Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/YD_iaXqjEECD9UvLdfZTpWairHE.roa
File:                     YD_iaXqjEECD9UvLdfZTpWairHE.roa (raw, json)
Hash identifier:          Z4SHdIILrZg6gVCDjdH/RRXoaJTL+uWfqLz3DEViSj8=
Subject key identifier:   60:3F:E2:69:7A:A3:10:40:83:F5:4B:CB:75:F6:53:A5:66:A2:AC:71
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018866FCD1877FE22F79F32B7223E7A7DCF3
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/YD_iaXqjEECD9UvLdfZTpWairHE.roa
Signing time:             Mon 29 May 2023 10:10:24 +0000
ROA not before:           Mon 29 May 2023 10:10:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:66:fc:d1:87:7f:e2:2f:79:f3:2b:72:23:e7:a7:dc:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 29 10:10:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=603fe2697aa3104083f54bcb75f653a566a2ac71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:7a:b0:1b:5c:ea:21:40:12:8d:20:13:2a:da:
                    9d:33:1a:4f:e5:de:44:4d:ab:d9:7c:e5:62:10:43:
                    ea:90:be:d5:ac:5a:2c:2c:36:82:e7:7a:7e:be:f5:
                    10:7c:f9:4f:7d:27:fb:2e:60:c1:93:38:b4:8c:f7:
                    90:e0:fd:f5:83:ca:ac:4a:bf:fb:ba:b8:24:57:25:
                    5d:60:2d:db:dd:08:f1:40:3d:a2:88:90:aa:69:e4:
                    c0:92:ae:56:c3:2e:b5:ac:2a:cf:9f:1e:be:b9:92:
                    b7:f8:fa:d5:1a:a2:bd:d8:b9:e0:be:d4:b9:68:02:
                    61:21:4b:d5:18:d2:e6:fd:32:39:4b:40:d2:27:1e:
                    95:ba:33:34:37:fe:7d:1e:eb:fe:3e:a6:c2:0b:15:
                    d1:f7:e9:3f:28:be:c0:fc:e1:19:82:a7:dd:c0:8b:
                    a1:e0:44:e3:bf:4c:0c:52:9b:3d:5f:23:47:aa:7e:
                    1a:bd:5a:29:fe:ce:cb:fc:83:ab:61:1f:5e:ef:13:
                    90:89:e2:6d:7c:5f:b2:41:55:eb:6d:ba:f4:8c:16:
                    75:69:77:f0:c8:a3:2f:95:78:4a:9b:0c:11:de:14:
                    3a:66:03:e1:8c:92:a2:a5:72:03:88:4a:e2:b9:c1:
                    99:52:e3:a2:05:af:3d:cc:f2:0c:37:d8:29:d6:22:
                    dd:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:3F:E2:69:7A:A3:10:40:83:F5:4B:CB:75:F6:53:A5:66:A2:AC:71
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/YD_iaXqjEECD9UvLdfZTpWairHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         84:c9:e9:5f:10:a9:04:60:ce:c7:30:8c:8f:d2:01:74:89:a5:
         97:b7:b5:fe:e3:bf:38:92:29:e5:28:2b:6a:89:3f:6d:b7:2c:
         91:30:c8:b9:f9:5e:ac:2e:f5:58:98:fc:7a:70:45:42:a3:fd:
         3e:52:99:cd:60:04:85:2d:73:a6:3f:1e:40:dd:ec:29:9f:42:
         7c:d0:f6:ae:7e:3e:d6:b4:f9:0c:17:3b:61:9a:3a:14:8a:7a:
         22:c4:79:8d:73:a2:74:6a:3e:73:df:b0:a8:e1:c5:ec:6d:26:
         bb:e4:22:4a:a1:80:c4:29:e2:75:6f:87:30:27:e6:75:69:8a:
         aa:b8:ef:07:bd:4c:57:d4:58:f2:ae:af:10:6c:64:bb:57:09:
         1d:7a:10:3f:b7:2d:38:bd:42:b9:8c:43:7f:87:dd:a0:5b:4c:
         ef:f7:cc:02:83:5d:55:f7:84:3c:16:ac:11:5b:b2:61:52:c6:
         db:e1:c6:a8:03:2b:60:54:db:ef:df:19:5c:7b:c6:bf:76:41:
         96:36:d3:ad:36:ba:f4:c4:eb:5b:94:4d:7f:d5:55:fb:ce:0a:
         21:26:b4:c0:70:4c:43:44:af:69:68:d9:ac:91:0c:63:32:90:
         4b:6d:d5:75:16:91:07:00:6a:12:4e:f5:9e:36:ba:4a:e8:81:
         9b:9f:26:8a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhm/NGHf+IvefMrciPnp9zzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTI5MTAxMDI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDNmZTI2OTdhYTMxMDQwODNmNTRiY2I3NWY2NTNhNTY2YTJhYzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiHqwG1zqIUASjSATKtqdMxpP5d5E
TavZfOViEEPqkL7VrFosLDaC53p+vvUQfPlPfSf7LmDBkzi0jPeQ4P31g8qsSr/7
urgkVyVdYC3b3QjxQD2iiJCqaeTAkq5Wwy61rCrPnx6+uZK3+PrVGqK92LngvtS5
aAJhIUvVGNLm/TI5S0DSJx6VujM0N/59Huv+PqbCCxXR9+k/KL7A/OEZgqfdwIuh
4ETjv0wMUps9XyNHqn4avVop/s7L/IOrYR9e7xOQieJtfF+yQVXrbbr0jBZ1aXfw
yKMvlXhKmwwR3hQ6ZgPhjJKipXIDiEriucGZUuOiBa89zPIMN9gp1iLdSwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGA/4ml6oxBAg/VLy3X2U6VmoqxxMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvWURfaWFYcWpFRUNEOVV2TGRmWlRwV2FpckhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAITJ6V8QqQRgzscwjI/S
AXSJpZe3tf7jvziSKeUoK2qJP223LJEwyLn5Xqwu9ViY/HpwRUKj/T5Smc1gBIUt
c6Y/HkDd7CmfQnzQ9q5+Pta0+QwXO2GaOhSKeiLEeY1zonRqPnPfsKjhxextJrvk
IkqhgMQp4nVvhzAn5nVpiqq47we9TFfUWPKurxBsZLtXCR16ED+3LTi9QrmMQ3+H
3aBbTO/3zAKDXVX3hDwWrBFbsmFSxtvhxqgDK2BU2+/fGVx7xr92QZY20602uvTE
61uUTX/VVfvOCiEmtMBwTENEr2lo2ayRDGMykEtt1XUWkQcAahJO9Z42ukrogZuf
Joo=
-----END CERTIFICATE-----