Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/a-zGN8AZvR1aQ4v2ku25SJD3rIU.roa
File:                     a-zGN8AZvR1aQ4v2ku25SJD3rIU.roa (raw, json)
Hash identifier:          p5HcDdPcOtInfeJRzbp8C/jbuSJzOox2lOcp8sl5qvM=
Subject key identifier:   6B:EC:C6:37:C0:19:BD:1D:5A:43:8B:F6:92:ED:B9:48:90:F7:AC:85
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01881804D40576DFEBA57C896FC57368E85E
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/a-zGN8AZvR1aQ4v2ku25SJD3rIU.roa
Signing time:             Sun 14 May 2023 02:09:09 +0000
ROA not before:           Sun 14 May 2023 02:09:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:18:04:d4:05:76:df:eb:a5:7c:89:6f:c5:73:68:e8:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 14 02:09:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6becc637c019bd1d5a438bf692edb94890f7ac85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:6a:e1:10:8e:39:19:71:5a:6d:06:57:6d:ae:
                    f9:3d:0b:42:a3:45:89:cd:d7:b8:69:07:b7:ac:da:
                    4f:0a:c1:d4:dd:4e:a0:ea:81:83:2d:9d:8e:17:40:
                    d0:6d:fa:01:81:6f:40:1f:12:83:7e:25:5c:e6:1f:
                    32:40:1c:d3:c2:33:db:9c:c1:1f:1e:3a:e2:1d:ef:
                    3e:fb:76:95:dd:a6:98:df:63:78:33:1e:6e:2c:b1:
                    89:aa:41:37:36:da:43:11:38:77:cc:1a:46:07:4e:
                    1d:ff:29:09:a8:63:80:7a:d9:bb:5e:d1:a5:c9:76:
                    85:05:c1:72:7c:87:95:f5:fc:06:5a:0d:c5:86:8b:
                    f2:c0:92:d1:c7:6d:8d:04:b5:6d:c6:66:31:81:2e:
                    cb:76:2a:44:2a:5f:e4:64:a2:5e:fa:a4:35:b3:dd:
                    58:4b:1e:2b:d3:a5:bc:ee:d2:08:a3:c9:2b:21:9a:
                    16:bc:c6:37:75:99:c0:93:4a:2e:57:85:41:87:61:
                    f5:74:5f:fb:e8:c0:ca:26:4b:21:9d:12:b1:54:1c:
                    76:1a:b7:b8:a2:da:5c:a9:3f:4a:61:0e:d3:eb:3c:
                    9e:ce:bb:cb:3d:4c:2f:a7:54:27:f3:a0:fa:8e:2d:
                    65:d4:ee:2f:a4:13:3c:e2:8e:1e:a0:b5:47:61:a4:
                    09:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:EC:C6:37:C0:19:BD:1D:5A:43:8B:F6:92:ED:B9:48:90:F7:AC:85
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/a-zGN8AZvR1aQ4v2ku25SJD3rIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         82:71:23:71:6f:10:90:e4:7f:2a:3d:40:8e:fe:d1:35:15:92:
         15:53:cb:d1:2c:ba:dc:fc:67:cf:4d:b4:5c:62:a3:53:1b:3e:
         f4:b9:3f:ad:51:01:e8:ce:3d:7b:4a:80:c5:80:19:89:2b:e2:
         27:f8:e0:c2:14:28:a7:a0:ae:69:85:30:10:29:de:cf:a2:f6:
         36:59:2c:d3:1b:be:7c:ac:c5:f0:0a:bc:f9:d7:c8:29:e2:a6:
         d8:c8:f2:ba:0b:c0:87:67:80:c6:15:8b:5f:55:5b:36:87:5d:
         50:da:b6:24:3e:63:00:c4:30:c8:4a:36:fe:25:7c:28:e2:1d:
         41:e6:2a:e5:5c:d3:e1:55:e8:f3:c0:46:5a:50:ec:95:79:2b:
         ac:67:83:08:53:65:05:dd:8c:83:df:57:2c:4c:c9:6a:54:24:
         f9:f1:0e:ff:36:25:c4:65:b2:9c:e3:a8:31:86:c7:36:be:21:
         58:38:09:2e:bd:1c:8c:56:4f:e8:ea:d3:4d:3f:00:c2:2a:03:
         88:9f:df:e9:4f:ab:ee:9f:5c:bd:bc:f6:c4:bd:44:e7:ce:7b:
         a0:17:b2:ec:95:4e:88:7e:90:cd:36:6c:fa:22:5b:f9:83:62:
         19:54:ee:9f:20:a9:0a:e4:14:fa:fa:2b:42:20:49:d5:8a:91:
         d2:72:b3:73
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgYBNQFdt/rpXyJb8VzaOheMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTE0MDIwOTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmVjYzYzN2MwMTliZDFkNWE0MzhiZjY5MmVkYjk0ODkwZjdhYzg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2rhEI45GXFabQZXba75PQtCo0WJ
zde4aQe3rNpPCsHU3U6g6oGDLZ2OF0DQbfoBgW9AHxKDfiVc5h8yQBzTwjPbnMEf
HjriHe8++3aV3aaY32N4Mx5uLLGJqkE3NtpDETh3zBpGB04d/ykJqGOAetm7XtGl
yXaFBcFyfIeV9fwGWg3FhovywJLRx22NBLVtxmYxgS7LdipEKl/kZKJe+qQ1s91Y
Sx4r06W87tIIo8krIZoWvMY3dZnAk0ouV4VBh2H1dF/76MDKJkshnRKxVBx2Gre4
otpcqT9KYQ7T6zyezrvLPUwvp1Qn86D6ji1l1O4vpBM84o4eoLVHYaQJSwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGvsxjfAGb0dWkOL9pLtuUiQ96yFMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvYS16R044QVp2UjFhUTR2Mmt1MjVTSkQzcklVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIJxI3FvEJDkfyo9QI7+
0TUVkhVTy9Esutz8Z89NtFxio1MbPvS5P61RAejOPXtKgMWAGYkr4if44MIUKKeg
rmmFMBAp3s+i9jZZLNMbvnysxfAKvPnXyCniptjI8roLwIdngMYVi19VWzaHXVDa
tiQ+YwDEMMhKNv4lfCjiHUHmKuVc0+FV6PPARlpQ7JV5K6xngwhTZQXdjIPfVyxM
yWpUJPnxDv82JcRlspzjqDGGxza+IVg4CS69HIxWT+jq000/AMIqA4if3+lPq+6f
XL289sS9ROfOe6AXsuyVToh+kM02bPoiW/mDYhlU7p8gqQrkFPr6K0IgSdWKkdJy
s3M=
-----END CERTIFICATE-----