Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SbXX3L7uXY2y16r-5heTDc_mfVo.roa
File:                     SbXX3L7uXY2y16r-5heTDc_mfVo.roa (raw, json)
Hash identifier:          ry8ooaZYzNlXOwkLAjK4OxSxg7K326gN5GafnyQ09vo=
Subject key identifier:   49:B5:D7:DC:BE:EE:5D:8D:B2:D7:AA:FE:E6:17:93:0D:CF:E6:7D:5A
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01872F01F1BCE9EE87D12BE220F59F88D7EE
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SbXX3L7uXY2y16r-5heTDc_mfVo.roa
Signing time:             Wed 29 Mar 2023 20:14:29 +0000
ROA not before:           Wed 29 Mar 2023 20:14:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:2f:01:f1:bc:e9:ee:87:d1:2b:e2:20:f5:9f:88:d7:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 29 20:14:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=49b5d7dcbeee5d8db2d7aafee617930dcfe67d5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:08:84:7f:70:57:2b:b1:3d:bb:01:36:d6:51:
                    e4:77:fe:96:7b:4f:90:95:02:d6:c7:8c:23:10:3d:
                    7a:77:22:17:96:66:a5:be:2a:d1:87:9f:b2:54:29:
                    3e:ca:37:18:96:05:87:8d:c4:67:94:ca:31:97:fa:
                    e4:ee:71:26:bd:3b:a1:59:f5:ef:f2:f3:38:27:59:
                    f0:3b:3c:e4:91:65:8d:6b:ca:41:29:10:6d:89:eb:
                    ce:88:1e:3d:32:d3:c9:45:b9:72:16:70:2f:78:63:
                    3b:c2:50:80:85:fe:f1:23:1f:91:35:d7:8e:6d:e0:
                    3a:7b:99:4c:bf:c5:5c:6d:f7:8e:c4:7a:ea:22:c3:
                    68:68:75:d0:f9:89:7a:2b:56:eb:a1:2d:31:d2:7a:
                    d6:19:f3:ae:60:29:f8:7f:3d:13:a2:1a:f3:ea:46:
                    e4:b4:81:20:53:ee:8c:33:99:3b:a3:fc:4b:dc:c4:
                    19:db:09:7c:e3:a1:40:1f:92:65:16:e7:67:41:fe:
                    8d:a4:32:ed:f2:02:88:0d:9c:0a:64:1f:e6:84:cc:
                    0e:eb:67:e0:00:b3:cf:c2:36:64:27:9d:63:e4:5b:
                    f8:2d:2e:d2:3b:ee:53:01:fb:c6:86:27:1e:89:8f:
                    a1:06:eb:14:4b:fe:a0:79:cc:07:2f:ff:47:eb:54:
                    67:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:B5:D7:DC:BE:EE:5D:8D:B2:D7:AA:FE:E6:17:93:0D:CF:E6:7D:5A
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SbXX3L7uXY2y16r-5heTDc_mfVo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:74:68:fe:03:42:95:44:63:0d:6f:1b:92:1e:d6:e8:0f:6d:
         ab:3a:52:8e:d7:18:23:3c:18:13:07:4d:2a:e3:c2:95:6e:92:
         8a:94:14:93:11:60:d0:1f:94:93:06:83:73:f1:93:5d:13:ed:
         d9:1b:ae:68:ba:f5:06:e4:94:0b:0d:2f:ee:ca:55:d1:4a:28:
         4d:1a:68:76:75:b0:4e:a0:a9:f0:6d:83:cf:75:c7:ba:ac:44:
         e9:c7:6b:3f:53:d0:e9:d9:05:af:a8:46:dc:16:a3:4d:76:9d:
         14:7b:d2:52:8b:ab:13:d6:00:46:ed:92:a3:05:45:99:45:39:
         f2:50:d8:2d:94:a7:1f:2e:6e:a4:6f:02:6d:86:57:6e:b5:cf:
         6b:f4:b3:3c:2b:fd:74:64:9b:14:24:51:45:2d:08:40:36:14:
         73:3e:e7:f4:93:f5:9d:a1:e0:96:17:01:c8:39:dd:a8:f7:2f:
         cf:d7:c9:0b:a8:81:1e:82:27:4b:74:f1:ce:19:8d:39:61:8f:
         86:91:cd:1f:21:f1:43:c9:49:11:55:ab:36:37:f2:6b:fb:44:
         53:e9:74:8c:f3:c8:9c:ba:d5:4f:5b:39:45:5a:d4:31:0c:53:
         8c:59:07:e0:4e:bb:d0:29:a9:8f:f4:12:c3:ef:39:e8:57:b7:
         be:c2:ca:28
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcvAfG86e6H0SviIPWfiNfuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI5MjAxNDI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWI1ZDdkY2JlZWU1ZDhkYjJkN2FhZmVlNjE3OTMwZGNmZTY3ZDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiQiEf3BXK7E9uwE21lHkd/6We0+Q
lQLWx4wjED16dyIXlmalvirRh5+yVCk+yjcYlgWHjcRnlMoxl/rk7nEmvTuhWfXv
8vM4J1nwOzzkkWWNa8pBKRBtievOiB49MtPJRblyFnAveGM7wlCAhf7xIx+RNdeO
beA6e5lMv8VcbfeOxHrqIsNoaHXQ+Yl6K1broS0x0nrWGfOuYCn4fz0Tohrz6kbk
tIEgU+6MM5k7o/xL3MQZ2wl846FAH5JlFudnQf6NpDLt8gKIDZwKZB/mhMwO62fg
ALPPwjZkJ51j5Fv4LS7SO+5TAfvGhiceiY+hBusUS/6gecwHL/9H61Rn2wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEm119y+7l2Nsteq/uYXkw3P5n1aMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvU2JYWDNMN3VYWTJ5MTZyLTVoZVREY19tZlZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHt0aP4DQpVEYw1vG5Ie
1ugPbas6Uo7XGCM8GBMHTSrjwpVukoqUFJMRYNAflJMGg3Pxk10T7dkbrmi69Qbk
lAsNL+7KVdFKKE0aaHZ1sE6gqfBtg891x7qsROnHaz9T0OnZBa+oRtwWo012nRR7
0lKLqxPWAEbtkqMFRZlFOfJQ2C2Upx8ubqRvAm2GV261z2v0szwr/XRkmxQkUUUt
CEA2FHM+5/ST9Z2h4JYXAcg53aj3L8/XyQuogR6CJ0t08c4ZjTlhj4aRzR8h8UPJ
SRFVqzY38mv7RFPpdIzzyJy61U9bOUVa1DEMU4xZB+BOu9ApqY/0EsPvOehXt77C
yig=
-----END CERTIFICATE-----