Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/WME49gHpJUoRdXjaZ_oGZnSpbTc.roa
File:                     WME49gHpJUoRdXjaZ_oGZnSpbTc.roa (raw, json)
Hash identifier:          FspTm1zbhSWP2oGdBTi4VuDvHctDyg5ZKd3VpWw2vII=
Subject key identifier:   58:C1:38:F6:01:E9:25:4A:11:75:78:DA:67:FA:06:66:74:A9:6D:37
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187F3FAFF119E48834D303227EB64B9D1CF
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/WME49gHpJUoRdXjaZ_oGZnSpbTc.roa
Signing time:             Sun 07 May 2023 02:12:05 +0000
ROA not before:           Sun 07 May 2023 02:12:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:f3:fa:ff:11:9e:48:83:4d:30:32:27:eb:64:b9:d1:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  7 02:12:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=58c138f601e9254a117578da67fa066674a96d37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:76:dc:ec:84:48:18:a8:99:4d:06:6a:ee:cb:
                    4a:95:f4:e6:fa:aa:0b:51:51:14:ed:11:49:49:93:
                    e3:e3:ee:76:49:56:c7:cd:28:26:b1:08:5f:11:be:
                    db:d5:a6:5d:74:71:39:c4:c2:cb:ef:c2:a0:ae:30:
                    48:7d:10:f6:47:0c:57:f0:2b:4b:20:d1:a6:c1:33:
                    f3:2a:cf:4c:ed:e7:51:38:85:95:0d:28:36:84:4d:
                    5c:72:ec:c3:1a:aa:59:f5:b9:8f:cb:0f:40:bc:8c:
                    94:81:93:13:8b:ac:f5:6b:ce:aa:81:ba:63:b9:38:
                    ae:08:26:8b:f3:f6:6e:98:9a:92:95:66:1f:3c:a2:
                    cb:f7:ca:62:ea:e5:c3:6d:10:2e:fd:75:e0:2f:7a:
                    20:c7:29:97:21:c5:d9:f7:23:f9:6d:7b:dc:08:69:
                    11:d8:4c:ab:96:cb:30:d3:26:ff:82:83:36:a0:71:
                    e9:7f:2d:20:d3:89:32:ab:c3:21:d4:30:42:55:8c:
                    d7:37:f4:9d:33:2d:f9:b3:d2:6d:6c:98:43:81:4d:
                    b2:a1:d9:e1:16:2d:1d:4d:11:ec:6c:ad:88:38:0d:
                    d6:ab:82:50:09:c0:55:69:aa:b6:64:69:84:37:92:
                    77:cb:80:53:95:24:f2:4a:c5:d9:a4:10:e5:59:fb:
                    5a:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:C1:38:F6:01:E9:25:4A:11:75:78:DA:67:FA:06:66:74:A9:6D:37
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/WME49gHpJUoRdXjaZ_oGZnSpbTc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         11:e6:01:85:89:e2:07:62:80:d3:e1:d6:56:17:6d:94:53:62:
         d2:97:e6:97:23:13:d1:0a:32:30:b2:ee:ee:46:d7:16:dd:d0:
         ee:5c:60:aa:63:4c:df:34:0f:ec:de:5d:41:40:3d:be:11:91:
         9c:ed:3a:53:17:7a:ef:01:55:03:74:83:37:89:85:09:b5:a2:
         87:d3:a0:d2:26:30:49:a7:5b:fd:10:53:54:5f:41:6f:03:53:
         74:e1:ea:12:14:56:06:5d:c4:16:41:f4:83:02:a5:1a:a6:d8:
         1f:14:0f:9f:2b:fe:af:00:72:32:d1:fe:9d:9e:b4:ba:53:a6:
         e1:13:cc:bf:fc:8f:86:35:bd:50:b7:67:ab:4f:c2:3a:4d:38:
         51:6d:e9:21:a5:cc:3f:c2:f2:9d:2e:f3:41:a4:b8:7f:e4:2a:
         be:81:1a:a3:63:cc:db:7e:a2:03:b0:29:f2:8e:75:75:e1:8e:
         ca:0d:52:88:c3:f3:f4:bc:07:32:9a:10:ba:20:8e:50:a4:e4:
         01:ea:00:60:8b:8b:1e:ec:fa:b4:17:f8:a6:28:c4:d2:a0:ad:
         09:c1:6b:83:5d:9b:08:17:39:ea:58:a0:a3:55:25:3e:df:63:
         9c:3f:ee:54:8b:1c:8b:12:6b:7e:65:ac:ab:e8:9c:4b:78:e8:
         fe:28:98:87
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfz+v8RnkiDTTAyJ+tkudHPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA3MDIxMjA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGMxMzhmNjAxZTkyNTRhMTE3NTc4ZGE2N2ZhMDY2Njc0YTk2ZDM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsnbc7IRIGKiZTQZq7stKlfTm+qoL
UVEU7RFJSZPj4+52SVbHzSgmsQhfEb7b1aZddHE5xMLL78KgrjBIfRD2RwxX8CtL
INGmwTPzKs9M7edROIWVDSg2hE1ccuzDGqpZ9bmPyw9AvIyUgZMTi6z1a86qgbpj
uTiuCCaL8/ZumJqSlWYfPKLL98pi6uXDbRAu/XXgL3ogxymXIcXZ9yP5bXvcCGkR
2Eyrlssw0yb/goM2oHHpfy0g04kyq8Mh1DBCVYzXN/SdMy35s9JtbJhDgU2yodnh
Fi0dTRHsbK2IOA3Wq4JQCcBVaaq2ZGmEN5J3y4BTlSTySsXZpBDlWftaWQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFjBOPYB6SVKEXV42mf6BmZ0qW03MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvV01FNDlnSHBKVW9SZFhqYVpfb0dablNwYlRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABHmAYWJ4gdigNPh1lYX
bZRTYtKX5pcjE9EKMjCy7u5G1xbd0O5cYKpjTN80D+zeXUFAPb4RkZztOlMXeu8B
VQN0gzeJhQm1oofToNImMEmnW/0QU1RfQW8DU3Th6hIUVgZdxBZB9IMCpRqm2B8U
D58r/q8AcjLR/p2etLpTpuETzL/8j4Y1vVC3Z6tPwjpNOFFt6SGlzD/C8p0u80Gk
uH/kKr6BGqNjzNt+ogOwKfKOdXXhjsoNUojD8/S8BzKaELogjlCk5AHqAGCLix7s
+rQX+KYoxNKgrQnBa4NdmwgXOepYoKNVJT7fY5w/7lSLHIsSa35lrKvonEt46P4o
mIc=
-----END CERTIFICATE-----