Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/XrHkMUAS9tvzzZnGz_Cf90gQH54.roa
File:                     XrHkMUAS9tvzzZnGz_Cf90gQH54.roa (raw, json)
Hash identifier:          DjnhMFlRS1wxGe7lb/Zp83+AnNtf2rU1Sb5j9SZ3LjA=
Subject key identifier:   5E:B1:E4:31:40:12:F6:DB:F3:CD:99:C6:CF:F0:9F:F7:48:10:1F:9E
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01873239630508C94116D5943EF930CED63B
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/XrHkMUAS9tvzzZnGz_Cf90gQH54.roa
Signing time:             Thu 30 Mar 2023 11:13:54 +0000
ROA not before:           Thu 30 Mar 2023 11:13:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:32:39:63:05:08:c9:41:16:d5:94:3e:f9:30:ce:d6:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 30 11:13:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5eb1e4314012f6dbf3cd99c6cff09ff748101f9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:11:88:9f:13:15:e6:7b:1d:97:dc:da:11:de:
                    0f:df:7f:9d:67:35:37:03:f0:27:a0:f0:04:50:4f:
                    70:9b:45:85:56:eb:d0:6a:45:2b:2d:01:1b:17:9a:
                    53:0c:cb:63:88:24:66:82:02:90:68:5f:37:68:7d:
                    20:82:53:ad:27:7c:87:f4:0d:2d:19:85:35:69:50:
                    b1:4c:7c:17:a6:a9:05:8c:5a:4c:2e:fc:fa:80:cd:
                    86:fa:ee:83:68:bf:aa:85:6d:2f:45:0b:a8:3d:bc:
                    e8:01:4e:06:3d:b0:93:d6:ff:e3:d5:e9:6e:52:91:
                    fa:6e:a2:05:50:c9:98:d8:4e:63:0c:5d:42:ac:a7:
                    10:0c:a3:ee:db:74:9c:7e:8e:7f:f4:f7:61:61:f7:
                    69:e4:ad:2d:ef:92:03:1d:96:a4:30:8b:0b:85:bf:
                    eb:b1:13:bc:50:60:0f:dc:f2:57:ed:c3:44:03:5b:
                    34:d1:4f:df:56:1b:94:96:76:74:0f:f3:61:5e:a1:
                    42:ea:ed:6d:9f:02:a2:6a:3a:00:61:4b:a5:15:8b:
                    c3:46:8f:53:a4:cf:aa:88:81:7e:95:09:08:19:4a:
                    e6:06:84:09:2e:ae:76:93:b5:78:7a:54:6a:19:54:
                    ac:19:d8:d0:bf:a0:0c:af:c8:c7:e9:5d:6b:4e:3a:
                    6f:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:B1:E4:31:40:12:F6:DB:F3:CD:99:C6:CF:F0:9F:F7:48:10:1F:9E
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/XrHkMUAS9tvzzZnGz_Cf90gQH54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         b2:91:85:0f:af:ee:f8:e2:65:65:ac:9f:61:51:f1:e8:6c:98:
         68:e7:1f:33:72:88:b4:d7:bb:08:f0:52:f3:16:93:be:36:3a:
         eb:e9:9c:ac:e1:21:90:b4:b9:52:29:5d:75:df:f4:e9:49:72:
         ad:fe:97:16:55:1a:01:d7:d0:78:0e:32:33:61:e7:b9:42:39:
         e3:ff:5b:b1:4c:ca:87:ee:c1:a5:b2:36:3c:c8:b9:f6:82:4b:
         b2:11:fb:a1:7e:a2:70:ea:93:ee:bc:03:80:22:18:46:3d:6b:
         0e:20:31:d0:96:fa:ad:a7:7c:f6:41:c1:21:cc:cb:43:6f:0b:
         af:3f:7f:5f:86:8b:38:31:a1:d6:db:f0:4a:6d:86:fc:fc:bf:
         0e:27:c1:e7:dd:b4:56:4a:68:28:fb:cc:d9:90:7d:c2:fc:c9:
         30:d6:9f:3c:ac:7e:c8:3c:10:d7:03:8d:0e:f5:09:86:ee:c2:
         e8:04:5f:4e:e2:87:fe:38:f8:e6:e1:24:c1:7c:d8:ec:2c:c5:
         9d:de:f0:46:b9:92:8e:4c:07:ae:1f:f7:f3:ad:87:f7:d5:e9:
         45:48:bd:41:ef:ce:9d:7b:90:12:b2:8e:6d:85:1f:72:af:1e:
         84:cf:34:bf:c9:b0:95:9b:3d:13:54:6e:08:25:26:72:a4:c7:
         69:9f:d9:7c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcyOWMFCMlBFtWUPvkwztY7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzMwMTExMzU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWIxZTQzMTQwMTJmNmRiZjNjZDk5YzZjZmYwOWZmNzQ4MTAxZjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsxGInxMV5nsdl9zaEd4P33+dZzU3
A/AnoPAEUE9wm0WFVuvQakUrLQEbF5pTDMtjiCRmggKQaF83aH0gglOtJ3yH9A0t
GYU1aVCxTHwXpqkFjFpMLvz6gM2G+u6DaL+qhW0vRQuoPbzoAU4GPbCT1v/j1elu
UpH6bqIFUMmY2E5jDF1CrKcQDKPu23Scfo5/9PdhYfdp5K0t75IDHZakMIsLhb/r
sRO8UGAP3PJX7cNEA1s00U/fVhuUlnZ0D/NhXqFC6u1tnwKiajoAYUulFYvDRo9T
pM+qiIF+lQkIGUrmBoQJLq52k7V4elRqGVSsGdjQv6AMr8jH6V1rTjpvPwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFF6x5DFAEvbb882Zxs/wn/dIEB+eMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvWHJIa01VQVM5dHZ6elpuR3pfQ2Y5MGdRSDU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBALKRhQ+v7vjiZWWsn2FR
8ehsmGjnHzNyiLTXuwjwUvMWk742OuvpnKzhIZC0uVIpXXXf9OlJcq3+lxZVGgHX
0HgOMjNh57lCOeP/W7FMyofuwaWyNjzIufaCS7IR+6F+onDqk+68A4AiGEY9aw4g
MdCW+q2nfPZBwSHMy0NvC68/f1+Gizgxodbb8Epthvz8vw4nwefdtFZKaCj7zNmQ
fcL8yTDWnzysfsg8ENcDjQ71CYbuwugEX07ih/44+ObhJMF82OwsxZ3e8Ea5ko5M
B64f9/Oth/fV6UVIvUHvzp17kBKyjm2FH3KvHoTPNL/JsJWbPRNUbgglJnKkx2mf
2Xw=
-----END CERTIFICATE-----