Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/TUo3SniWuV1ZIZ6w5k6YWMIsKMQ.roa
File:                     TUo3SniWuV1ZIZ6w5k6YWMIsKMQ.roa (raw, json)
Hash identifier:          HB5uiAj1T7b0qgDGTskc9Be+SZSMJh7yCvHgknbypPw=
Subject key identifier:   4D:4A:37:4A:78:96:B9:5D:59:21:9E:B0:E6:4E:98:58:C2:2C:28:C4
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01883790ECD13A30E4BBB0497763FC850377
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/TUo3SniWuV1ZIZ6w5k6YWMIsKMQ.roa
Signing time:             Sat 20 May 2023 05:10:24 +0000
ROA not before:           Sat 20 May 2023 05:10:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:37:90:ec:d1:3a:30:e4:bb:b0:49:77:63:fc:85:03:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 20 05:10:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4d4a374a7896b95d59219eb0e64e9858c22c28c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:c1:66:bd:e0:24:30:56:80:4c:50:2c:dc:f6:
                    0a:af:cf:ad:7f:57:aa:c7:7b:6b:de:1d:7e:41:0e:
                    2f:2f:51:7b:63:02:e8:e4:b6:66:bf:dc:4f:4a:85:
                    b7:cd:97:28:a7:c7:74:1e:eb:47:d8:18:6d:4a:d3:
                    dc:85:81:c0:9f:29:de:1e:49:49:21:cc:10:98:9e:
                    21:e4:8b:b9:21:bb:9f:b3:05:7c:16:81:51:89:58:
                    80:f0:e4:fc:33:30:70:89:e8:c1:ce:d3:4d:67:cf:
                    4b:5f:cd:31:dd:4e:03:2f:ad:7f:3a:08:c2:d2:12:
                    7a:f7:93:38:17:3c:4e:11:26:0e:7a:a6:f2:0e:e5:
                    cc:ad:79:c8:ea:b3:dd:7a:24:35:17:87:97:05:71:
                    34:29:cd:53:31:f8:ba:e5:03:0f:81:b9:b5:22:0a:
                    45:79:6d:3a:5e:1c:0e:0e:67:dd:65:91:39:c8:4e:
                    2f:ab:95:ff:13:98:c4:3b:2a:a3:a8:7b:9e:53:f9:
                    e1:f6:1e:4d:d1:45:49:35:41:c2:17:3a:90:3c:8b:
                    e6:91:14:66:27:e7:09:ce:b5:71:09:98:00:ca:c1:
                    c0:ba:d6:e6:aa:0e:40:80:0f:e7:59:31:83:3c:83:
                    35:59:6a:f8:0e:98:95:05:94:49:95:10:ed:be:71:
                    57:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:4A:37:4A:78:96:B9:5D:59:21:9E:B0:E6:4E:98:58:C2:2C:28:C4
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/TUo3SniWuV1ZIZ6w5k6YWMIsKMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         19:4a:31:ff:b5:e5:17:fd:e5:a4:86:73:24:24:25:c6:da:50:
         e4:f5:a5:ed:d7:72:53:a4:d5:68:b1:be:95:4c:97:a2:22:b9:
         27:c6:05:b7:09:8d:53:d3:19:d2:04:57:ec:fc:c8:b5:21:6b:
         6f:cf:74:96:cf:af:38:41:19:04:7f:a1:e0:f9:c5:58:2e:2d:
         c5:0b:04:04:17:b9:89:97:b5:95:bb:93:08:9d:be:eb:fc:e2:
         da:30:fe:3e:47:43:de:9b:e4:a4:c7:c0:bb:7a:ce:e0:5e:1b:
         a8:f1:33:b4:ea:4a:af:36:55:1b:ef:fb:36:3e:01:c1:03:10:
         0e:2e:82:5f:8a:21:88:49:87:c3:e4:8e:02:54:3b:52:72:14:
         8b:50:1a:26:d2:b6:11:a8:df:4b:cc:f9:d3:14:87:cb:81:0f:
         98:35:cf:26:8c:8f:ad:d9:e2:c4:e7:6c:91:af:0e:65:bd:61:
         29:37:fa:c1:a5:09:f0:16:a7:09:eb:04:c3:cd:97:d7:0d:7a:
         8c:36:5e:68:04:ea:aa:9f:78:a5:0e:81:fa:0b:45:4b:f7:72:
         52:fa:7d:1a:56:c0:75:f0:2d:eb:c6:86:7d:ae:5a:ef:11:2f:
         f0:cb:4c:82:82:9d:f6:56:56:7d:17:8c:8d:20:28:b8:be:bc:
         d0:d7:c9:b2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYg3kOzROjDku7BJd2P8hQN3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTIwMDUxMDI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDRhMzc0YTc4OTZiOTVkNTkyMTllYjBlNjRlOTg1OGMyMmMyOGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjMFmveAkMFaATFAs3PYKr8+tf1eq
x3tr3h1+QQ4vL1F7YwLo5LZmv9xPSoW3zZcop8d0HutH2BhtStPchYHAnyneHklJ
IcwQmJ4h5Iu5IbufswV8FoFRiViA8OT8MzBwiejBztNNZ89LX80x3U4DL61/OgjC
0hJ695M4FzxOESYOeqbyDuXMrXnI6rPdeiQ1F4eXBXE0Kc1TMfi65QMPgbm1IgpF
eW06XhwODmfdZZE5yE4vq5X/E5jEOyqjqHueU/nh9h5N0UVJNUHCFzqQPIvmkRRm
J+cJzrVxCZgAysHAutbmqg5AgA/nWTGDPIM1WWr4DpiVBZRJlRDtvnFX6QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFE1KN0p4lrldWSGesOZOmFjCLCjEMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvVFVvM1NuaVd1VjFaSVo2dzVrNllXTUlzS01RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABlKMf+15Rf95aSGcyQk
JcbaUOT1pe3XclOk1WixvpVMl6IiuSfGBbcJjVPTGdIEV+z8yLUha2/PdJbPrzhB
GQR/oeD5xVguLcULBAQXuYmXtZW7kwidvuv84tow/j5HQ96b5KTHwLt6zuBeG6jx
M7TqSq82VRvv+zY+AcEDEA4ugl+KIYhJh8PkjgJUO1JyFItQGibSthGo30vM+dMU
h8uBD5g1zyaMj63Z4sTnbJGvDmW9YSk3+sGlCfAWpwnrBMPNl9cNeow2XmgE6qqf
eKUOgfoLRUv3clL6fRpWwHXwLevGhn2uWu8RL/DLTIKCnfZWVn0XjI0gKLi+vNDX
ybI=
-----END CERTIFICATE-----