Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/_XfNGzQDUWuktupyBnytcNGbZNI.roa
File:                     _XfNGzQDUWuktupyBnytcNGbZNI.roa (raw, json)
Hash identifier:          6KVgAAkOaXF4FpDNdWMfL81Mj0kwNLDC4lR/VnlxcY4=
Subject key identifier:   FD:77:CD:1B:34:03:51:6B:A4:B6:EA:72:06:7C:AD:70:D1:9B:64:D2
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187A8E08E3F6FB159F9D9FAA9526C910B7E
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/_XfNGzQDUWuktupyBnytcNGbZNI.roa
Signing time:             Sat 22 Apr 2023 12:11:41 +0000
ROA not before:           Sat 22 Apr 2023 12:11:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:a8:e0:8e:3f:6f:b1:59:f9:d9:fa:a9:52:6c:91:0b:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 22 12:11:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fd77cd1b3403516ba4b6ea72067cad70d19b64d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d9:8a:7c:9a:55:73:9e:67:05:b2:bb:d3:26:
                    7c:ac:f4:e8:c6:b1:3c:38:76:e3:40:dd:19:73:e5:
                    81:da:ae:24:8a:13:60:e5:d0:ff:86:c1:60:3a:18:
                    73:3d:36:59:f7:dd:92:0f:b2:c1:ed:91:e5:4d:57:
                    83:12:28:2f:de:0b:3a:da:93:f4:e5:a1:ab:fe:78:
                    6f:63:9e:07:b2:8a:1d:30:4d:43:0e:b8:58:3c:c7:
                    48:9f:b1:66:30:c0:d1:03:56:13:ae:12:3c:82:53:
                    dd:be:42:ac:a7:bd:6a:94:7f:02:c0:97:d7:56:20:
                    da:18:b1:1e:0a:ca:0b:59:2e:dd:0b:9d:b3:42:a9:
                    95:cc:c8:9f:fb:74:e7:f2:60:21:24:31:c3:a0:20:
                    c1:a2:c8:21:1d:de:4e:24:a0:a7:e1:4c:c6:6d:e6:
                    ff:b3:2f:64:25:87:e0:24:00:24:b5:43:01:e2:62:
                    32:be:86:9d:1f:52:10:b8:11:be:bb:c7:ac:a1:92:
                    a7:1e:4a:be:06:90:16:5d:1a:2f:1e:45:f5:de:57:
                    72:0d:32:6a:c8:9d:6e:1e:78:e6:89:8c:c3:0b:f1:
                    54:17:4c:9f:a6:40:70:77:e8:bb:dc:c8:60:38:4c:
                    d6:c1:ea:d4:e4:c9:8f:bb:a1:85:f7:03:78:e5:1a:
                    ad:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:77:CD:1B:34:03:51:6B:A4:B6:EA:72:06:7C:AD:70:D1:9B:64:D2
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/_XfNGzQDUWuktupyBnytcNGbZNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         55:1b:d9:09:90:44:a6:2f:4b:3b:67:c0:c9:5a:86:57:55:01:
         7c:d7:08:bd:fa:84:ad:63:d6:93:6a:19:9d:f6:d3:0f:ab:b7:
         a8:8e:ee:05:be:1f:85:e4:5c:d0:71:b7:85:5a:ea:c5:c5:a1:
         1d:80:97:8d:8e:18:bf:e7:ee:e2:ec:24:46:23:d4:c5:c4:39:
         36:36:a8:a5:48:4c:30:ff:50:67:ff:41:ec:57:de:02:1c:3d:
         74:e1:35:c3:00:f4:90:36:9e:0f:8d:4e:50:be:b0:cb:81:95:
         07:4b:91:84:29:83:fd:a7:d4:63:9c:47:87:83:86:13:73:2c:
         2e:fa:2d:ee:0b:a7:e5:c7:e4:1b:cd:c1:53:75:89:81:d0:dd:
         1f:7b:db:02:53:85:4a:b9:4d:8e:ee:5d:ec:ef:28:63:42:f7:
         28:ad:c5:7d:ec:5a:6b:d0:f2:d2:c0:9b:91:37:3a:93:60:8c:
         5a:8e:55:0d:da:55:6a:5e:a2:90:04:92:a5:a6:de:e9:7c:02:
         57:fb:25:ca:44:86:ee:f7:4b:71:e9:36:a9:70:6b:0e:d3:58:
         66:fe:0a:3d:b0:28:96:3a:fa:cc:71:3b:e9:f2:37:06:90:02:
         ae:ce:90:23:29:da:70:c8:15:55:64:4e:b2:1d:df:41:42:1c:
         3a:d4:4f:f1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYeo4I4/b7FZ+dn6qVJskQt+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDIyMTIxMTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDc3Y2QxYjM0MDM1MTZiYTRiNmVhNzIwNjdjYWQ3MGQxOWI2NGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9mKfJpVc55nBbK70yZ8rPToxrE8
OHbjQN0Zc+WB2q4kihNg5dD/hsFgOhhzPTZZ992SD7LB7ZHlTVeDEigv3gs62pP0
5aGr/nhvY54HsoodME1DDrhYPMdIn7FmMMDRA1YTrhI8glPdvkKsp71qlH8CwJfX
ViDaGLEeCsoLWS7dC52zQqmVzMif+3Tn8mAhJDHDoCDBosghHd5OJKCn4UzGbeb/
sy9kJYfgJAAktUMB4mIyvoadH1IQuBG+u8esoZKnHkq+BpAWXRovHkX13ldyDTJq
yJ1uHnjmiYzDC/FUF0yfpkBwd+i73MhgOEzWwerU5MmPu6GF9wN45RqtFwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFP13zRs0A1FrpLbqcgZ8rXDRm2TSMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvX1hmTkd6UURVV3VrdHVweUJueXRjTkdiWk5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFUb2QmQRKYvSztnwMla
hldVAXzXCL36hK1j1pNqGZ320w+rt6iO7gW+H4XkXNBxt4Va6sXFoR2Al42OGL/n
7uLsJEYj1MXEOTY2qKVITDD/UGf/QexX3gIcPXThNcMA9JA2ng+NTlC+sMuBlQdL
kYQpg/2n1GOcR4eDhhNzLC76Le4Lp+XH5BvNwVN1iYHQ3R972wJThUq5TY7uXezv
KGNC9yitxX3sWmvQ8tLAm5E3OpNgjFqOVQ3aVWpeopAEkqWm3ul8Alf7JcpEhu73
S3HpNqlwaw7TWGb+Cj2wKJY6+sxxO+nyNwaQAq7OkCMp2nDIFVVkTrId30FCHDrU
T/E=
-----END CERTIFICATE-----