Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/VuAcW3ZRkTrGfXJaSdmWNnb1jfM.roa
File:                     VuAcW3ZRkTrGfXJaSdmWNnb1jfM.roa (raw, json)
Hash identifier:          prJGnLIanhlXJZkB6kb05Tk87tLZv+90ZYehrZ6BNmU=
Subject key identifier:   56:E0:1C:5B:76:51:91:3A:C6:7D:72:5A:49:D9:96:36:76:F5:8D:F3
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187F8EA6C38329ECA3E261A73881E90C5A0
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/VuAcW3ZRkTrGfXJaSdmWNnb1jfM.roa
Signing time:             Mon 08 May 2023 01:12:05 +0000
ROA not before:           Mon 08 May 2023 01:12:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:f8:ea:6c:38:32:9e:ca:3e:26:1a:73:88:1e:90:c5:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  8 01:12:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=56e01c5b7651913ac67d725a49d9963676f58df3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:25:f1:ba:93:bd:85:a1:05:b0:1f:76:24:21:
                    5b:17:f6:47:e3:47:b1:a3:d3:7d:cb:34:d1:f1:75:
                    08:86:55:11:5b:65:cf:7e:50:3d:23:a8:eb:b7:65:
                    38:a5:66:d2:35:fd:5c:bf:48:73:da:00:a5:a0:b1:
                    1f:55:20:f3:b3:e5:2a:19:70:35:da:ab:36:3c:ea:
                    46:1b:36:18:d9:1a:db:c6:5f:bc:19:f0:bf:5a:96:
                    e8:55:05:49:69:22:13:7c:01:ff:9d:e2:2a:44:e1:
                    05:0b:5b:5b:bf:b4:a2:c6:29:81:2e:ce:78:5a:f8:
                    58:ef:0f:61:4c:a1:85:57:3a:0f:43:25:58:c3:bf:
                    d0:12:e0:2f:68:6d:2e:0b:7b:64:44:91:06:cc:11:
                    b2:cc:05:62:43:be:60:4b:97:b9:3f:1a:ff:d7:60:
                    53:91:81:4f:84:7c:c6:d4:76:c4:cb:f8:4d:2d:bc:
                    43:bd:9a:ba:52:73:04:b4:f9:14:99:4d:6f:a8:36:
                    c9:8a:be:6e:ec:3a:55:52:34:02:0d:08:24:ed:55:
                    60:dd:02:48:2e:f4:73:f9:89:67:3d:f2:96:92:03:
                    44:e2:fa:37:90:62:20:a3:3c:ac:c3:ee:e2:14:78:
                    af:a5:b3:65:83:34:d0:37:68:ee:e3:1c:a3:71:26:
                    aa:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:E0:1C:5B:76:51:91:3A:C6:7D:72:5A:49:D9:96:36:76:F5:8D:F3
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/VuAcW3ZRkTrGfXJaSdmWNnb1jfM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         07:e9:88:29:67:67:7b:8c:ed:c1:f5:ec:d9:d5:dc:fb:74:7c:
         f6:5c:e1:7e:2a:3b:a6:c4:e0:54:48:1c:77:4e:57:35:d5:d5:
         df:dc:17:d7:89:2d:5b:28:76:86:fa:0f:c5:c1:b6:d1:80:c2:
         c9:13:14:ef:6f:65:ee:b1:23:fe:97:19:05:1f:6e:0a:ca:ca:
         6e:af:41:d1:bb:ae:7f:63:10:20:87:fc:f0:9b:7d:93:a2:c7:
         ae:61:08:b8:cf:29:ec:15:02:7c:4b:e2:42:bd:4b:15:05:4b:
         0a:be:56:0d:68:91:99:ad:1c:cd:21:2b:8a:49:43:00:b2:26:
         e2:e0:b0:bf:20:04:17:fb:0d:0c:da:8e:7d:3b:35:e9:fe:d1:
         27:a9:d0:10:94:84:e0:2e:0b:68:81:b0:ac:a7:7b:bf:83:e8:
         1e:d1:dc:6b:5b:4c:ab:a5:59:b8:33:a0:d7:f2:8d:20:dd:d0:
         1d:bf:d3:76:03:a4:22:e4:2e:74:c1:ce:c3:a1:ce:9d:fa:f8:
         0d:15:ac:5d:bd:cd:b2:df:8b:c5:38:a7:59:0e:ad:c1:79:54:
         ed:37:53:1f:ae:8b:89:a2:2f:df:48:0e:70:67:18:ab:2b:be:
         3e:c9:eb:6f:0d:e8:f3:0d:8c:e3:ac:5a:73:d7:ff:01:13:94:
         b2:e7:83:f5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYf46mw4Mp7KPiYac4gekMWgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA4MDExMjA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmUwMWM1Yjc2NTE5MTNhYzY3ZDcyNWE0OWQ5OTYzNjc2ZjU4ZGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnSXxupO9haEFsB92JCFbF/ZH40ex
o9N9yzTR8XUIhlURW2XPflA9I6jrt2U4pWbSNf1cv0hz2gCloLEfVSDzs+UqGXA1
2qs2POpGGzYY2Rrbxl+8GfC/WpboVQVJaSITfAH/neIqROEFC1tbv7SiximBLs54
WvhY7w9hTKGFVzoPQyVYw7/QEuAvaG0uC3tkRJEGzBGyzAViQ75gS5e5Pxr/12BT
kYFPhHzG1HbEy/hNLbxDvZq6UnMEtPkUmU1vqDbJir5u7DpVUjQCDQgk7VVg3QJI
LvRz+YlnPfKWkgNE4vo3kGIgozysw+7iFHivpbNlgzTQN2ju4xyjcSaqwQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFbgHFt2UZE6xn1yWknZljZ29Y3zMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvVnVBY1czWlJrVHJHZlhKYVNkbVdObmIxamZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAfpiClnZ3uM7cH17NnV
3Pt0fPZc4X4qO6bE4FRIHHdOVzXV1d/cF9eJLVsodob6D8XBttGAwskTFO9vZe6x
I/6XGQUfbgrKym6vQdG7rn9jECCH/PCbfZOix65hCLjPKewVAnxL4kK9SxUFSwq+
Vg1okZmtHM0hK4pJQwCyJuLgsL8gBBf7DQzajn07Nen+0Sep0BCUhOAuC2iBsKyn
e7+D6B7R3GtbTKulWbgzoNfyjSDd0B2/03YDpCLkLnTBzsOhzp36+A0VrF29zbLf
i8U4p1kOrcF5VO03Ux+ui4miL99IDnBnGKsrvj7J628N6PMNjOOsWnPX/wETlLLn
g/U=
-----END CERTIFICATE-----