Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SxpzE3cuPNkX5r6_UhfimntTU9w.roa
File:                     SxpzE3cuPNkX5r6_UhfimntTU9w.roa (raw, json)
Hash identifier:          YAgR8g4LMbAH3NkT+ykqNQr0VkcPEFLmL2l51KoWEF8=
Subject key identifier:   4B:1A:73:13:77:2E:3C:D9:17:E6:BE:BF:52:17:E2:9A:7B:53:53:DC
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187B5BEA0F9DD41347CABD4524ED7682492
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SxpzE3cuPNkX5r6_UhfimntTU9w.roa
Signing time:             Tue 25 Apr 2023 00:09:41 +0000
ROA not before:           Tue 25 Apr 2023 00:09:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:b5:be:a0:f9:dd:41:34:7c:ab:d4:52:4e:d7:68:24:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 25 00:09:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4b1a7313772e3cd917e6bebf5217e29a7b5353dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:67:69:af:e4:09:97:4d:02:86:a8:e2:0a:21:
                    31:26:9d:4d:28:34:0c:4b:88:3e:79:8e:2a:7d:a4:
                    70:f8:81:30:fd:72:54:a8:b4:d5:1c:fe:e1:93:c8:
                    81:ea:04:d5:d3:65:dc:87:1e:f6:9e:e3:ba:7f:8f:
                    01:50:c0:1c:5f:66:68:bd:63:bc:e4:31:61:e3:28:
                    d4:f1:a3:e1:f2:69:a7:55:a2:d4:26:60:5a:06:d7:
                    40:07:db:de:31:6f:5a:7c:e0:7c:1d:04:1a:bf:45:
                    27:f4:b9:f1:35:6a:d8:ac:a1:06:fd:fa:b4:0b:55:
                    ed:b3:d4:87:4e:74:04:93:c8:9e:d6:c8:eb:56:4f:
                    5a:a7:52:c2:71:d2:24:bb:98:ec:89:c0:16:3e:57:
                    86:29:52:9c:10:e4:17:f4:79:42:85:69:5e:52:c7:
                    22:cb:8f:b6:dd:ee:74:2c:f6:ad:af:15:cb:b6:e1:
                    d8:a6:b2:16:67:ae:8c:f4:95:94:dd:f5:b0:1a:db:
                    e6:67:ad:c4:b4:1b:30:bb:d8:27:b3:8c:de:2c:c1:
                    fa:2e:57:65:fc:0d:06:a7:f9:b3:08:4c:be:68:5d:
                    ba:6b:b7:b7:a5:bd:b5:f5:98:6e:c5:c5:35:7a:76:
                    59:e8:ea:7c:7e:f6:af:18:dc:55:ac:57:1d:1e:45:
                    a2:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:1A:73:13:77:2E:3C:D9:17:E6:BE:BF:52:17:E2:9A:7B:53:53:DC
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SxpzE3cuPNkX5r6_UhfimntTU9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         8a:e7:1b:82:34:ac:c3:d0:38:34:2f:51:86:70:a1:cd:39:16:
         53:75:37:62:a0:ff:ed:cf:fd:83:db:60:8f:b5:88:9a:93:ca:
         de:9d:58:35:63:d8:52:ef:f3:b7:ec:6e:58:2b:3d:1d:a3:70:
         89:61:85:e4:36:39:42:5c:9a:1b:cb:f3:69:cf:a7:36:60:d1:
         a4:fd:8c:69:7a:49:80:79:cb:09:bf:e6:c4:f4:ac:e6:5b:61:
         9f:c5:47:64:88:d0:82:b0:d4:63:4d:8c:bc:27:39:56:43:1f:
         48:a6:60:c5:e5:f3:ca:67:c6:74:52:7a:77:c9:87:70:89:59:
         35:d2:79:50:d2:b2:79:30:33:4d:e7:47:50:11:91:a6:fe:8b:
         82:ab:ed:5a:1b:57:57:0b:28:00:24:02:cf:d4:e1:fb:10:05:
         66:00:52:21:b5:96:94:c0:b4:7b:44:df:c2:4e:57:76:e3:29:
         ac:39:4c:bb:93:7d:08:f8:3c:b6:57:4f:2a:0d:20:d4:1f:27:
         8a:c9:03:24:83:0f:85:d5:07:9d:b3:e1:d8:ab:ff:48:88:2e:
         9f:3f:6e:02:e4:65:2e:03:26:5a:f2:2d:40:37:e7:48:26:db:
         7b:6f:21:80:85:77:ef:11:59:11:9a:6e:ff:a7:74:61:6d:2b:
         2d:6a:ce:08
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYe1vqD53UE0fKvUUk7XaCSSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDI1MDAwOTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjFhNzMxMzc3MmUzY2Q5MTdlNmJlYmY1MjE3ZTI5YTdiNTM1M2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGdpr+QJl00ChqjiCiExJp1NKDQM
S4g+eY4qfaRw+IEw/XJUqLTVHP7hk8iB6gTV02Xchx72nuO6f48BUMAcX2ZovWO8
5DFh4yjU8aPh8mmnVaLUJmBaBtdAB9veMW9afOB8HQQav0Un9LnxNWrYrKEG/fq0
C1Xts9SHTnQEk8ie1sjrVk9ap1LCcdIku5jsicAWPleGKVKcEOQX9HlChWleUsci
y4+23e50LPatrxXLtuHYprIWZ66M9JWU3fWwGtvmZ63EtBswu9gns4zeLMH6Lldl
/A0Gp/mzCEy+aF26a7e3pb219ZhuxcU1enZZ6Op8fvavGNxVrFcdHkWiDQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEsacxN3LjzZF+a+v1IX4pp7U1PcMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvU3hwekUzY3VQTmtYNXI2X1VoZmltbnRUVTl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIrnG4I0rMPQODQvUYZw
oc05FlN1N2Kg/+3P/YPbYI+1iJqTyt6dWDVj2FLv87fsblgrPR2jcIlhheQ2OUJc
mhvL82nPpzZg0aT9jGl6SYB5ywm/5sT0rOZbYZ/FR2SI0IKw1GNNjLwnOVZDH0im
YMXl88pnxnRSenfJh3CJWTXSeVDSsnkwM03nR1ARkab+i4Kr7VobV1cLKAAkAs/U
4fsQBWYAUiG1lpTAtHtE38JOV3bjKaw5TLuTfQj4PLZXTyoNINQfJ4rJAySDD4XV
B52z4dir/0iILp8/bgLkZS4DJlryLUA350gm23tvIYCFd+8RWRGabv+ndGFtKy1q
zgg=
-----END CERTIFICATE-----