Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/XN6L6ivp3ALmsn-18spAhEtj_tU.roa
File:                     XN6L6ivp3ALmsn-18spAhEtj_tU.roa (raw, json)
Hash identifier:          Ml65KetNKNoyuJ9oiIPV0cTmURoIwkd0pwgP29s/dfU=
Subject key identifier:   5C:DE:8B:EA:2B:E9:DC:02:E6:B2:7F:B5:F2:CA:40:84:4B:63:FE:D5
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018718035F419236A1BCD7E99E49F6505F5D
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/XN6L6ivp3ALmsn-18spAhEtj_tU.roa
Signing time:             Sat 25 Mar 2023 09:04:46 +0000
ROA not before:           Sat 25 Mar 2023 09:04:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:187:1803:30e/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:18:03:5f:41:92:36:a1:bc:d7:e9:9e:49:f6:50:5f:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 25 09:04:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5cde8bea2be9dc02e6b27fb5f2ca40844b63fed5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:42:2e:38:f9:7d:31:5c:aa:e7:1e:ad:48:e2:
                    b3:ef:a9:48:2a:1a:fe:82:86:36:58:3e:c6:32:00:
                    06:6e:83:c3:2d:09:b0:df:9d:ec:b8:cb:60:5a:5f:
                    b2:94:d0:47:22:35:46:ab:8e:ac:bf:b1:2b:8c:d7:
                    c5:73:7f:1d:ad:4c:15:86:1d:e4:33:ca:44:5a:4e:
                    26:b4:5b:3f:3f:62:11:ac:d0:4c:94:f3:14:2f:17:
                    bd:7e:5f:10:30:16:ca:df:f8:d7:3b:b8:d9:22:89:
                    e8:d7:eb:a4:5a:fe:4e:a3:2d:5d:ce:6a:78:1d:9f:
                    e6:7e:a6:cb:1a:10:6c:ee:38:a7:76:0c:16:13:51:
                    75:e2:89:7c:6b:ba:ae:91:4e:e4:63:46:00:f3:54:
                    08:17:42:d0:e4:76:fa:ca:7a:00:6e:4e:ee:ea:4e:
                    dc:fd:9c:44:9f:18:aa:ae:b1:97:a8:40:b2:ed:6c:
                    b9:b6:12:95:eb:3e:f9:b9:32:11:dc:cd:98:2a:b0:
                    7e:1c:53:de:a4:80:a3:93:50:f5:af:99:f2:bf:62:
                    d7:fb:a8:27:6b:68:b8:c7:90:80:e6:70:05:57:67:
                    b0:e7:c5:38:42:29:9d:dc:35:3d:7b:ee:77:4c:ea:
                    14:3f:8a:4e:50:08:9e:24:a2:14:fe:68:f1:42:3f:
                    9b:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:DE:8B:EA:2B:E9:DC:02:E6:B2:7F:B5:F2:CA:40:84:4B:63:FE:D5
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/XN6L6ivp3ALmsn-18spAhEtj_tU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         44:55:d9:25:ee:f8:94:65:91:15:34:07:25:73:7d:67:df:b5:
         8b:4b:88:0d:2d:0a:81:85:08:6e:5a:d5:c7:c4:7f:d8:35:46:
         e1:14:81:2d:ec:16:c4:54:5b:e2:6d:da:83:48:f4:ec:1d:f3:
         3c:42:ba:ca:5d:af:d0:d4:3a:7b:51:06:f7:1c:14:4f:2a:e0:
         e7:f1:ea:ae:b4:aa:a1:ba:80:52:5f:5f:66:06:e8:81:04:ac:
         81:07:c2:1a:2f:5d:65:0f:5f:18:48:5c:b4:7b:be:e6:00:21:
         91:04:ee:68:f8:15:80:9f:84:7e:8c:91:65:d4:f2:62:aa:4e:
         ce:f7:1a:6a:af:9e:99:44:d2:a8:6e:4e:24:31:a0:35:ea:c7:
         a6:bf:3e:5e:81:20:0d:7f:88:94:0e:78:a6:19:8d:71:31:27:
         d1:91:d5:50:a4:c3:f5:f7:f5:f4:40:c2:43:b4:b2:aa:2f:d8:
         bf:1d:3f:dc:97:68:54:42:9b:70:19:a3:47:09:63:22:c9:dd:
         40:e9:b0:d3:9d:37:fc:15:82:b5:38:28:fd:22:a0:f2:e4:91:
         f6:e2:c2:54:03:c9:1e:e5:9c:d5:f7:5c:5e:f5:84:f4:b1:0c:
         b2:e3:ed:13:39:2c:de:77:6e:89:26:e5:d5:e3:37:8d:76:96:
         47:08:b3:05
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcYA19BkjahvNfpnkn2UF9dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI1MDkwNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2RlOGJlYTJiZTlkYzAyZTZiMjdmYjVmMmNhNDA4NDRiNjNmZWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn0IuOPl9MVyq5x6tSOKz76lIKhr+
goY2WD7GMgAGboPDLQmw353suMtgWl+ylNBHIjVGq46sv7ErjNfFc38drUwVhh3k
M8pEWk4mtFs/P2IRrNBMlPMULxe9fl8QMBbK3/jXO7jZIono1+ukWv5Ooy1dzmp4
HZ/mfqbLGhBs7jindgwWE1F14ol8a7qukU7kY0YA81QIF0LQ5Hb6ynoAbk7u6k7c
/ZxEnxiqrrGXqECy7Wy5thKV6z75uTIR3M2YKrB+HFPepICjk1D1r5nyv2LX+6gn
a2i4x5CA5nAFV2ew58U4Qimd3DU9e+53TOoUP4pOUAieJKIU/mjxQj+bLQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFzei+or6dwC5rJ/tfLKQIRLY/7VMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvWE42TDZpdnAzQUxtc24tMThzcEFoRXRqX3RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAERV2SXu+JRlkRU0ByVz
fWfftYtLiA0tCoGFCG5a1cfEf9g1RuEUgS3sFsRUW+Jt2oNI9Owd8zxCuspdr9DU
OntRBvccFE8q4Ofx6q60qqG6gFJfX2YG6IEErIEHwhovXWUPXxhIXLR7vuYAIZEE
7mj4FYCfhH6MkWXU8mKqTs73GmqvnplE0qhuTiQxoDXqx6a/Pl6BIA1/iJQOeKYZ
jXExJ9GR1VCkw/X39fRAwkO0sqov2L8dP9yXaFRCm3AZo0cJYyLJ3UDpsNOdN/wV
grU4KP0ioPLkkfbiwlQDyR7lnNX3XF71hPSxDLLj7RM5LN53bokm5dXjN412lkcI
swU=
-----END CERTIFICATE-----