Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/T9VXF0c0RqQ5seF3ty5FM1TTuCg.roa
File:                     T9VXF0c0RqQ5seF3ty5FM1TTuCg.roa (raw, json)
Hash identifier:          NXnMuMJ+MCKajGHAoPSZhfat8oEhd2gPd+0eYs1eTPk=
Subject key identifier:   4F:D5:57:17:47:34:46:A4:39:B1:E1:77:B7:2E:45:33:54:D3:B8:28
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187B2887BE5E83F9C512DCEAC34B28FDA4C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/T9VXF0c0RqQ5seF3ty5FM1TTuCg.roa
Signing time:             Mon 24 Apr 2023 09:11:41 +0000
ROA not before:           Mon 24 Apr 2023 09:11:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:b2:88:7b:e5:e8:3f:9c:51:2d:ce:ac:34:b2:8f:da:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 24 09:11:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4fd55717473446a439b1e177b72e453354d3b828
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:74:4e:4e:e3:00:d2:ae:b7:cd:8d:1f:40:e6:
                    b9:21:62:69:00:24:86:7b:42:95:e9:14:ad:ff:83:
                    a3:d8:b7:3a:79:ff:0d:1e:12:3c:11:71:81:fb:e3:
                    b5:ed:bf:d5:92:6c:0d:54:47:ce:39:d8:2a:4d:4a:
                    2a:a3:18:ed:c9:b1:75:0d:23:c6:0c:8a:4b:97:07:
                    e9:3c:96:b8:d7:ee:bb:8d:26:51:4e:1d:f3:11:33:
                    0a:f4:e4:60:7b:78:8b:fd:b6:19:0c:1f:60:70:3a:
                    33:aa:dc:24:e4:37:59:6a:49:4c:8b:7b:74:74:58:
                    36:c2:3e:a7:d0:d0:95:d9:3a:c5:e2:7a:be:a9:3a:
                    1c:0a:06:de:97:30:a0:4b:e6:e6:5a:36:83:d1:7f:
                    20:cb:a7:53:7a:93:ef:3c:f0:60:a1:db:3e:fa:22:
                    dc:06:df:9f:f2:ed:cc:07:48:d3:17:b4:82:e4:07:
                    ad:b5:90:ca:1a:28:cb:1f:aa:44:b0:13:c8:7f:6a:
                    58:7f:55:ca:92:bf:44:09:55:85:69:89:e7:9a:0b:
                    81:53:10:dc:74:0a:33:28:e0:48:18:2c:ff:d9:9c:
                    86:e1:b1:7e:ee:84:8e:51:33:a9:51:c9:3d:f3:f0:
                    ad:3d:dc:d0:00:52:47:7d:8c:ef:8d:96:2e:b5:44:
                    03:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:D5:57:17:47:34:46:A4:39:B1:E1:77:B7:2E:45:33:54:D3:B8:28
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/T9VXF0c0RqQ5seF3ty5FM1TTuCg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:2a:da:fa:e6:18:d9:f6:0d:06:d0:bc:ee:18:b1:1b:d1:03:
         1e:91:af:5e:59:7a:2b:e1:a3:c4:b1:d0:9e:19:22:1f:bf:9a:
         0b:ee:56:ff:e1:57:81:8a:22:05:91:75:e4:ee:bb:cc:a1:a1:
         39:9b:40:17:8c:de:3d:86:92:a5:a4:0d:e0:48:e4:ba:ff:01:
         11:51:48:61:cd:f9:ef:1c:01:4c:fd:e5:0f:8c:d4:ba:3a:b3:
         44:04:42:35:be:92:26:53:28:ee:c3:95:87:4f:06:8b:b3:ab:
         28:cc:85:69:71:f6:7c:52:90:72:5e:d6:51:5e:19:da:ac:6b:
         5b:0e:f8:e6:2c:e1:55:49:c5:21:5c:36:9c:92:b8:d4:a1:76:
         94:12:93:3a:e8:0c:7f:db:11:38:f3:09:ea:a8:07:42:36:2e:
         ad:0d:d7:33:9e:93:95:6f:c0:34:d7:92:17:67:0f:c0:0e:5c:
         f7:f9:d2:5f:86:da:38:a3:06:8c:19:49:51:56:c2:32:14:f2:
         be:bb:28:8b:cc:e5:e5:8f:c2:f6:9e:0a:a5:98:8a:d2:a1:26:
         85:55:1a:ce:77:09:90:8f:51:c4:7d:29:6c:31:8e:2d:6c:9d:
         82:98:af:e1:2c:e2:45:9c:99:94:f4:f7:ce:e2:c5:38:33:24:
         ed:2d:4e:6e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYeyiHvl6D+cUS3OrDSyj9pMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDI0MDkxMTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmQ1NTcxNzQ3MzQ0NmE0MzliMWUxNzdiNzJlNDUzMzU0ZDNiODI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHROTuMA0q63zY0fQOa5IWJpACSG
e0KV6RSt/4Oj2Lc6ef8NHhI8EXGB++O17b/VkmwNVEfOOdgqTUoqoxjtybF1DSPG
DIpLlwfpPJa41+67jSZRTh3zETMK9ORge3iL/bYZDB9gcDozqtwk5DdZaklMi3t0
dFg2wj6n0NCV2TrF4nq+qTocCgbelzCgS+bmWjaD0X8gy6dTepPvPPBgods++iLc
Bt+f8u3MB0jTF7SC5AettZDKGijLH6pEsBPIf2pYf1XKkr9ECVWFaYnnmguBUxDc
dAozKOBIGCz/2ZyG4bF+7oSOUTOpUck98/CtPdzQAFJHfYzvjZYutUQDuQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFE/VVxdHNEakObHhd7cuRTNU07goMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvVDlWWEYwYzBScVE1c2VGM3R5NUZNMVRUdUNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFYq2vrmGNn2DQbQvO4Y
sRvRAx6Rr15Zeivho8Sx0J4ZIh+/mgvuVv/hV4GKIgWRdeTuu8yhoTmbQBeM3j2G
kqWkDeBI5Lr/ARFRSGHN+e8cAUz95Q+M1Lo6s0QEQjW+kiZTKO7DlYdPBouzqyjM
hWlx9nxSkHJe1lFeGdqsa1sO+OYs4VVJxSFcNpySuNShdpQSkzroDH/bETjzCeqo
B0I2Lq0N1zOek5VvwDTXkhdnD8AOXPf50l+G2jijBowZSVFWwjIU8r67KIvM5eWP
wvaeCqWYitKhJoVVGs53CZCPUcR9KWwxji1snYKYr+Es4kWcmZT0987ixTgzJO0t
Tm4=
-----END CERTIFICATE-----