Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SoUvhUqjA-eyRM5KogiB2RTX_lg.roa
File:                     SoUvhUqjA-eyRM5KogiB2RTX_lg.roa (raw, json)
Hash identifier:          ecVcx8pNCim8mD3HtBPPqr0UzNaMLOoe25P7jWe8dGk=
Subject key identifier:   4A:85:2F:85:4A:A3:03:E7:B2:44:CE:4A:A2:08:81:D9:14:D7:FE:58
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186EE32BB6C25789D5C38A5E86D9DD59170
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SoUvhUqjA-eyRM5KogiB2RTX_lg.roa
Signing time:             Fri 17 Mar 2023 06:12:27 +0000
ROA not before:           Fri 17 Mar 2023 06:12:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:ee:32:bb:6c:25:78:9d:5c:38:a5:e8:6d:9d:d5:91:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 17 06:12:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4a852f854aa303e7b244ce4aa20881d914d7fe58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:80:f0:df:92:54:f6:07:c0:fa:91:7f:2e:96:
                    d6:ad:14:60:64:1e:5d:d3:14:05:33:3d:18:b2:c3:
                    7f:12:bd:58:c7:c7:f6:65:1d:4a:7c:eb:5c:b3:56:
                    59:3e:48:f3:0c:dd:d2:f2:d1:5a:50:0e:9f:04:59:
                    32:79:ea:d1:e0:29:91:79:e0:4f:b7:9c:ba:4d:74:
                    ac:f4:3d:c0:dc:ed:78:7b:0e:9a:fe:b4:da:0d:06:
                    2f:d7:60:a8:31:87:d8:d2:02:b8:56:b1:cf:3a:09:
                    db:f9:48:f7:d5:04:32:9c:3f:23:94:d1:69:eb:4e:
                    32:f5:ef:51:ad:af:01:01:85:4e:c7:99:eb:18:d5:
                    96:25:5a:85:41:6b:30:c0:86:39:6c:b2:fa:3a:de:
                    ec:ad:2e:ae:0f:6c:94:bd:d3:cc:ba:ca:61:08:e0:
                    2b:76:9c:63:a0:f5:7f:a0:ed:98:67:81:05:68:c4:
                    a2:6a:1a:5a:b6:d8:6d:50:77:28:9f:5b:78:f2:69:
                    a2:f2:f1:7a:38:3f:d0:bb:3d:5c:fe:f0:8d:6a:df:
                    fb:ac:e8:57:ce:ce:05:5e:0e:9c:81:a4:f6:d8:5c:
                    d1:3a:86:b1:03:c1:c9:8a:87:5e:98:92:c4:3e:2c:
                    ca:96:d4:45:46:45:69:84:1f:7e:65:90:51:aa:5c:
                    8c:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:85:2F:85:4A:A3:03:E7:B2:44:CE:4A:A2:08:81:D9:14:D7:FE:58
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SoUvhUqjA-eyRM5KogiB2RTX_lg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         b2:56:97:ea:a7:2a:f6:22:63:96:30:37:62:f8:ab:e0:7a:e4:
         82:91:9f:9e:99:02:36:3c:28:5c:9b:9b:c8:da:d6:5f:fb:d8:
         ce:c1:ed:7d:d1:29:f2:20:bd:17:e8:68:5b:c0:21:8d:0f:52:
         b5:e0:4d:6a:2a:f6:a3:ae:8a:51:a4:02:3e:67:41:fc:84:95:
         ad:3d:27:31:1f:41:7c:f6:58:8f:58:75:97:d5:0d:18:9f:14:
         2c:e9:49:98:49:5d:83:df:c2:bc:9c:31:ed:4b:86:17:13:d1:
         5e:ad:91:ba:1d:07:73:dd:d4:3f:32:d8:9c:f8:03:79:97:5b:
         57:58:0a:d2:a1:51:46:c6:2f:ab:a2:d5:bc:43:d0:cb:80:f8:
         75:93:b0:6e:16:ad:5f:72:37:78:60:42:77:f3:4d:8c:61:39:
         e7:a3:59:0f:0c:6b:86:ff:f8:dd:e1:03:25:02:27:a5:55:69:
         f5:03:40:df:48:d7:27:ba:48:0c:ed:bd:99:c3:55:aa:a7:ce:
         62:b5:6b:d1:0c:fb:8f:5b:68:6a:68:12:7b:41:05:23:23:ff:
         0c:57:02:5f:22:5e:de:92:f8:e6:28:56:b2:28:12:cd:57:8a:
         ae:aa:be:4a:22:7d:bd:69:18:4d:e1:36:14:10:ec:91:8b:5f:
         de:6b:09:f5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbuMrtsJXidXDil6G2d1ZFwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzE3MDYxMjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTg1MmY4NTRhYTMwM2U3YjI0NGNlNGFhMjA4ODFkOTE0ZDdmZTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh4Dw35JU9gfA+pF/LpbWrRRgZB5d
0xQFMz0YssN/Er1Yx8f2ZR1KfOtcs1ZZPkjzDN3S8tFaUA6fBFkyeerR4CmReeBP
t5y6TXSs9D3A3O14ew6a/rTaDQYv12CoMYfY0gK4VrHPOgnb+Uj31QQynD8jlNFp
604y9e9Rra8BAYVOx5nrGNWWJVqFQWswwIY5bLL6Ot7srS6uD2yUvdPMusphCOAr
dpxjoPV/oO2YZ4EFaMSiahpatthtUHcon1t48mmi8vF6OD/Quz1c/vCNat/7rOhX
zs4FXg6cgaT22FzROoaxA8HJiodemJLEPizKltRFRkVphB9+ZZBRqlyMMQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEqFL4VKowPnskTOSqIIgdkU1/5YMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvU29VdmhVcWpBLWV5Uk01S29naUIyUlRYX2xnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBALJWl+qnKvYiY5YwN2L4
q+B65IKRn56ZAjY8KFybm8ja1l/72M7B7X3RKfIgvRfoaFvAIY0PUrXgTWoq9qOu
ilGkAj5nQfyEla09JzEfQXz2WI9YdZfVDRifFCzpSZhJXYPfwrycMe1LhhcT0V6t
kbodB3Pd1D8y2Jz4A3mXW1dYCtKhUUbGL6ui1bxD0MuA+HWTsG4WrV9yN3hgQnfz
TYxhOeejWQ8Ma4b/+N3hAyUCJ6VVafUDQN9I1ye6SAztvZnDVaqnzmK1a9EM+49b
aGpoEntBBSMj/wxXAl8iXt6S+OYoVrIoEs1Xiq6qvkoifb1pGE3hNhQQ7JGLX95r
CfU=
-----END CERTIFICATE-----