Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/a-DfoHObf6O3ZuiCU3pwepCB7-k.roa
File:                     a-DfoHObf6O3ZuiCU3pwepCB7-k.roa (raw, json)
Hash identifier:          tWq60S8Hmq82uiLWcn096RpLxud9zdjxN1sJS1yPM9M=
Subject key identifier:   6B:E0:DF:A0:73:9B:7F:A3:B7:66:E8:82:53:7A:70:7A:90:81:EF:E9
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018787664F3B6004887B8BA43ABC30884ED1
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/a-DfoHObf6O3ZuiCU3pwepCB7-k.roa
Signing time:             Sun 16 Apr 2023 00:10:41 +0000
ROA not before:           Sun 16 Apr 2023 00:10:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:87:66:4f:3b:60:04:88:7b:8b:a4:3a:bc:30:88:4e:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 16 00:10:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6be0dfa0739b7fa3b766e882537a707a9081efe9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:91:96:de:40:9b:95:2b:b3:f4:20:a8:24:e2:
                    65:a7:82:a5:8b:cf:75:0f:6e:5d:59:a4:8a:3e:27:
                    6b:98:50:d0:b2:a4:7b:2d:b3:c3:2f:d1:d7:a8:90:
                    dd:db:13:a2:9c:17:27:d8:56:64:47:0a:df:75:c4:
                    09:77:9c:b1:c1:b9:7c:49:11:b7:18:81:1a:66:1e:
                    ee:8e:56:43:22:5c:a3:c9:59:ce:dd:e3:18:4a:cf:
                    42:b8:52:e0:58:d3:8a:7b:d0:44:84:fc:02:21:56:
                    ee:c5:9f:f0:28:c9:88:d6:ad:6c:81:4b:54:38:35:
                    a3:9a:be:7f:95:e5:ea:71:c4:ec:83:c5:81:c2:79:
                    d0:28:dd:01:c0:a8:11:33:41:59:1a:b6:6a:20:b8:
                    e9:1f:a5:37:12:67:87:35:64:f5:58:91:e0:f5:8c:
                    43:c5:f6:2d:98:1f:91:28:f6:05:c1:38:e1:6e:b1:
                    85:6a:fd:33:e2:09:cb:72:41:37:b0:20:d6:1e:7a:
                    19:f6:7c:88:23:9a:c3:df:5b:14:76:f2:8f:b5:c8:
                    1e:92:50:9c:2c:ce:cc:f6:90:13:cc:53:07:48:4a:
                    b2:ea:f8:77:bd:ff:e3:b1:6e:47:5d:0a:17:9b:02:
                    ca:e8:d1:c4:eb:75:a6:e1:cb:a0:e5:cc:5a:dd:00:
                    3d:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:E0:DF:A0:73:9B:7F:A3:B7:66:E8:82:53:7A:70:7A:90:81:EF:E9
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/a-DfoHObf6O3ZuiCU3pwepCB7-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a2:37:9d:fb:bf:6e:f6:c1:e6:5c:75:a5:86:23:a6:56:66:79:
         38:44:2f:c9:ba:fd:bc:67:ff:af:e9:60:b7:57:a6:66:e5:44:
         d6:0f:a7:aa:72:51:a0:84:75:f2:e7:20:f2:a9:11:c0:f4:5b:
         a2:4d:65:a0:c1:d5:7b:00:a0:b7:01:e8:da:82:ff:37:20:f6:
         4b:b0:89:b4:e4:57:89:84:33:6e:76:16:b9:4e:05:4a:16:00:
         06:e7:d8:58:cb:70:38:2d:7e:67:c7:90:c1:ad:85:09:87:c2:
         8d:dd:c6:fa:29:a0:55:02:36:ea:19:2b:1e:76:77:f8:66:c2:
         2b:cf:b2:0d:5c:5d:b0:12:33:13:8e:3e:a7:57:b9:f7:0c:84:
         de:b1:4a:a1:0e:79:6e:02:ff:b0:19:77:1d:04:30:6e:7c:ab:
         d4:d5:bc:ce:38:4c:0b:1a:2b:b2:ee:4c:71:dd:1c:75:4a:59:
         a7:b0:b0:ba:1d:ed:17:69:5b:0f:b0:81:a8:58:39:ac:a6:a1:
         dd:5a:ff:15:e6:db:90:a7:e2:f6:a4:35:54:0c:f4:c0:3b:74:
         56:5a:91:98:d5:a0:ec:86:9d:23:0a:b5:9b:73:fb:46:96:34:
         10:47:a3:81:de:9d:06:ae:7a:6f:43:cf:9c:de:ad:67:22:1b:
         27:d5:81:0a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYeHZk87YASIe4ukOrwwiE7RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDE2MDAxMDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmUwZGZhMDczOWI3ZmEzYjc2NmU4ODI1MzdhNzA3YTkwODFlZmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgJGW3kCblSuz9CCoJOJlp4Kli891
D25dWaSKPidrmFDQsqR7LbPDL9HXqJDd2xOinBcn2FZkRwrfdcQJd5yxwbl8SRG3
GIEaZh7ujlZDIlyjyVnO3eMYSs9CuFLgWNOKe9BEhPwCIVbuxZ/wKMmI1q1sgUtU
ODWjmr5/leXqccTsg8WBwnnQKN0BwKgRM0FZGrZqILjpH6U3EmeHNWT1WJHg9YxD
xfYtmB+RKPYFwTjhbrGFav0z4gnLckE3sCDWHnoZ9nyII5rD31sUdvKPtcgeklCc
LM7M9pATzFMHSEqy6vh3vf/jsW5HXQoXmwLK6NHE63Wm4cug5cxa3QA9OQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGvg36Bzm3+jt2boglN6cHqQge/pMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvYS1EZm9IT2JmNk8zWnVpQ1UzcHdlcENCNy1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKI3nfu/bvbB5lx1pYYj
plZmeThEL8m6/bxn/6/pYLdXpmblRNYPp6pyUaCEdfLnIPKpEcD0W6JNZaDB1XsA
oLcB6NqC/zcg9kuwibTkV4mEM252FrlOBUoWAAbn2FjLcDgtfmfHkMGthQmHwo3d
xvopoFUCNuoZKx52d/hmwivPsg1cXbASMxOOPqdXufcMhN6xSqEOeW4C/7AZdx0E
MG58q9TVvM44TAsaK7LuTHHdHHVKWaewsLod7RdpWw+wgahYOaymod1a/xXm25Cn
4vakNVQM9MA7dFZakZjVoOyGnSMKtZtz+0aWNBBHo4HenQauem9Dz5zerWciGyfV
gQo=
-----END CERTIFICATE-----