Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/V3h-m9Pf_rRtuKu9s9Y3qpH6Qds.roa
File:                     V3h-m9Pf_rRtuKu9s9Y3qpH6Qds.roa (raw, json)
Hash identifier:          J/pZ3Gp805NaKvjT97MXiobobZ6QOlQizzRcGuaL21A=
Subject key identifier:   57:78:7E:9B:D3:DF:FE:B4:6D:B8:AB:BD:B3:D6:37:AA:91:FA:41:DB
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01897BCE565CBD31F373AA267D575F6C75E9
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/V3h-m9Pf_rRtuKu9s9Y3qpH6Qds.roa
Signing time:             Sat 22 Jul 2023 04:14:27 +0000
ROA not before:           Sat 22 Jul 2023 04:14:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:7b:ce:56:5c:bd:31:f3:73:aa:26:7d:57:5f:6c:75:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 22 04:14:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=57787e9bd3dffeb46db8abbdb3d637aa91fa41db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:db:12:21:9e:62:a2:ee:c2:71:3a:f1:fc:62:
                    fb:d4:9c:07:45:33:4e:ce:6a:bf:00:43:64:1d:9d:
                    08:6b:c2:5c:bf:2b:2f:95:10:91:d1:19:ba:2c:95:
                    4c:b2:39:39:b8:52:a0:24:a9:7a:0e:91:28:0f:c0:
                    56:bb:2d:6a:c7:6c:5e:f0:27:f1:8c:31:12:e1:f0:
                    98:ec:68:a3:f2:04:c7:6c:39:36:37:a6:6d:23:a6:
                    96:3c:a8:99:88:58:bc:78:5b:0b:fb:23:5f:b8:24:
                    19:2f:1a:04:c1:c3:84:b9:f7:44:ad:32:31:60:bc:
                    cb:75:34:b0:e5:b4:3c:a6:38:b3:bf:40:f2:f7:49:
                    b5:ed:f4:2b:9c:5a:5a:8d:22:9e:b8:64:69:83:46:
                    f2:9e:45:2b:06:de:60:bc:0f:1f:2c:ba:7a:7c:ea:
                    41:da:45:71:6d:aa:a8:96:4f:45:02:e6:47:61:5a:
                    63:78:09:f2:da:cc:10:03:01:93:9b:44:99:f9:19:
                    1e:10:6e:6a:8a:a1:22:36:33:47:a3:d7:f0:5d:d8:
                    b0:c8:b0:36:2f:3e:76:18:37:64:1f:f3:29:63:18:
                    bf:73:0d:c5:d4:64:e5:c8:0c:02:07:ba:96:63:c6:
                    b2:b1:a0:72:66:e3:d5:d5:c9:65:25:2b:fd:07:9b:
                    c2:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:78:7E:9B:D3:DF:FE:B4:6D:B8:AB:BD:B3:D6:37:AA:91:FA:41:DB
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/V3h-m9Pf_rRtuKu9s9Y3qpH6Qds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         87:82:f5:52:7f:d0:2a:35:75:63:da:5b:55:f7:7b:d5:48:77:
         ef:1b:a8:f8:42:f3:e9:93:f6:14:74:41:67:42:43:a4:4c:37:
         09:93:f8:ca:c2:14:ba:b4:57:6a:82:9b:27:ac:a9:49:8d:27:
         42:f0:20:e6:fb:59:28:c2:bd:3c:47:13:b8:33:55:be:4a:4a:
         a5:42:c0:a0:cb:b2:ce:c4:cb:20:82:da:e7:a9:48:ba:f9:82:
         c1:ac:21:47:07:cc:36:7a:59:89:36:dd:24:f3:fa:bb:f4:72:
         14:ef:39:1a:8f:82:bc:88:09:95:a7:02:13:6a:e7:6c:7e:6c:
         51:fb:30:8c:e7:5b:fc:22:f0:c6:f2:75:9a:38:57:c4:e7:8f:
         f6:0b:28:c4:a6:ed:d7:57:90:22:4f:3a:e5:93:58:08:81:db:
         13:ca:50:00:18:fc:43:dd:28:9d:aa:7a:33:db:5f:9f:b9:2e:
         a8:52:0d:e4:ec:1f:af:bf:a3:df:2b:6b:9f:12:6a:ed:76:0d:
         d8:b7:d2:3e:a9:90:48:e6:ed:7b:30:80:53:51:9c:64:2b:b1:
         46:d9:c3:8d:2e:47:16:67:9e:7c:22:de:16:25:9a:8e:55:2b:
         c7:5f:ca:7b:1f:2d:ae:db:b3:b9:1e:2b:d5:32:0e:fc:d9:7d:
         3d:2b:ca:24
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYl7zlZcvTHzc6omfVdfbHXpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzIyMDQxNDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Nzc4N2U5YmQzZGZmZWI0NmRiOGFiYmRiM2Q2MzdhYTkxZmE0MWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAotsSIZ5iou7CcTrx/GL71JwHRTNO
zmq/AENkHZ0Ia8JcvysvlRCR0Rm6LJVMsjk5uFKgJKl6DpEoD8BWuy1qx2xe8Cfx
jDES4fCY7Gij8gTHbDk2N6ZtI6aWPKiZiFi8eFsL+yNfuCQZLxoEwcOEufdErTIx
YLzLdTSw5bQ8pjizv0Dy90m17fQrnFpajSKeuGRpg0bynkUrBt5gvA8fLLp6fOpB
2kVxbaqolk9FAuZHYVpjeAny2swQAwGTm0SZ+RkeEG5qiqEiNjNHo9fwXdiwyLA2
Lz52GDdkH/MpYxi/cw3F1GTlyAwCB7qWY8aysaByZuPV1cllJSv9B5vCywIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFd4fpvT3/60bbirvbPWN6qR+kHbMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvVjNoLW05UGZfclJ0dUt1OXM5WTNxcEg2UWRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIeC9VJ/0Co1dWPaW1X3
e9VId+8bqPhC8+mT9hR0QWdCQ6RMNwmT+MrCFLq0V2qCmyesqUmNJ0LwIOb7WSjC
vTxHE7gzVb5KSqVCwKDLss7EyyCC2uepSLr5gsGsIUcHzDZ6WYk23STz+rv0chTv
ORqPgryICZWnAhNq52x+bFH7MIznW/wi8MbydZo4V8Tnj/YLKMSm7ddXkCJPOuWT
WAiB2xPKUAAY/EPdKJ2qejPbX5+5LqhSDeTsH6+/o98ra58Sau12Ddi30j6pkEjm
7XswgFNRnGQrsUbZw40uRxZnnnwi3hYlmo5VK8dfynsfLa7bs7keK9UyDvzZfT0r
yiQ=
-----END CERTIFICATE-----