Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/bF5OVu_nwg3K_qqxTm-lUe4VcEQ.roa
File:                     bF5OVu_nwg3K_qqxTm-lUe4VcEQ.roa (raw, json)
Hash identifier:          lrkwIDKNH3Mbv50fTTKgMVMhMwXaiiO0LHjO/xV3wc4=
Subject key identifier:   6C:5E:4E:56:EF:E7:C2:0D:CA:FE:AA:B1:4E:6F:A5:51:EE:15:70:44
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018857BB2EC68AD5F33AB7775568D513E4C9
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/bF5OVu_nwg3K_qqxTm-lUe4VcEQ.roa
Signing time:             Fri 26 May 2023 11:04:24 +0000
ROA not before:           Fri 26 May 2023 11:04:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:57bb:1e5b/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:57:bb:2e:c6:8a:d5:f3:3a:b7:77:55:68:d5:13:e4:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 26 11:04:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6c5e4e56efe7c20dcafeaab14e6fa551ee157044
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:45:95:d8:c1:00:10:c7:d0:d8:97:7a:6b:14:
                    88:9c:14:32:da:3b:ac:62:6d:81:3d:82:74:d5:ad:
                    a3:ae:3f:c9:5c:b9:f2:4e:a0:18:8e:77:5a:1b:52:
                    76:aa:3e:e2:b5:f5:d9:90:0e:99:92:f9:17:55:f9:
                    8c:91:fd:32:ec:40:47:23:3f:0d:6d:1f:af:a6:8b:
                    51:5b:47:78:31:32:b6:e9:1e:8c:ec:17:91:31:bb:
                    81:89:13:b4:69:31:b4:26:ba:a6:59:f3:46:01:93:
                    0e:58:e1:ce:39:78:ee:04:e2:40:a7:52:ea:4d:b2:
                    c3:d1:36:36:82:92:f1:86:c6:3e:5a:4a:f8:cc:29:
                    de:9b:b4:b5:9e:e2:fe:da:4b:53:6f:1b:77:54:4b:
                    38:fb:14:d7:57:97:66:98:59:d6:ad:e4:63:6c:8f:
                    22:0c:74:b4:91:b7:49:23:30:fa:59:38:8e:2e:5d:
                    61:2c:dc:6e:76:da:de:00:2d:ba:8c:cb:ee:b2:c6:
                    71:e8:71:58:35:8e:c4:ce:f1:99:b1:a2:98:a7:b9:
                    9e:81:40:6c:a3:57:9e:38:54:41:f9:c3:6b:81:14:
                    d3:db:f5:8c:7d:63:a1:b1:ba:f7:26:57:75:c5:23:
                    fb:f5:be:ce:35:3a:f6:1a:34:c3:8f:66:65:0b:69:
                    f4:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:5E:4E:56:EF:E7:C2:0D:CA:FE:AA:B1:4E:6F:A5:51:EE:15:70:44
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/bF5OVu_nwg3K_qqxTm-lUe4VcEQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         55:4f:df:0a:2c:b2:78:2f:70:7f:de:8d:b3:56:08:93:6d:3f:
         61:19:a0:ea:1a:88:b8:f0:e1:4e:15:3a:54:4f:85:52:e3:4c:
         94:62:cb:cc:d8:d0:83:21:e5:66:05:e0:74:f4:21:21:77:76:
         74:5b:e7:8e:f8:1d:7e:97:d7:6e:af:cf:11:e7:78:7f:14:21:
         0c:f0:2d:1b:25:8f:96:cc:a4:02:e3:42:c2:59:8e:11:29:21:
         9a:c0:eb:52:0e:6a:ed:0f:b8:79:e3:8d:94:3f:32:fd:ef:78:
         3d:8c:9f:8f:ea:f1:6d:f6:71:0b:57:d9:e0:5e:ce:06:90:b9:
         66:d3:59:71:1e:c4:62:06:09:52:0b:d1:9a:a3:15:36:7f:62:
         2e:c1:37:33:cb:0c:82:c0:41:e1:32:30:b4:d9:cd:39:2f:78:
         53:2a:a6:87:dd:f0:70:2d:dc:8d:12:d4:d8:a9:73:65:68:82:
         47:25:bd:22:50:8c:ab:1d:5b:82:bd:26:72:f5:1c:b9:e2:95:
         6b:67:4b:0d:d3:f4:7f:67:a0:aa:66:5a:fc:34:51:51:9b:53:
         ec:a5:04:18:eb:7d:da:d3:0f:0c:db:72:92:dd:e8:c8:1f:b7:
         22:74:bd:65:9f:24:62:42:4e:c6:60:e6:ae:03:f1:15:49:9e:
         f3:90:76:9d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhXuy7GitXzOrd3VWjVE+TJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTI2MTEwNDI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzVlNGU1NmVmZTdjMjBkY2FmZWFhYjE0ZTZmYTU1MWVlMTU3MDQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArUWV2MEAEMfQ2Jd6axSInBQy2jus
Ym2BPYJ01a2jrj/JXLnyTqAYjndaG1J2qj7itfXZkA6ZkvkXVfmMkf0y7EBHIz8N
bR+vpotRW0d4MTK26R6M7BeRMbuBiRO0aTG0JrqmWfNGAZMOWOHOOXjuBOJAp1Lq
TbLD0TY2gpLxhsY+Wkr4zCnem7S1nuL+2ktTbxt3VEs4+xTXV5dmmFnWreRjbI8i
DHS0kbdJIzD6WTiOLl1hLNxudtreAC26jMvussZx6HFYNY7EzvGZsaKYp7megUBs
o1eeOFRB+cNrgRTT2/WMfWOhsbr3Jld1xSP79b7ONTr2GjTDj2ZlC2n00wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGxeTlbv58INyv6qsU5vpVHuFXBEMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvYkY1T1Z1X253ZzNLX3FxeFRtLWxVZTRWY0VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFVP3wossngvcH/ejbNW
CJNtP2EZoOoaiLjw4U4VOlRPhVLjTJRiy8zY0IMh5WYF4HT0ISF3dnRb5474HX6X
126vzxHneH8UIQzwLRslj5bMpALjQsJZjhEpIZrA61IOau0PuHnjjZQ/Mv3veD2M
n4/q8W32cQtX2eBezgaQuWbTWXEexGIGCVIL0ZqjFTZ/Yi7BNzPLDILAQeEyMLTZ
zTkveFMqpofd8HAt3I0S1Nipc2VogkclvSJQjKsdW4K9JnL1HLnilWtnSw3T9H9n
oKpmWvw0UVGbU+ylBBjrfdrTDwzbcpLd6MgftyJ0vWWfJGJCTsZg5q4D8RVJnvOQ
dp0=
-----END CERTIFICATE-----