Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SoMGJxyG7Af-Pa2mKLCnGramNgk.roa
File:                     SoMGJxyG7Af-Pa2mKLCnGramNgk.roa (raw, json)
Hash identifier:          3mNOsmzuSW+s6fadjc9kMbWZAn8+nbcI2ap1PcJikk8=
Subject key identifier:   4A:83:06:27:1C:86:EC:07:FE:3D:AD:A6:28:B0:A7:1A:B6:A6:36:09
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018723A0DA454036AABBCA6435A64D60694D
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SoMGJxyG7Af-Pa2mKLCnGramNgk.roa
Signing time:             Mon 27 Mar 2023 15:12:36 +0000
ROA not before:           Mon 27 Mar 2023 15:12:36 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:23:a0:da:45:40:36:aa:bb:ca:64:35:a6:4d:60:69:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 27 15:12:36 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4a8306271c86ec07fe3dada628b0a71ab6a63609
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:9d:64:e9:57:83:bb:88:3c:2b:dd:ca:a8:6e:
                    99:25:ee:d7:89:b5:02:32:51:b9:de:f9:bc:99:94:
                    5f:20:ca:05:75:0c:2b:44:21:65:0d:8a:db:13:3e:
                    00:43:37:24:a4:b7:4f:da:88:79:bc:3d:1d:e7:df:
                    f4:c3:d9:56:be:48:8a:1a:20:d8:73:20:c7:ba:f5:
                    58:9b:2c:04:4d:f6:06:38:6c:54:c2:43:45:60:73:
                    31:11:09:1c:e3:cb:ca:51:03:e0:79:8b:dd:3d:55:
                    d6:4d:f3:d9:0f:5e:5c:ff:aa:77:2d:fe:b6:5e:0d:
                    ce:d6:63:c1:91:1d:f5:9c:eb:2a:45:05:34:92:28:
                    1c:73:93:2e:c4:fc:f6:e8:f8:3e:8d:8f:0b:6b:c3:
                    97:fd:f0:84:e7:fc:bc:a9:42:30:3d:d0:c8:61:c1:
                    5f:27:14:15:af:5b:06:0e:18:39:1c:12:d0:68:9d:
                    6b:76:c7:6e:de:a5:c0:14:38:a7:b6:6f:b2:72:7e:
                    66:8d:9c:85:0a:33:f1:d4:d0:bb:39:1a:d0:e2:be:
                    96:64:50:d5:1c:b5:b5:21:45:d5:ce:b3:09:92:01:
                    cc:fd:58:2c:1e:64:1c:99:a4:c7:87:eb:71:a0:33:
                    67:6e:46:e7:3f:ba:d9:5a:d3:ac:a7:3d:a8:02:0b:
                    a1:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:83:06:27:1C:86:EC:07:FE:3D:AD:A6:28:B0:A7:1A:B6:A6:36:09
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SoMGJxyG7Af-Pa2mKLCnGramNgk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2c:10:6b:ce:e7:53:ce:c3:ba:0e:d2:0d:75:ee:c9:28:20:3c:
         72:fc:f6:54:c2:f5:76:34:3c:8f:59:51:7b:27:a7:62:5e:4a:
         35:06:88:be:31:2a:39:e0:51:a7:54:a4:f9:2f:39:ec:78:aa:
         a4:a7:84:12:e6:4a:ed:01:84:55:60:43:4b:7b:10:b6:af:50:
         9f:75:8c:4f:8e:b9:13:3d:b0:bf:f0:72:bc:4a:86:4c:43:d7:
         f4:cb:c2:be:da:92:9f:31:d7:25:87:37:44:3c:07:44:da:15:
         33:23:56:f8:6f:1b:64:00:93:0b:eb:0b:e1:76:50:55:d0:26:
         3e:e3:b2:63:a2:70:65:12:e4:7e:22:95:33:35:95:69:4f:bf:
         4d:01:33:2e:5b:16:25:73:2f:37:77:52:05:18:b5:64:d9:15:
         19:2f:46:9d:b0:b2:44:b4:13:f5:f3:e0:f5:f1:6d:ed:9c:dd:
         9d:b9:37:cc:51:bd:43:b0:b6:c6:c2:ba:f9:6f:d4:39:b4:0c:
         18:ed:a4:b4:0b:1f:a5:31:a2:91:d4:33:ba:30:41:ee:34:cf:
         67:6e:b2:aa:28:70:b2:8d:cc:d3:a4:49:1c:a5:91:19:b8:98:
         d3:6d:96:a3:e3:5c:c7:52:bc:88:2f:52:2e:aa:5f:20:86:59:
         05:74:26:e1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcjoNpFQDaqu8pkNaZNYGlNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI3MTUxMjM2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTgzMDYyNzFjODZlYzA3ZmUzZGFkYTYyOGIwYTcxYWI2YTYzNjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh51k6VeDu4g8K93KqG6ZJe7XibUC
MlG53vm8mZRfIMoFdQwrRCFlDYrbEz4AQzckpLdP2oh5vD0d59/0w9lWvkiKGiDY
cyDHuvVYmywETfYGOGxUwkNFYHMxEQkc48vKUQPgeYvdPVXWTfPZD15c/6p3Lf62
Xg3O1mPBkR31nOsqRQU0kigcc5MuxPz26Pg+jY8La8OX/fCE5/y8qUIwPdDIYcFf
JxQVr1sGDhg5HBLQaJ1rdsdu3qXAFDintm+ycn5mjZyFCjPx1NC7ORrQ4r6WZFDV
HLW1IUXVzrMJkgHM/VgsHmQcmaTHh+txoDNnbkbnP7rZWtOspz2oAguhCQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEqDBicchuwH/j2tpiiwpxq2pjYJMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvU29NR0p4eUc3QWYtUGEybUtMQ25HcmFtTmdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACwQa87nU87Dug7SDXXu
ySggPHL89lTC9XY0PI9ZUXsnp2JeSjUGiL4xKjngUadUpPkvOex4qqSnhBLmSu0B
hFVgQ0t7ELavUJ91jE+OuRM9sL/wcrxKhkxD1/TLwr7akp8x1yWHN0Q8B0TaFTMj
VvhvG2QAkwvrC+F2UFXQJj7jsmOicGUS5H4ilTM1lWlPv00BMy5bFiVzLzd3UgUY
tWTZFRkvRp2wskS0E/Xz4PXxbe2c3Z25N8xRvUOwtsbCuvlv1Dm0DBjtpLQLH6Ux
opHUM7owQe40z2dusqoocLKNzNOkSRylkRm4mNNtlqPjXMdSvIgvUi6qXyCGWQV0
JuE=
-----END CERTIFICATE-----