Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/aXpHoIHv_O9LTauz3qUBbJ7xJuk.roa
File:                     aXpHoIHv_O9LTauz3qUBbJ7xJuk.roa (raw, json)
Hash identifier:          AcvRXsxwLjadiZSv2SFI9GA9/k+vWax9vt0Uc+p2tv0=
Subject key identifier:   69:7A:47:A0:81:EF:FC:EF:4B:4D:AB:B3:DE:A5:01:6C:9E:F1:26:E9
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187F50DA773E839C4058FE81AD2ECB747A6
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/aXpHoIHv_O9LTauz3qUBbJ7xJuk.roa
Signing time:             Sun 07 May 2023 07:12:05 +0000
ROA not before:           Sun 07 May 2023 07:12:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:f5:0d:a7:73:e8:39:c4:05:8f:e8:1a:d2:ec:b7:47:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  7 07:12:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=697a47a081effcef4b4dabb3dea5016c9ef126e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:bb:7e:6a:4b:2a:e9:3f:a9:c1:3d:64:fb:01:
                    04:27:c8:96:4b:f5:f3:d9:cc:ca:0e:12:ca:14:05:
                    05:57:6c:f4:c1:52:03:75:d5:43:01:1f:a4:7e:f3:
                    c1:eb:3f:5f:7e:02:15:bc:06:64:f2:5a:28:14:94:
                    16:c4:f3:58:e8:c1:7c:9d:d3:e3:f4:d3:62:27:c5:
                    5c:7f:50:0f:9b:c4:f6:4d:ca:1c:4d:8c:5a:7e:1a:
                    2f:a9:e7:48:73:51:2f:1e:3d:a4:18:6f:b6:62:d6:
                    69:9c:0a:87:83:17:d6:a0:eb:ad:ba:62:6e:16:12:
                    2a:5f:94:d0:68:d7:e2:29:eb:f1:4a:41:fb:47:bf:
                    2f:39:c3:e9:79:89:c7:86:cc:8c:cf:19:0f:1b:df:
                    6c:52:72:97:04:8c:b9:7a:3f:9a:4a:ee:b3:e0:2f:
                    db:03:c9:2c:0b:a3:23:65:d6:b8:45:c0:67:ac:62:
                    f1:b3:d9:06:31:94:47:97:c8:f8:75:6b:4d:0e:41:
                    2c:0e:dd:a7:06:01:65:fb:b1:07:4a:9b:48:14:85:
                    ff:97:3c:54:d1:bd:dc:98:44:32:b4:37:f5:03:a3:
                    c0:e2:72:92:03:2b:5d:74:01:8c:ff:67:2f:4f:ec:
                    13:2a:39:91:a8:a1:f0:fd:8d:2d:28:e7:98:99:43:
                    fe:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:7A:47:A0:81:EF:FC:EF:4B:4D:AB:B3:DE:A5:01:6C:9E:F1:26:E9
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/aXpHoIHv_O9LTauz3qUBbJ7xJuk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         6b:3e:e8:2a:f0:32:9f:54:a2:c9:20:66:d1:15:b3:6e:58:50:
         05:4b:23:41:9f:0c:fa:1c:1a:bc:4c:d6:13:b2:e2:56:63:6f:
         b9:11:9d:b4:ff:74:cb:1a:be:c5:f1:d0:ba:fa:96:d3:db:27:
         15:b2:7e:93:da:bc:35:fb:e3:59:ca:e5:20:58:d9:a1:cc:57:
         b4:33:9b:65:ea:ff:9d:8f:73:fc:17:c7:aa:a9:30:e6:df:d7:
         a8:3e:4d:e3:85:32:5b:11:22:4b:24:02:b6:28:40:4a:c6:54:
         3e:42:d5:11:32:01:a8:61:c1:11:b8:b2:6c:4e:c4:a2:e6:82:
         1b:27:06:85:28:71:9d:50:35:d6:ea:8c:12:e3:9a:ed:12:9e:
         70:4c:1a:85:c2:2c:d0:bb:79:e9:1e:d5:56:b0:c6:29:3f:0a:
         6d:73:44:ab:81:61:06:5e:50:82:f3:04:69:bb:1b:44:a1:3b:
         5f:74:ff:e8:86:94:33:38:68:78:45:67:3f:4c:71:f7:ae:54:
         03:29:17:cb:1e:5f:15:6b:23:76:02:5d:b4:7d:89:4f:06:5b:
         d5:56:eb:d2:14:60:dc:84:69:0b:59:29:a4:db:2c:6f:63:d6:
         8e:20:b3:86:dd:13:6a:6d:10:03:cb:bc:b1:34:b2:5c:86:0e:
         2b:27:71:8b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYf1Dadz6DnEBY/oGtLst0emMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA3MDcxMjA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTdhNDdhMDgxZWZmY2VmNGI0ZGFiYjNkZWE1MDE2YzllZjEyNmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlbt+aksq6T+pwT1k+wEEJ8iWS/Xz
2czKDhLKFAUFV2z0wVIDddVDAR+kfvPB6z9ffgIVvAZk8looFJQWxPNY6MF8ndPj
9NNiJ8Vcf1APm8T2TcocTYxafhovqedIc1EvHj2kGG+2YtZpnAqHgxfWoOutumJu
FhIqX5TQaNfiKevxSkH7R78vOcPpeYnHhsyMzxkPG99sUnKXBIy5ej+aSu6z4C/b
A8ksC6MjZda4RcBnrGLxs9kGMZRHl8j4dWtNDkEsDt2nBgFl+7EHSptIFIX/lzxU
0b3cmEQytDf1A6PA4nKSAytddAGM/2cvT+wTKjmRqKHw/Y0tKOeYmUP+nwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGl6R6CB7/zvS02rs96lAWye8SbpMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvYVhwSG9JSHZfTzlMVGF1ejNxVUJiSjd4SnVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGs+6CrwMp9UoskgZtEV
s25YUAVLI0GfDPocGrxM1hOy4lZjb7kRnbT/dMsavsXx0Lr6ltPbJxWyfpPavDX7
41nK5SBY2aHMV7Qzm2Xq/52Pc/wXx6qpMObf16g+TeOFMlsRIkskArYoQErGVD5C
1REyAahhwRG4smxOxKLmghsnBoUocZ1QNdbqjBLjmu0SnnBMGoXCLNC7eeke1Vaw
xik/Cm1zRKuBYQZeUILzBGm7G0ShO190/+iGlDM4aHhFZz9McfeuVAMpF8seXxVr
I3YCXbR9iU8GW9VW69IUYNyEaQtZKaTbLG9j1o4gs4bdE2ptEAPLvLE0slyGDisn
cYs=
-----END CERTIFICATE-----