Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/aBxsMsOH4X5wbvtlykuz4rKuD_c.roa
File:                     aBxsMsOH4X5wbvtlykuz4rKuD_c.roa (raw, json)
Hash identifier:          gSdkTmm8ot8gxlp+AMkz2S/aOoHoqHS+RtR670U4KCk=
Subject key identifier:   68:1C:6C:32:C3:87:E1:7E:70:6E:FB:65:CA:4B:B3:E2:B2:AE:0F:F7
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187C7FBD09C44B6B1432D49CE644C53CFC1
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/aBxsMsOH4X5wbvtlykuz4rKuD_c.roa
Signing time:             Fri 28 Apr 2023 13:09:41 +0000
ROA not before:           Fri 28 Apr 2023 13:09:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:c7:fb:d0:9c:44:b6:b1:43:2d:49:ce:64:4c:53:cf:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 28 13:09:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=681c6c32c387e17e706efb65ca4bb3e2b2ae0ff7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:3a:e4:50:b2:d4:ec:c9:37:62:88:9f:0d:cf:
                    47:8f:08:7c:b9:53:5d:f2:be:16:c1:78:5d:87:4d:
                    fb:8c:4f:79:23:5e:2e:67:21:a6:4c:90:f6:07:bf:
                    6b:94:60:2d:9e:34:e1:b2:89:86:f2:51:e4:a0:f7:
                    d5:f0:4b:ee:fd:d4:04:4b:d9:ad:18:35:f6:63:75:
                    5a:43:1c:9e:87:5b:10:7f:32:d3:74:29:a7:e2:d1:
                    e9:0c:82:e4:47:e0:fc:5e:5b:82:06:d9:0c:a3:f8:
                    21:dc:0a:e2:b6:d1:0c:fb:66:12:2c:45:41:88:1f:
                    6f:9b:f7:52:b1:c0:23:5b:70:3b:22:f1:65:ac:3c:
                    05:84:33:e1:e3:3b:7c:e2:2a:de:a7:e4:72:1b:a0:
                    af:10:dd:e8:83:57:aa:5d:14:c5:bb:2f:13:71:86:
                    e7:39:39:87:73:66:bf:8c:17:5f:f5:2f:dc:02:00:
                    c1:47:41:88:cb:1e:5d:f0:12:b5:ce:91:87:e9:43:
                    12:31:e8:a4:75:c5:bc:55:76:86:d2:29:fd:f7:0b:
                    a6:95:a4:6b:c7:08:cb:ea:ae:39:52:0f:be:e1:3b:
                    ef:71:52:3a:0f:c4:26:da:8b:05:88:57:26:8b:be:
                    45:dc:89:25:4d:b8:b5:a4:41:26:b3:1f:21:ee:85:
                    aa:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:1C:6C:32:C3:87:E1:7E:70:6E:FB:65:CA:4B:B3:E2:B2:AE:0F:F7
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/aBxsMsOH4X5wbvtlykuz4rKuD_c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         66:3f:cb:b0:ec:60:65:fd:86:73:c0:a8:f0:57:71:0e:8d:e0:
         ae:16:c0:2c:58:ff:8d:ae:cd:be:5f:d9:6a:90:ad:f7:36:a0:
         b2:ea:79:da:88:a6:d3:ea:64:5e:1f:87:20:cb:a2:b9:2e:af:
         ac:81:93:e2:aa:b0:c9:d8:30:2d:a5:e9:d3:da:f4:01:e6:12:
         ae:d9:df:08:f8:fa:22:30:72:69:c9:db:b9:5d:90:f3:17:e7:
         b0:9e:14:8d:94:ff:cc:43:20:b2:d9:3a:c4:fd:d0:81:ad:76:
         9a:87:a3:2f:95:85:ed:c9:8e:37:a5:89:7c:8a:84:8e:da:aa:
         e8:cf:bf:2c:21:1d:61:33:7b:b9:4e:46:e4:c4:d5:57:7f:35:
         1b:ab:e0:ad:6b:30:3b:d9:ab:0c:0a:25:2c:f3:d4:ba:08:18:
         7a:fc:23:f5:b2:93:23:00:bf:ab:4a:22:2a:23:82:40:9e:3d:
         47:60:41:3e:d2:82:cf:6c:e3:8a:1e:19:4a:e9:35:ef:fb:5a:
         67:31:63:1a:99:9e:9d:41:8f:f7:9a:6b:58:a8:06:85:c2:f1:
         1d:a4:58:a8:e3:a9:6a:e1:05:ca:28:c9:87:11:fb:7e:84:23:
         dd:41:f3:ec:8b:29:58:64:c8:14:2b:b4:ed:75:e7:2c:90:7f:
         4d:1e:65:91
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfH+9CcRLaxQy1JzmRMU8/BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDI4MTMwOTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODFjNmMzMmMzODdlMTdlNzA2ZWZiNjVjYTRiYjNlMmIyYWUwZmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgTrkULLU7Mk3YoifDc9Hjwh8uVNd
8r4WwXhdh037jE95I14uZyGmTJD2B79rlGAtnjThsomG8lHkoPfV8Evu/dQES9mt
GDX2Y3VaQxyeh1sQfzLTdCmn4tHpDILkR+D8XluCBtkMo/gh3ArittEM+2YSLEVB
iB9vm/dSscAjW3A7IvFlrDwFhDPh4zt84irep+RyG6CvEN3og1eqXRTFuy8TcYbn
OTmHc2a/jBdf9S/cAgDBR0GIyx5d8BK1zpGH6UMSMeikdcW8VXaG0in99wumlaRr
xwjL6q45Ug++4TvvcVI6D8Qm2osFiFcmi75F3IklTbi1pEEmsx8h7oWqRwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGgcbDLDh+F+cG77ZcpLs+Kyrg/3MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvYUJ4c01zT0g0WDV3YnZ0bHlrdXo0ckt1RF9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGY/y7DsYGX9hnPAqPBX
cQ6N4K4WwCxY/42uzb5f2WqQrfc2oLLqedqIptPqZF4fhyDLorkur6yBk+KqsMnY
MC2l6dPa9AHmEq7Z3wj4+iIwcmnJ27ldkPMX57CeFI2U/8xDILLZOsT90IGtdpqH
oy+Vhe3JjjeliXyKhI7aqujPvywhHWEze7lORuTE1Vd/NRur4K1rMDvZqwwKJSzz
1LoIGHr8I/WykyMAv6tKIiojgkCePUdgQT7Sgs9s44oeGUrpNe/7WmcxYxqZnp1B
j/eaa1ioBoXC8R2kWKjjqWrhBcooyYcR+36EI91B8+yLKVhkyBQrtO115yyQf00e
ZZE=
-----END CERTIFICATE-----