02:f0:d8:2b:3c:
         8a:05:64:dc:04:7a:7e:b8:3a:f2:43:2a:78:96:ab:cc:2e:72:
         e6:85:cb:79:4d:f9:b3:4f:1d:3c:42:ff:59:ba:6f:34:3f:54:
         d9:04:96:d9:1f:67:17:27:94:56:04:b1:68:bf:e3:f1:81:7c:
         1d:fa:af:46:7c:00:e2:93:40:8c:30:27:0a:fe:0f:7d:71:a4:
         5b:9e:cc:22:19:76:1e:52:d7:37:be:40:6d:99:bd:80:75:99:
         f3:59:7f:54:ae:37:38:65:5a:2c:f5:83:45:e1:26:17:60:86:
         c8:22:3c:5d:eb:65:96:f5:63:06:35:09:30:65:8d:79:69:36:
         42:8c:af:6c:e3:76:13:42:66:72:10:e9:f1:9b:a9:83:3d:17:
         f9:a0:5e:de:3c:1d:86:20:8f:50:09:3f:d8:4d:bc:f0:c0:f2:
         0b:3d:9d:97:8c:5b:bd:2b:2c:92:e2:4c:6e:7a:1d:69:4a:f8:
         a5:47:c6:9b:d8:09:25:20:4f:1f:da:1c:20:66:33:7f:8c:eb:
         63:55:23:1a:03:05:8a:11:72:6b:e5:91:44:53:40:d6:3d:be:
         84:1d:ba:ed
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYg2RYKYhniuv/meWHH8FqHmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTE5MjMwODI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWM2YjYzMWNlYTU1MmQxNmVkNDMxZGI5MWI2MjI4ODhiMjdkMjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAokxLSO5oXM/tOfXRIJ262qMD38lx
EAk+mGeQiK6CNx2qxxgFe8rtksNSUXm9hiLw73prryv6VQoEHDCDpS9FU9BDN4l0
iGnDlvXV3LXZc2G981/xRXDff2Qc1kMNivy0uZZt4TsJUSueWwORdFETzHHRs8BZ
uCEVsjpFD5aHNZuZAKBZzv1rvtsrQnRHQOUlz/1nkHD9dgu/1oOHMdv/WyggjAw6
EhEVHvIEaFvG9mL/tzqBMo3h4yWCfzMzTqYmnHiqn38q+u+LtKh1lhuob8G84CaO
DKMiJ6OaNpNFFevGtU5O66GeaEz9TtI0iqYedRLRaU/AIt7wC/LTCB3LgwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFD7GtjHOpVLRbtQx25G2IoiLJ9IIMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUHNhMk1jNmxVdEZ1MURIYmtiWWlpSXNuMGdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABrRziocdgkhlxXCso/E
B1sJeDOkJugY+tJRWfKQrqYC8NgrPIoFZNwEen64OvJDKniWq8wucuaFy3lN+bNP
HTxC/1m6bzQ/VNkEltkfZxcnlFYEsWi/4/GBfB36r0Z8AOKTQIwwJwr+D31xpFue
zCIZdh5S1ze+QG2ZvYB1mfNZf1SuNzhlWiz1g0XhJhdghsgiPF3rZZb1YwY1CTBl
jXlpNkKMr2zjdhNCZnIQ6fGbqYM9F/mgXt48HYYgj1AJP9hNvPDA8gs9nZeMW70r
LJLiTG56HWlK+KVHxpvYCSUgTx/aHCBmM3+M62NVIxoDBYoRcmvlkURTQNY9voQd
uu0=
-----END CERTIFICATE-----