Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SLfRGl_Z-HHieLfRV5mwxco5Ht0.roa
File:                     SLfRGl_Z-HHieLfRV5mwxco5Ht0.roa (raw, json)
Hash identifier:          +i9BPQI7V8zLAkxh9HwwtTtu7nq3M5g2ej3rOQYH/Dc=
Subject key identifier:   48:B7:D1:1A:5F:D9:F8:71:E2:78:B7:D1:57:99:B0:C5:CA:39:1E:DD
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01878B10BA0BF9E7583D9F2D827C3BD28515
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SLfRGl_Z-HHieLfRV5mwxco5Ht0.roa
Signing time:             Sun 16 Apr 2023 17:15:41 +0000
ROA not before:           Sun 16 Apr 2023 17:15:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:8b:10:ba:0b:f9:e7:58:3d:9f:2d:82:7c:3b:d2:85:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 16 17:15:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=48b7d11a5fd9f871e278b7d15799b0c5ca391edd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:b6:81:96:b5:ce:f4:42:2d:53:0e:b8:07:2c:
                    28:9d:ec:2d:ad:5e:04:df:3f:ff:69:d9:c2:1e:5c:
                    6e:8c:b3:24:81:f8:e6:14:a4:2d:45:09:66:31:dd:
                    ca:65:bd:9c:aa:f7:f7:11:92:5e:fa:f6:69:e1:db:
                    05:25:2d:76:ad:4e:84:b7:85:c2:a4:b6:0d:3c:58:
                    38:6f:e2:96:1d:28:fd:ee:46:60:11:ef:92:cb:96:
                    ab:8c:30:13:49:b9:11:0e:12:01:2a:31:a8:c5:96:
                    db:85:2b:28:e2:d5:5e:ef:30:9f:a0:b9:ef:0b:b3:
                    d3:92:3f:93:a8:5b:50:82:38:f8:3a:65:10:f1:50:
                    21:f8:70:0c:62:94:ed:40:a4:5a:d3:e7:00:27:68:
                    57:1c:bd:0d:b0:86:7d:b7:ac:59:7d:96:4d:2a:1e:
                    70:fb:a5:54:5f:18:a7:db:c8:f9:47:52:67:bf:2c:
                    c2:ec:f6:7d:a8:67:7d:23:63:b4:7b:1d:f5:bf:ce:
                    79:43:88:af:80:27:3a:ae:2d:92:32:75:31:3a:b6:
                    da:88:27:4a:85:3a:7e:45:5d:d1:44:c8:a2:74:74:
                    a5:1a:84:57:0b:7c:db:fa:58:e4:b2:f1:98:f5:97:
                    4e:e6:45:13:53:9b:bd:b8:fc:31:03:00:f2:01:de:
                    4a:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:B7:D1:1A:5F:D9:F8:71:E2:78:B7:D1:57:99:B0:C5:CA:39:1E:DD
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SLfRGl_Z-HHieLfRV5mwxco5Ht0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         3b:16:18:9c:47:d3:0a:44:83:62:44:1e:3c:be:11:ad:46:57:
         79:6e:d3:34:2f:6f:46:70:7f:c6:d8:f0:8b:22:b9:29:dd:57:
         22:04:fa:fb:16:f7:c0:d0:71:a4:fa:76:77:d2:57:8c:99:6b:
         07:55:22:03:86:7b:3c:88:cd:3c:ab:3a:9a:6c:39:9e:b4:80:
         80:1c:3f:90:8f:e7:b0:0b:18:eb:1e:61:18:16:54:0b:78:9d:
         51:05:84:87:43:11:cf:07:76:11:ac:c0:88:85:9f:6c:d6:27:
         ad:21:1c:8b:ac:3b:b7:e1:0e:60:e6:3f:f1:d6:d7:13:ff:97:
         bb:76:eb:04:fe:fd:44:09:b6:46:dc:2a:f0:67:9f:88:a5:14:
         81:ea:85:42:56:9c:87:e2:45:01:66:65:22:bf:61:79:00:3d:
         0e:4d:f5:4e:02:01:8e:a2:1b:76:40:67:c1:44:4f:dd:1c:e1:
         b6:9f:ae:76:e7:51:be:90:09:5d:24:7b:85:c5:d3:6f:b2:a7:
         74:2f:71:9f:d9:45:38:7b:3a:a6:e2:68:f2:1a:66:01:37:fe:
         25:53:53:11:ae:1c:19:18:c6:54:92:59:01:b5:86:77:22:84:
         7d:e6:ff:76:34:f9:88:e0:0e:d4:d6:be:a2:b7:dd:6b:a5:ba:
         28:2c:94:5d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYeLELoL+edYPZ8tgnw70oUVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDE2MTcxNTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGI3ZDExYTVmZDlmODcxZTI3OGI3ZDE1Nzk5YjBjNWNhMzkxZWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0baBlrXO9EItUw64BywonewtrV4E
3z//adnCHlxujLMkgfjmFKQtRQlmMd3KZb2cqvf3EZJe+vZp4dsFJS12rU6Et4XC
pLYNPFg4b+KWHSj97kZgEe+Sy5arjDATSbkRDhIBKjGoxZbbhSso4tVe7zCfoLnv
C7PTkj+TqFtQgjj4OmUQ8VAh+HAMYpTtQKRa0+cAJ2hXHL0NsIZ9t6xZfZZNKh5w
+6VUXxin28j5R1JnvyzC7PZ9qGd9I2O0ex31v855Q4ivgCc6ri2SMnUxOrbaiCdK
hTp+RV3RRMiidHSlGoRXC3zb+ljksvGY9ZdO5kUTU5u9uPwxAwDyAd5KkwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEi30Rpf2fhx4ni30VeZsMXKOR7dMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvU0xmUkdsX1otSEhpZUxmUlY1bXd4Y281SHQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADsWGJxH0wpEg2JEHjy+
Ea1GV3lu0zQvb0Zwf8bY8IsiuSndVyIE+vsW98DQcaT6dnfSV4yZawdVIgOGezyI
zTyrOppsOZ60gIAcP5CP57ALGOseYRgWVAt4nVEFhIdDEc8HdhGswIiFn2zWJ60h
HIusO7fhDmDmP/HW1xP/l7t26wT+/UQJtkbcKvBnn4ilFIHqhUJWnIfiRQFmZSK/
YXkAPQ5N9U4CAY6iG3ZAZ8FET90c4bafrnbnUb6QCV0ke4XF02+yp3QvcZ/ZRTh7
OqbiaPIaZgE3/iVTUxGuHBkYxlSSWQG1hncihH3m/3Y0+YjgDtTWvqK33Wuluigs
lF0=
-----END CERTIFICATE-----