Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/XNnRtNg-3FuP8NP30xt9c3dpNCY.roa
File:                     XNnRtNg-3FuP8NP30xt9c3dpNCY.roa (raw, json)
Hash identifier:          EcIaIuZTue3WgWp7Bl24zva7uxl4wK3fFWUHGtYjjwk=
Subject key identifier:   5C:D9:D1:B4:D8:3E:DC:5B:8F:F0:D3:F7:D3:1B:7D:73:77:69:34:26
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01870DF7A909953AD5C61FA896841258E191
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/XNnRtNg-3FuP8NP30xt9c3dpNCY.roa
Signing time:             Thu 23 Mar 2023 10:15:47 +0000
ROA not before:           Thu 23 Mar 2023 10:15:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:0d:f7:a9:09:95:3a:d5:c6:1f:a8:96:84:12:58:e1:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 23 10:15:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5cd9d1b4d83edc5b8ff0d3f7d31b7d7377693426
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:05:84:4f:bd:4f:9d:36:08:29:03:ad:c4:61:
                    aa:3c:3e:df:95:f5:60:24:12:c8:82:f3:16:36:b3:
                    39:0a:a6:51:8b:fa:50:8b:e0:2a:12:1d:ef:c0:b1:
                    9d:40:c9:e4:5c:05:b5:b9:fe:7b:fd:26:72:f6:59:
                    67:32:6b:3a:dd:ca:55:9c:0b:cc:cd:39:35:2e:b0:
                    86:dc:1a:2d:2c:80:aa:34:9c:6f:1e:06:6b:95:56:
                    65:ea:8d:c4:0e:fd:87:07:f5:2d:d9:91:b3:4d:4a:
                    ec:e9:ee:4c:80:d2:05:33:11:b9:8a:ee:34:71:57:
                    e5:48:25:0f:d2:2f:0c:b4:5c:40:1a:cf:a5:b0:3d:
                    d4:64:5a:d3:26:46:55:16:1f:bf:ec:a3:12:ed:fc:
                    b1:92:f0:b9:64:a6:dc:c6:69:e5:dc:ff:e0:9c:3f:
                    17:05:09:f8:a7:11:b5:b4:08:4d:f9:c8:22:57:6e:
                    d1:7a:1a:f0:63:b9:29:68:83:b4:af:8e:51:c6:38:
                    8e:cf:f6:63:0d:1f:5c:b0:23:ae:d9:f3:9f:ca:0c:
                    81:4c:31:fe:17:f2:fa:0a:59:1e:b5:35:67:6f:4e:
                    11:d7:02:93:88:d7:d9:cc:26:17:13:f1:33:3c:62:
                    27:56:33:de:95:79:18:05:de:86:ea:82:56:a4:8e:
                    99:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:D9:D1:B4:D8:3E:DC:5B:8F:F0:D3:F7:D3:1B:7D:73:77:69:34:26
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/XNnRtNg-3FuP8NP30xt9c3dpNCY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         af:71:7e:52:f0:ff:5c:d6:e6:ad:62:41:5c:0f:0f:bf:9c:5d:
         24:37:c7:7c:ae:91:30:fe:62:ea:dc:0a:5f:43:87:4f:1a:b3:
         ad:44:9a:1e:ed:9d:14:0b:d8:15:2f:d6:c5:76:78:43:a0:45:
         ff:dd:0d:0f:11:74:bc:f2:15:f3:61:cf:a6:59:fb:6e:58:4f:
         95:fd:d5:23:70:f1:4d:0d:bb:01:de:07:30:f2:a4:bf:03:92:
         be:73:0f:80:36:31:88:aa:5f:3d:a7:99:88:58:dc:5b:4e:bd:
         d9:a0:02:fb:ef:c5:d2:2b:0c:0f:22:75:91:a7:c8:ec:89:44:
         ee:7b:77:6a:45:9d:9c:d7:85:16:c4:d2:cc:35:b0:78:ef:39:
         fb:ed:10:a2:99:e2:79:3f:b8:61:a9:cd:9c:02:2d:ef:2f:67:
         f6:ac:84:81:5e:00:42:3d:b4:e3:c5:39:85:b0:5d:78:a3:a5:
         c9:6f:9d:b9:ca:4a:63:79:d5:85:cb:f5:24:fd:ac:97:8b:b7:
         9b:5d:d1:6d:d3:35:22:16:e7:52:90:24:6f:24:f9:ff:21:39:
         a0:cb:6c:94:f7:c5:96:80:58:4c:23:e2:10:33:19:b4:c3:23:
         f5:29:a5:4a:a4:ee:3c:62:d8:d4:ea:e8:cb:9c:1e:78:6a:23:
         81:9e:38:9c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcN96kJlTrVxh+oloQSWOGRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzIzMTAxNTQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2Q5ZDFiNGQ4M2VkYzViOGZmMGQzZjdkMzFiN2Q3Mzc3NjkzNDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3wWET71PnTYIKQOtxGGqPD7flfVg
JBLIgvMWNrM5CqZRi/pQi+AqEh3vwLGdQMnkXAW1uf57/SZy9llnMms63cpVnAvM
zTk1LrCG3BotLICqNJxvHgZrlVZl6o3EDv2HB/Ut2ZGzTUrs6e5MgNIFMxG5iu40
cVflSCUP0i8MtFxAGs+lsD3UZFrTJkZVFh+/7KMS7fyxkvC5ZKbcxmnl3P/gnD8X
BQn4pxG1tAhN+cgiV27RehrwY7kpaIO0r45RxjiOz/ZjDR9csCOu2fOfygyBTDH+
F/L6ClketTVnb04R1wKTiNfZzCYXE/EzPGInVjPelXkYBd6G6oJWpI6ZjQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFzZ0bTYPtxbj/DT99MbfXN3aTQmMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvWE5uUnROZy0zRnVQOE5QMzB4dDljM2RwTkNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAK9xflLw/1zW5q1iQVwP
D7+cXSQ3x3yukTD+YurcCl9Dh08as61Emh7tnRQL2BUv1sV2eEOgRf/dDQ8RdLzy
FfNhz6ZZ+25YT5X91SNw8U0NuwHeBzDypL8Dkr5zD4A2MYiqXz2nmYhY3FtOvdmg
AvvvxdIrDA8idZGnyOyJRO57d2pFnZzXhRbE0sw1sHjvOfvtEKKZ4nk/uGGpzZwC
Le8vZ/ashIFeAEI9tOPFOYWwXXijpclvnbnKSmN51YXL9ST9rJeLt5td0W3TNSIW
51KQJG8k+f8hOaDLbJT3xZaAWEwj4hAzGbTDI/UppUqk7jxi2NTq6MucHnhqI4Ge
OJw=
-----END CERTIFICATE-----