Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/WeTJifwi0M8kuqB97k0-tPJ018g.roa
File:                     WeTJifwi0M8kuqB97k0-tPJ018g.roa (raw, json)
Hash identifier:          VKYw+bgpLBT0lJ6CMPGDCOPzVnyiksSuda93CD98Bs4=
Subject key identifier:   59:E4:C9:89:FC:22:D0:CF:24:BA:A0:7D:EE:4D:3E:B4:F2:74:D7:C8
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187B02A68CB0D70198A825162AD3F48E05B
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/WeTJifwi0M8kuqB97k0-tPJ018g.roa
Signing time:             Sun 23 Apr 2023 22:09:41 +0000
ROA not before:           Sun 23 Apr 2023 22:09:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:b0:2a:68:cb:0d:70:19:8a:82:51:62:ad:3f:48:e0:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 23 22:09:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=59e4c989fc22d0cf24baa07dee4d3eb4f274d7c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:52:7d:da:38:c4:e2:88:4c:a5:1f:93:91:35:
                    09:2c:1b:18:a7:1e:15:be:dc:51:d6:dd:62:4f:90:
                    37:58:ca:38:14:f0:e0:cc:c0:7c:21:67:63:51:36:
                    a6:62:09:82:2b:71:67:9d:10:2a:6a:c4:9e:f5:94:
                    cd:9e:6e:88:1c:6b:2b:71:26:6a:1d:cb:bf:e4:7f:
                    92:77:37:13:dc:67:96:48:cd:1d:d5:d0:60:8b:c8:
                    f7:b0:c5:21:ff:19:da:14:dd:e4:86:fa:09:5a:9b:
                    5d:0c:9c:da:a9:2b:a0:ef:d4:29:c7:5e:4f:9c:a1:
                    27:2c:fb:e5:de:ff:a5:93:fd:37:a3:ce:37:91:7d:
                    21:06:b4:23:93:7e:ca:ad:eb:41:70:02:cb:78:4c:
                    26:2b:23:05:99:d4:6c:4d:1c:a7:79:d9:e4:b6:00:
                    75:e2:03:57:aa:bc:39:13:c5:17:47:90:66:fa:f0:
                    df:23:44:ac:9c:74:bf:99:04:3b:8c:39:23:99:4f:
                    de:10:e7:57:11:d9:ef:2b:7a:e7:25:5e:46:f9:dc:
                    0f:c1:77:c0:b7:73:1e:06:70:e6:c8:7f:b8:c7:6f:
                    e7:9d:76:77:53:f0:cf:af:52:3c:ff:73:8f:7a:a0:
                    b3:dd:c1:fd:0f:c0:e4:71:ba:e4:69:4e:38:a8:0e:
                    3d:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:E4:C9:89:FC:22:D0:CF:24:BA:A0:7D:EE:4D:3E:B4:F2:74:D7:C8
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/WeTJifwi0M8kuqB97k0-tPJ018g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         42:cd:0b:4c:ab:7a:52:9a:5e:d6:9d:54:1c:3a:c9:58:92:a4:
         1c:9f:97:32:21:53:ef:f9:c9:15:69:22:52:b8:55:2a:6f:13:
         91:9b:16:86:3f:18:6a:dd:85:4d:93:c4:35:1f:91:43:31:d8:
         74:a6:b9:d1:a6:d6:68:11:ce:fe:f4:75:4b:2b:fe:83:f3:2b:
         e8:3b:3f:98:5a:53:90:80:73:2e:32:d0:8d:97:2f:f4:ee:f1:
         b1:52:a3:23:f7:34:9d:d7:24:49:69:39:59:e3:40:04:7f:6b:
         b4:6c:3d:c7:0c:de:d6:06:ca:e7:13:94:dc:e6:34:5a:6a:48:
         62:1d:e7:cb:3a:2a:5b:e1:53:c4:66:df:b0:8f:1c:45:78:00:
         95:72:95:8f:2c:93:de:33:34:a4:11:b5:83:55:e0:54:dd:2b:
         48:63:26:d6:7f:cc:b5:e4:81:85:04:8e:df:d1:34:84:e7:9e:
         38:f2:32:34:19:28:c2:4c:71:2f:92:76:5d:57:0b:fb:9a:5e:
         d9:b3:bf:ac:63:60:40:99:61:52:f9:5b:af:45:91:2f:da:ef:
         af:41:c3:aa:30:62:6d:c8:d2:d3:ac:b4:0c:2e:24:00:26:de:
         31:0d:3e:9d:fc:5d:2b:0b:90:25:ae:2c:33:e7:59:e6:06:10:
         04:74:3e:bc
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYewKmjLDXAZioJRYq0/SOBbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDIzMjIwOTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWU0Yzk4OWZjMjJkMGNmMjRiYWEwN2RlZTRkM2ViNGYyNzRkN2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg1J92jjE4ohMpR+TkTUJLBsYpx4V
vtxR1t1iT5A3WMo4FPDgzMB8IWdjUTamYgmCK3FnnRAqasSe9ZTNnm6IHGsrcSZq
Hcu/5H+SdzcT3GeWSM0d1dBgi8j3sMUh/xnaFN3khvoJWptdDJzaqSug79Qpx15P
nKEnLPvl3v+lk/03o843kX0hBrQjk37KretBcALLeEwmKyMFmdRsTRynednktgB1
4gNXqrw5E8UXR5Bm+vDfI0SsnHS/mQQ7jDkjmU/eEOdXEdnvK3rnJV5G+dwPwXfA
t3MeBnDmyH+4x2/nnXZ3U/DPr1I8/3OPeqCz3cH9D8DkcbrkaU44qA495wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFnkyYn8ItDPJLqgfe5NPrTydNfIMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvV2VUSmlmd2kwTThrdXFCOTdrMC10UEowMThnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAELNC0yrelKaXtadVBw6
yViSpByflzIhU+/5yRVpIlK4VSpvE5GbFoY/GGrdhU2TxDUfkUMx2HSmudGm1mgR
zv70dUsr/oPzK+g7P5haU5CAcy4y0I2XL/Tu8bFSoyP3NJ3XJElpOVnjQAR/a7Rs
PccM3tYGyucTlNzmNFpqSGId58s6KlvhU8Rm37CPHEV4AJVylY8sk94zNKQRtYNV
4FTdK0hjJtZ/zLXkgYUEjt/RNITnnjjyMjQZKMJMcS+Sdl1XC/uaXtmzv6xjYECZ
YVL5W69FkS/a769Bw6owYm3I0tOstAwuJAAm3jENPp38XSsLkCWuLDPnWeYGEAR0
Prw=
-----END CERTIFICATE-----