Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/aTB1DFSImpdtfJrotkCblKaujCU.roa
File:                     aTB1DFSImpdtfJrotkCblKaujCU.roa (raw, json)
Hash identifier:          I1pkciYyqSxVX/q2+ezJ9W/vo//ppkHmX5sIrlmAT9U=
Subject key identifier:   69:30:75:0C:54:88:9A:97:6D:7C:9A:E8:B6:40:9B:94:A6:AE:8C:25
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018795FF7D799FC54C2C19FA868A189BC632
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/aTB1DFSImpdtfJrotkCblKaujCU.roa
Signing time:             Tue 18 Apr 2023 20:12:41 +0000
ROA not before:           Tue 18 Apr 2023 20:12:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:95:ff:7d:79:9f:c5:4c:2c:19:fa:86:8a:18:9b:c6:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 18 20:12:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6930750c54889a976d7c9ae8b6409b94a6ae8c25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:08:19:17:bc:f5:42:6e:e7:ae:ce:c1:e3:56:
                    70:ad:0c:62:56:0f:9b:79:7c:5c:59:15:0a:ea:91:
                    c6:56:86:75:84:54:2d:3a:90:00:79:b4:8b:bc:42:
                    ba:1f:d4:d5:4a:89:30:ea:e6:4c:90:0a:b6:2f:c9:
                    01:46:c0:d7:32:5e:a8:3b:4a:d1:a4:ce:96:1f:f9:
                    20:26:b9:41:f8:a1:2e:50:4d:dd:b6:ce:c2:0d:53:
                    f7:d3:aa:ae:49:ce:c0:ae:7c:72:2a:a4:68:f6:bb:
                    da:37:7c:58:a9:0d:af:67:d4:eb:65:8c:db:db:ca:
                    5c:db:de:84:59:61:73:d4:d6:e7:38:c6:97:67:98:
                    21:45:2f:82:db:cb:c3:6d:65:51:dc:58:ca:4d:d0:
                    21:de:e2:5a:f4:cd:ad:6b:ea:39:a4:e3:58:02:45:
                    90:fb:72:56:45:37:c9:cb:21:94:07:75:ac:98:23:
                    a5:9f:cf:b1:21:b6:80:7b:76:2c:fb:53:bc:7c:1f:
                    d0:80:1a:ee:f8:93:1d:a8:bf:cf:31:3c:5c:00:6b:
                    df:e2:b8:2e:7f:b9:9e:51:42:b9:8e:02:df:89:03:
                    34:03:69:18:c6:be:b5:d9:65:1c:bd:2c:3d:d0:70:
                    39:13:3f:05:c9:33:8e:09:3b:30:e8:13:cb:b1:fb:
                    4c:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:30:75:0C:54:88:9A:97:6D:7C:9A:E8:B6:40:9B:94:A6:AE:8C:25
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/aTB1DFSImpdtfJrotkCblKaujCU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         67:bf:63:ca:fe:ca:66:f8:e1:78:7b:09:3c:ae:13:5a:bb:b7:
         a2:23:e9:87:f0:72:0b:d8:6d:bd:a6:bb:1d:b6:aa:63:2d:16:
         75:bc:23:9a:7d:f5:19:cd:79:3b:9d:f1:e4:85:a7:69:4d:77:
         9b:d2:c2:0d:39:db:bd:21:81:84:a9:0f:23:d6:78:ca:42:af:
         67:85:c5:60:91:d9:41:9c:9f:d1:e1:33:1a:82:3a:02:fd:bb:
         da:5e:2f:e6:c2:ae:ed:45:3a:ba:90:99:74:b1:a1:a7:85:40:
         a8:38:1c:a4:f8:c4:34:ed:50:57:14:fc:6c:db:5d:75:12:20:
         04:a9:ae:5a:87:f2:d0:bf:bd:0e:13:f0:0c:46:51:f0:50:14:
         b4:74:a0:7b:72:e9:db:ef:31:e1:9c:d9:e2:ea:59:7d:be:c4:
         a0:87:e4:cc:4c:ae:35:71:70:ff:d1:63:c1:4f:1f:9c:fb:15:
         a7:3e:b2:e5:a1:b8:69:15:2f:f4:2b:fa:9b:3a:30:f3:dc:29:
         47:f4:c3:4f:4f:89:f6:cf:33:ef:2d:57:eb:85:e5:5a:ce:a3:
         63:ae:a9:2d:7e:d1:af:6c:fa:5d:9e:89:bf:f9:c5:4c:1f:ca:
         9d:96:7e:57:55:4b:45:23:ce:ba:64:fe:7e:c2:7c:52:82:cd:
         07:72:a6:60
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYeV/315n8VMLBn6hooYm8YyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDE4MjAxMjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTMwNzUwYzU0ODg5YTk3NmQ3YzlhZThiNjQwOWI5NGE2YWU4YzI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQgZF7z1Qm7nrs7B41ZwrQxiVg+b
eXxcWRUK6pHGVoZ1hFQtOpAAebSLvEK6H9TVSokw6uZMkAq2L8kBRsDXMl6oO0rR
pM6WH/kgJrlB+KEuUE3dts7CDVP306quSc7ArnxyKqRo9rvaN3xYqQ2vZ9TrZYzb
28pc296EWWFz1NbnOMaXZ5ghRS+C28vDbWVR3FjKTdAh3uJa9M2ta+o5pONYAkWQ
+3JWRTfJyyGUB3WsmCOln8+xIbaAe3Ys+1O8fB/QgBru+JMdqL/PMTxcAGvf4rgu
f7meUUK5jgLfiQM0A2kYxr612WUcvSw90HA5Ez8FyTOOCTsw6BPLsftMywIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGkwdQxUiJqXbXya6LZAm5SmrowlMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvYVRCMURGU0ltcGR0Zkpyb3RrQ2JsS2F1akNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGe/Y8r+ymb44Xh7CTyu
E1q7t6Ij6YfwcgvYbb2mux22qmMtFnW8I5p99RnNeTud8eSFp2lNd5vSwg05270h
gYSpDyPWeMpCr2eFxWCR2UGcn9HhMxqCOgL9u9peL+bCru1FOrqQmXSxoaeFQKg4
HKT4xDTtUFcU/GzbXXUSIASprlqH8tC/vQ4T8AxGUfBQFLR0oHty6dvvMeGc2eLq
WX2+xKCH5MxMrjVxcP/RY8FPH5z7Fac+suWhuGkVL/Qr+ps6MPPcKUf0w09PifbP
M+8tV+uF5VrOo2OuqS1+0a9s+l2eib/5xUwfyp2WfldVS0Ujzrpk/n7CfFKCzQdy
pmA=
-----END CERTIFICATE-----