Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SA0DHrhJPuMLMpRZhQEEY8qnyVk.roa
File:                     SA0DHrhJPuMLMpRZhQEEY8qnyVk.roa (raw, json)
Hash identifier:          JMt9pCwmswTGWi1MTg22A4J097Wnd23ZS7wmVHiUYWw=
Subject key identifier:   48:0D:03:1E:B8:49:3E:E3:0B:32:94:59:85:01:04:63:CA:A7:C9:59
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018803A33D0108E93B4C90411A950BAD0219
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SA0DHrhJPuMLMpRZhQEEY8qnyVk.roa
Signing time:             Wed 10 May 2023 03:10:09 +0000
ROA not before:           Wed 10 May 2023 03:10:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:03:a3:3d:01:08:e9:3b:4c:90:41:1a:95:0b:ad:02:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 10 03:10:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=480d031eb8493ee30b32945985010463caa7c959
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:d9:4e:f7:6f:7b:35:50:24:ab:a9:02:27:b7:
                    42:47:3c:21:32:92:14:d2:10:e7:25:7c:63:e1:31:
                    e2:3b:ef:01:dc:48:38:14:fa:dc:f0:d1:88:ec:6e:
                    f0:44:76:2a:a7:10:4d:5f:b8:4e:27:8a:f6:9a:7b:
                    cd:98:4d:1e:1b:85:63:47:42:77:25:b6:19:17:3e:
                    ca:0f:8e:3b:50:11:27:ca:a7:b7:c9:69:71:d6:fe:
                    01:7f:c9:a4:f0:1b:48:1c:bc:5c:63:7d:4c:b5:db:
                    3c:ee:21:f9:70:3e:49:38:06:4b:8e:93:89:56:5c:
                    a4:2f:03:40:a8:b4:eb:5a:75:c8:ed:ab:99:75:d3:
                    e2:da:e8:9a:6b:0c:d1:f8:43:9b:18:ce:5d:02:52:
                    d5:92:ea:df:61:f0:28:ce:2f:19:26:8c:05:16:8c:
                    95:e2:13:98:ac:41:6b:00:b4:64:a0:1f:79:f5:58:
                    a8:ff:8f:7a:56:c3:07:21:59:46:21:95:d9:aa:09:
                    a3:46:98:90:97:f5:ad:c3:c9:0c:83:45:03:61:1a:
                    25:b5:a1:2e:0f:e3:22:33:68:86:94:59:27:a8:59:
                    85:a9:fb:69:4e:1b:97:b9:75:0b:38:43:f4:ca:ce:
                    64:27:0d:c9:44:cc:03:75:78:d7:b2:4f:61:b7:95:
                    c6:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:0D:03:1E:B8:49:3E:E3:0B:32:94:59:85:01:04:63:CA:A7:C9:59
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SA0DHrhJPuMLMpRZhQEEY8qnyVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         75:2b:a8:14:44:77:bf:b4:69:8c:04:4b:a7:2d:36:ce:e0:79:
         38:50:89:2b:21:d8:61:c4:71:96:c1:65:e1:f4:e5:d1:50:20:
         5d:ec:2e:e5:68:71:99:c9:7c:6a:6f:ab:22:48:b4:8d:35:f8:
         94:d9:33:f0:2f:d7:8f:74:c8:42:ca:cb:42:a9:f3:b8:c4:94:
         ac:33:1f:04:bc:45:0f:bf:f7:f4:e4:52:5f:9a:2b:64:ea:79:
         16:4c:1c:76:a0:f3:48:d6:7b:cd:53:c3:96:09:11:5a:3f:44:
         14:ba:f6:e7:a0:63:17:90:ae:97:17:bd:9f:89:b8:04:5b:13:
         00:9c:0a:17:c0:2e:62:18:b6:2d:e4:96:dc:55:37:8a:9a:20:
         21:5c:6a:5c:2c:fa:62:75:bb:3b:da:61:71:cb:d4:02:0f:92:
         b5:5b:91:3e:10:c1:77:f5:a5:3d:9e:ef:55:ef:4d:99:60:23:
         e0:a0:52:df:c3:b4:df:89:13:33:85:c9:f4:82:43:74:b1:9b:
         51:0a:a7:c0:27:2a:41:0e:58:bb:59:b1:89:9c:58:a9:9e:7c:
         35:f8:3d:25:c5:b8:c4:eb:07:af:03:21:44:03:83:9d:14:cc:
         69:82:e3:a6:db:a9:85:75:26:53:10:41:ce:f5:e3:32:de:64:
         fd:2b:56:62
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgDoz0BCOk7TJBBGpULrQIZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTEwMDMxMDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODBkMDMxZWI4NDkzZWUzMGIzMjk0NTk4NTAxMDQ2M2NhYTdjOTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmtlO9297NVAkq6kCJ7dCRzwhMpIU
0hDnJXxj4THiO+8B3Eg4FPrc8NGI7G7wRHYqpxBNX7hOJ4r2mnvNmE0eG4VjR0J3
JbYZFz7KD447UBEnyqe3yWlx1v4Bf8mk8BtIHLxcY31Mtds87iH5cD5JOAZLjpOJ
VlykLwNAqLTrWnXI7auZddPi2uiaawzR+EObGM5dAlLVkurfYfAozi8ZJowFFoyV
4hOYrEFrALRkoB959Vio/496VsMHIVlGIZXZqgmjRpiQl/Wtw8kMg0UDYRoltaEu
D+MiM2iGlFknqFmFqftpThuXuXULOEP0ys5kJw3JRMwDdXjXsk9ht5XGHwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEgNAx64ST7jCzKUWYUBBGPKp8lZMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvU0EwREhyaEpQdU1MTXBSWmhRRUVZOHFueVZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHUrqBREd7+0aYwES6ct
Ns7geThQiSsh2GHEcZbBZeH05dFQIF3sLuVocZnJfGpvqyJItI01+JTZM/Av1490
yELKy0Kp87jElKwzHwS8RQ+/9/TkUl+aK2TqeRZMHHag80jWe81Tw5YJEVo/RBS6
9uegYxeQrpcXvZ+JuARbEwCcChfALmIYti3kltxVN4qaICFcalws+mJ1uzvaYXHL
1AIPkrVbkT4QwXf1pT2e71XvTZlgI+CgUt/DtN+JEzOFyfSCQ3Sxm1EKp8AnKkEO
WLtZsYmcWKmefDX4PSXFuMTrB68DIUQDg50UzGmC46bbqYV1JlMQQc714zLeZP0r
VmI=
-----END CERTIFICATE-----