Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/anS4AE0vAN97rFmVvnKFUpYzQ-0.roa
File:                     anS4AE0vAN97rFmVvnKFUpYzQ-0.roa (raw, json)
Hash identifier:          vWnLZ9GTGR6TQReSSrEoOlxcTW4Iy5sPPn9aJRX9Qfg=
Subject key identifier:   6A:74:B8:00:4D:2F:00:DF:7B:AC:59:95:BE:72:85:52:96:33:43:ED
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01873271855E61170DA44BEABCF57B6A1FB8
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/anS4AE0vAN97rFmVvnKFUpYzQ-0.roa
Signing time:             Thu 30 Mar 2023 12:15:13 +0000
ROA not before:           Thu 30 Mar 2023 12:15:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:32:71:85:5e:61:17:0d:a4:4b:ea:bc:f5:7b:6a:1f:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 30 12:15:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6a74b8004d2f00df7bac5995be728552963343ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:2f:c6:63:e7:13:31:2a:63:81:a7:ce:9e:13:
                    4a:a6:df:a8:00:56:27:97:90:7e:7c:94:60:1c:db:
                    01:0f:0b:e8:a3:e4:ee:35:47:28:51:e5:d4:7b:cc:
                    c1:3a:df:49:8b:51:79:07:d3:81:8c:ba:a2:3e:b1:
                    68:1a:1d:8a:aa:f3:0c:ae:ab:2c:10:02:e7:e0:b8:
                    b1:3d:42:45:86:77:7b:e0:0c:93:9f:df:c7:eb:c9:
                    cb:f1:2c:74:39:6c:ff:bb:1a:6e:39:c2:63:3e:40:
                    cd:eb:7a:59:d6:18:b4:32:c4:a0:03:4b:db:24:39:
                    6f:45:4a:7a:ab:37:97:f8:56:31:1b:b9:b2:ce:6d:
                    28:c4:85:b5:4f:64:e9:30:a4:ce:62:27:48:d6:0a:
                    32:03:bd:14:64:65:b3:7c:79:33:43:cb:04:5f:8c:
                    65:f5:c5:52:5f:51:05:38:38:0b:b9:0b:3f:22:7a:
                    ad:e3:d5:1c:d8:df:bc:cf:a4:63:d8:3e:5a:b6:d9:
                    b8:2c:8c:01:46:1c:8d:a9:ce:e9:0d:3f:24:6a:45:
                    65:5e:83:10:e0:08:93:23:22:1d:56:b6:80:4f:4e:
                    4a:00:3b:ee:65:df:ee:78:11:db:63:5a:3a:0c:e6:
                    15:6a:18:78:9d:85:ed:c5:05:9f:fc:d6:dc:84:8f:
                    b7:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:74:B8:00:4D:2F:00:DF:7B:AC:59:95:BE:72:85:52:96:33:43:ED
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/anS4AE0vAN97rFmVvnKFUpYzQ-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:a6:92:bd:02:2f:8c:a7:37:89:c2:d1:a2:4a:bd:4e:98:7a:
         f5:dd:a5:f8:0c:08:eb:9a:e6:f0:43:c0:a9:7c:a4:5b:ad:b1:
         06:72:c3:ab:9b:c8:0a:ca:db:8d:3b:cb:c6:12:2a:9d:0b:74:
         8d:7b:fa:53:c1:dd:65:8b:25:0d:d4:96:bc:a3:e9:c8:23:ee:
         5d:f9:c1:8e:1d:62:bc:43:62:69:61:62:06:8a:2f:ed:99:17:
         44:90:d4:fc:de:94:41:8a:8d:12:3b:3e:45:24:0e:22:37:19:
         5a:25:59:55:f3:93:fb:89:d3:de:75:3a:af:5f:7b:eb:03:e0:
         39:70:94:f7:e5:40:88:66:40:67:8f:75:35:83:e2:32:85:b0:
         17:b1:b2:bb:4e:48:4b:11:4f:e3:f3:2b:c9:c4:5f:cb:dd:5f:
         35:cc:21:49:26:3e:6f:4d:d4:ab:98:22:9a:62:03:f3:46:48:
         a8:12:94:af:37:b4:ab:b8:af:2f:44:be:2b:a3:44:75:5a:1e:
         49:3a:b7:57:41:36:90:55:9e:b4:51:de:e7:88:31:1c:c2:ee:
         eb:98:ed:f5:fd:e6:95:72:e3:8b:0a:cc:eb:6b:8c:22:10:3d:
         c2:e8:aa:dd:a4:a5:e5:88:1e:85:22:71:fd:67:7a:84:ae:38:
         91:9b:1d:ce
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcycYVeYRcNpEvqvPV7ah+4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzMwMTIxNTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTc0YjgwMDRkMmYwMGRmN2JhYzU5OTViZTcyODU1Mjk2MzM0M2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjy/GY+cTMSpjgafOnhNKpt+oAFYn
l5B+fJRgHNsBDwvoo+TuNUcoUeXUe8zBOt9Ji1F5B9OBjLqiPrFoGh2KqvMMrqss
EALn4LixPUJFhnd74AyTn9/H68nL8Sx0OWz/uxpuOcJjPkDN63pZ1hi0MsSgA0vb
JDlvRUp6qzeX+FYxG7myzm0oxIW1T2TpMKTOYidI1goyA70UZGWzfHkzQ8sEX4xl
9cVSX1EFODgLuQs/Inqt49Uc2N+8z6Rj2D5attm4LIwBRhyNqc7pDT8kakVlXoMQ
4AiTIyIdVraAT05KADvuZd/ueBHbY1o6DOYVahh4nYXtxQWf/NbchI+3WwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGp0uABNLwDfe6xZlb5yhVKWM0PtMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvYW5TNEFFMHZBTjk3ckZtVnZuS0ZVcFl6US0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHymkr0CL4ynN4nC0aJK
vU6YevXdpfgMCOua5vBDwKl8pFutsQZyw6ubyArK2407y8YSKp0LdI17+lPB3WWL
JQ3Ulryj6cgj7l35wY4dYrxDYmlhYgaKL+2ZF0SQ1PzelEGKjRI7PkUkDiI3GVol
WVXzk/uJ0951Oq9fe+sD4DlwlPflQIhmQGePdTWD4jKFsBexsrtOSEsRT+PzK8nE
X8vdXzXMIUkmPm9N1KuYIppiA/NGSKgSlK83tKu4ry9EviujRHVaHkk6t1dBNpBV
nrRR3ueIMRzC7uuY7fX95pVy44sKzOtrjCIQPcLoqt2kpeWIHoUicf1neoSuOJGb
Hc4=
-----END CERTIFICATE-----