Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/RM4b8BuRiMnm_QWVHVJnDnEOyxo.roa
File:                     RM4b8BuRiMnm_QWVHVJnDnEOyxo.roa (raw, json)
Hash identifier:          QTm+/819L6sCpZ2osjOjhZXHbskU3vMWCqhnnIVChJM=
Subject key identifier:   44:CE:1B:F0:1B:91:88:C9:E6:FD:05:95:1D:52:67:0E:71:0E:CB:1A
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187E4BE3454FF67A77C5C76AF8CFAB6FFB9
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/RM4b8BuRiMnm_QWVHVJnDnEOyxo.roa
Signing time:             Thu 04 May 2023 03:11:23 +0000
ROA not before:           Thu 04 May 2023 03:11:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:e4:be:34:54:ff:67:a7:7c:5c:76:af:8c:fa:b6:ff:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  4 03:11:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=44ce1bf01b9188c9e6fd05951d52670e710ecb1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:9a:f2:3d:57:ee:68:e5:5c:e3:05:01:08:70:
                    6d:80:24:88:84:9d:ff:57:f4:44:37:db:7c:78:ba:
                    3f:e8:27:bb:54:54:5e:c6:f9:02:a5:a0:ed:fd:c8:
                    e4:1c:35:cd:10:22:90:75:93:84:c3:db:b0:2b:dc:
                    e2:24:e7:d6:15:d5:0d:c8:f2:7f:3c:de:b4:82:27:
                    e6:43:bf:b7:4d:66:57:57:15:8c:d1:ca:ab:e0:4b:
                    67:e8:10:52:7a:48:e2:28:7b:c1:d6:70:86:a4:46:
                    eb:fb:94:a1:fc:81:c0:ef:d5:3b:df:d1:73:c0:f3:
                    d8:56:66:3b:b9:d4:1d:8f:1e:a3:85:be:51:5e:76:
                    90:bf:83:eb:47:2b:2d:cf:46:50:6f:69:b2:f6:5e:
                    0b:aa:51:06:4e:94:12:5b:52:b2:aa:ca:84:83:2a:
                    73:6c:17:55:b7:49:c6:86:ed:ca:c0:c7:96:30:ea:
                    22:d7:34:0d:d4:5d:64:6d:df:3a:0e:08:7b:c1:5d:
                    07:c9:26:4d:2d:db:a1:66:d9:d1:d1:5a:6e:32:b2:
                    c8:cc:7d:72:4d:ec:fb:0c:5b:bb:66:fa:df:c0:3f:
                    24:b2:39:bc:a1:eb:d9:14:dc:bb:f0:84:1e:0b:c9:
                    77:f6:75:df:76:f3:eb:b7:a2:65:26:f6:f0:59:92:
                    90:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:CE:1B:F0:1B:91:88:C9:E6:FD:05:95:1D:52:67:0E:71:0E:CB:1A
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/RM4b8BuRiMnm_QWVHVJnDnEOyxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         43:ca:41:34:18:1d:6e:d6:39:11:3c:32:f0:a6:c5:b8:4f:65:
         d2:41:10:73:39:7c:36:e9:75:32:1b:7e:be:0b:a7:25:ba:93:
         ea:ae:90:6e:8c:a9:36:45:c2:88:68:88:2c:78:dc:9e:d1:2a:
         40:e2:4b:e5:10:84:d5:42:4d:b5:63:32:bb:94:78:26:cf:d3:
         67:a3:5b:66:43:39:32:fd:e7:72:af:2f:40:d3:f1:2f:49:04:
         31:1d:69:1d:ea:c4:94:62:64:10:b6:82:28:82:fb:b3:53:cf:
         e6:15:62:85:db:a6:28:e5:6d:6f:d2:0b:05:73:a4:b3:fe:2c:
         1e:b1:7e:0c:8c:6a:78:23:f9:d9:d5:84:1b:cd:0e:25:2c:3f:
         3b:8c:f4:7c:e3:0c:60:b1:ad:28:ae:7a:c8:d2:8f:a1:58:d0:
         2a:9f:da:30:c3:f9:8c:6a:e6:17:07:c5:ab:a8:19:87:a0:da:
         ed:fc:5f:33:45:2d:e6:e1:f5:58:88:a5:aa:68:8c:67:01:8d:
         f1:39:93:a2:3d:96:10:80:45:3c:4e:3c:a4:09:fb:88:4c:78:
         49:86:58:3c:2d:18:86:a6:97:3e:c2:23:e2:4d:de:6c:2b:aa:
         07:a9:40:da:11:ca:5e:34:0c:17:e0:68:07:82:04:09:5a:88:
         cc:24:18:78
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfkvjRU/2enfFx2r4z6tv+5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA0MDMxMTIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGNlMWJmMDFiOTE4OGM5ZTZmZDA1OTUxZDUyNjcwZTcxMGVjYjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvZryPVfuaOVc4wUBCHBtgCSIhJ3/
V/REN9t8eLo/6Ce7VFRexvkCpaDt/cjkHDXNECKQdZOEw9uwK9ziJOfWFdUNyPJ/
PN60gifmQ7+3TWZXVxWM0cqr4Etn6BBSekjiKHvB1nCGpEbr+5Sh/IHA79U739Fz
wPPYVmY7udQdjx6jhb5RXnaQv4PrRystz0ZQb2my9l4LqlEGTpQSW1KyqsqEgypz
bBdVt0nGhu3KwMeWMOoi1zQN1F1kbd86Dgh7wV0HySZNLduhZtnR0VpuMrLIzH1y
Tez7DFu7ZvrfwD8ksjm8oevZFNy78IQeC8l39nXfdvPrt6JlJvbwWZKQcQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFETOG/AbkYjJ5v0FlR1SZw5xDssaMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUk00YjhCdVJpTW5tX1FXVkhWSm5EbkVPeXhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEPKQTQYHW7WORE8MvCm
xbhPZdJBEHM5fDbpdTIbfr4LpyW6k+qukG6MqTZFwohoiCx43J7RKkDiS+UQhNVC
TbVjMruUeCbP02ejW2ZDOTL953KvL0DT8S9JBDEdaR3qxJRiZBC2giiC+7NTz+YV
YoXbpijlbW/SCwVzpLP+LB6xfgyMangj+dnVhBvNDiUsPzuM9HzjDGCxrSiuesjS
j6FY0Cqf2jDD+Yxq5hcHxauoGYeg2u38XzNFLebh9ViIpapojGcBjfE5k6I9lhCA
RTxOPKQJ+4hMeEmGWDwtGIamlz7CI+JN3mwrqgepQNoRyl40DBfgaAeCBAlaiMwk
GHg=
-----END CERTIFICATE-----