Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/aHekj0pF7K8gywh_y78A85a0lB8.roa
File:                     aHekj0pF7K8gywh_y78A85a0lB8.roa (raw, json)
Hash identifier:          SVd+Ukn431od2HHylul/kgfQ8jnnSkq77Hus57icxYM=
Subject key identifier:   68:77:A4:8F:4A:45:EC:AF:20:CB:08:7F:CB:BF:00:F3:96:B4:94:1F
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018775CD203CF70DFADCF17A797659C55E61
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/aHekj0pF7K8gywh_y78A85a0lB8.roa
Signing time:             Wed 12 Apr 2023 14:09:50 +0000
ROA not before:           Wed 12 Apr 2023 14:09:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:75:cd:20:3c:f7:0d:fa:dc:f1:7a:79:76:59:c5:5e:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 12 14:09:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6877a48f4a45ecaf20cb087fcbbf00f396b4941f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:bd:60:ba:f9:b3:b0:0f:35:46:0d:cb:54:07:
                    1c:b0:ad:34:1d:0a:5c:51:a1:45:2f:5a:aa:de:ac:
                    f9:55:e5:a4:90:93:a1:71:65:22:01:97:9d:b0:37:
                    7e:d7:6d:fa:35:5c:9b:95:a6:2f:15:bf:c5:3a:07:
                    3f:f8:30:da:61:26:5c:0f:52:f9:87:ee:2f:42:80:
                    67:97:35:c8:4a:73:b8:c2:19:52:68:f7:f2:cc:36:
                    20:42:e7:dc:f4:44:75:f4:5b:44:1f:e4:d5:18:71:
                    1d:f1:be:09:ac:65:9b:af:e8:b5:c3:c3:1d:93:ff:
                    ab:b7:03:1c:12:2e:e8:5a:23:07:88:45:17:38:62:
                    0b:8b:cb:30:e7:b7:c1:e7:35:48:49:3a:b1:2a:be:
                    56:f9:cc:00:e1:35:e7:51:73:a3:bf:ec:c8:22:1c:
                    fa:e3:4e:e0:b6:65:7d:b8:6e:b5:63:a3:a7:d7:04:
                    44:fc:fd:37:62:c8:fb:4b:bc:cc:41:0c:ce:ec:a1:
                    ba:61:78:2c:c6:64:d5:f9:7a:9e:29:ce:57:db:27:
                    e3:9d:5c:f3:14:54:9f:b7:06:b0:e4:bb:c7:f3:3d:
                    61:eb:2a:5f:09:2c:fb:26:0e:88:d5:48:6b:95:fa:
                    bf:38:60:c5:c4:28:25:45:d1:82:7d:f6:18:64:ec:
                    cc:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:77:A4:8F:4A:45:EC:AF:20:CB:08:7F:CB:BF:00:F3:96:B4:94:1F
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/aHekj0pF7K8gywh_y78A85a0lB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         48:78:13:d7:db:87:70:04:45:fb:ee:31:ac:cf:0c:70:4d:e5:
         d5:40:da:bf:c6:eb:74:18:51:d7:c5:5b:f0:44:40:0f:97:ec:
         c8:ce:ed:13:8b:9f:e7:68:8c:2c:ea:3b:09:90:db:57:80:9d:
         79:2f:11:3d:cd:fd:56:3c:1a:1a:ca:4d:5f:10:ac:98:b9:d2:
         25:01:ef:a0:0d:c9:54:23:23:c4:74:c3:c9:cd:63:2c:d8:90:
         03:8e:35:98:44:a3:31:fd:3d:8d:c5:19:8d:18:29:9f:15:4c:
         91:96:9f:00:c3:e0:3c:6e:78:59:2a:82:35:7c:57:8c:97:1c:
         9c:17:f8:3c:28:af:33:5d:9c:99:cc:32:d2:b7:ba:d4:af:1e:
         2a:ad:42:ba:fb:e4:9d:63:29:8f:18:7c:12:9a:ec:42:93:11:
         89:14:8a:00:dd:8d:66:2a:f0:80:08:a5:49:c0:16:cf:60:9f:
         36:ac:dd:43:9b:fb:16:94:5b:7c:cf:e1:9d:3f:bf:ab:66:51:
         f5:e9:91:49:9c:6f:ba:1b:14:c5:62:37:17:6b:18:80:ce:ba:
         1a:c7:f3:21:46:3d:d7:3f:43:8d:80:4f:ec:4f:c4:ce:20:9c:
         40:81:12:cb:5f:75:e7:e9:6f:85:b0:02:27:15:64:a2:e1:72:
         60:ac:0d:e4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYd1zSA89w363PF6eXZZxV5hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDEyMTQwOTUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODc3YTQ4ZjRhNDVlY2FmMjBjYjA4N2ZjYmJmMDBmMzk2YjQ5NDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk71guvmzsA81Rg3LVAccsK00HQpc
UaFFL1qq3qz5VeWkkJOhcWUiAZedsDd+1236NVyblaYvFb/FOgc/+DDaYSZcD1L5
h+4vQoBnlzXISnO4whlSaPfyzDYgQufc9ER19FtEH+TVGHEd8b4JrGWbr+i1w8Md
k/+rtwMcEi7oWiMHiEUXOGILi8sw57fB5zVISTqxKr5W+cwA4TXnUXOjv+zIIhz6
407gtmV9uG61Y6On1wRE/P03Ysj7S7zMQQzO7KG6YXgsxmTV+XqeKc5X2yfjnVzz
FFSftwaw5LvH8z1h6ypfCSz7Jg6I1Uhrlfq/OGDFxCglRdGCffYYZOzMFwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGh3pI9KReyvIMsIf8u/APOWtJQfMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvYUhla2owcEY3SzhneXdoX3k3OEE4NWEwbEI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEh4E9fbh3AERfvuMazP
DHBN5dVA2r/G63QYUdfFW/BEQA+X7MjO7ROLn+dojCzqOwmQ21eAnXkvET3N/VY8
GhrKTV8QrJi50iUB76ANyVQjI8R0w8nNYyzYkAOONZhEozH9PY3FGY0YKZ8VTJGW
nwDD4DxueFkqgjV8V4yXHJwX+DworzNdnJnMMtK3utSvHiqtQrr75J1jKY8YfBKa
7EKTEYkUigDdjWYq8IAIpUnAFs9gnzas3UOb+xaUW3zP4Z0/v6tmUfXpkUmcb7ob
FMViNxdrGIDOuhrH8yFGPdc/Q42AT+xPxM4gnECBEstfdefpb4WwAicVZKLhcmCs
DeQ=
-----END CERTIFICATE-----