Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/bRxkwsKBWkR7ZoWVmuN8BQvQYXM.roa
File:                     bRxkwsKBWkR7ZoWVmuN8BQvQYXM.roa (raw, json)
Hash identifier:          Z1cghS/frHXcacANzrx353Ipb+Gt2ZRV8d1KjmbF1AM=
Subject key identifier:   6D:1C:64:C2:C2:81:5A:44:7B:66:85:95:9A:E3:7C:05:0B:D0:61:73
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186D5F33F1DC2415BD9F1CE00D6EB1666F6
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/bRxkwsKBWkR7ZoWVmuN8BQvQYXM.roa
Signing time:             Sun 12 Mar 2023 13:12:13 +0000
ROA not before:           Sun 12 Mar 2023 13:12:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:d5:f3:3f:1d:c2:41:5b:d9:f1:ce:00:d6:eb:16:66:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 12 13:12:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6d1c64c2c2815a447b6685959ae37c050bd06173
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:8e:c5:f8:58:9f:d3:c8:76:cc:cc:00:b4:60:
                    fc:fe:19:0f:2a:8d:71:16:28:ac:32:6e:1e:22:00:
                    ad:89:4d:66:51:11:c0:87:06:8e:a9:53:88:82:25:
                    91:a3:4e:f4:72:c2:5f:d5:c9:f0:e5:6d:5f:5b:a1:
                    fb:4e:a4:60:84:6b:4c:4f:46:0c:1e:d3:21:04:d3:
                    f7:70:6a:ce:84:29:d2:b7:6f:18:b9:61:0e:6c:dc:
                    b5:03:f0:c5:3c:1e:46:9b:36:86:d3:5b:59:2b:c2:
                    89:5d:7b:43:fb:b9:86:af:83:55:71:99:9a:c1:0d:
                    6e:b0:0a:f8:41:e3:ce:e0:39:75:b8:90:0e:df:0a:
                    e2:0d:30:1f:49:de:23:5d:a9:0b:99:74:cb:69:5c:
                    fa:3f:88:c6:27:73:76:29:85:36:58:b2:5b:f1:27:
                    78:47:39:e4:83:5f:bf:bf:4a:61:6e:27:ab:20:62:
                    e2:33:d1:95:42:7c:4f:42:ff:05:fe:95:5a:ce:91:
                    0e:16:fa:df:38:72:60:96:69:84:a6:b6:0a:b7:35:
                    7a:42:08:77:d8:d7:fd:73:76:ae:62:4c:f6:5e:c8:
                    4c:c6:e3:b1:ef:7a:77:a7:9b:a7:ee:4d:0d:d6:1d:
                    bb:dc:8d:fc:7d:15:d0:4f:1f:e7:ec:ae:a1:7e:3c:
                    a8:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:1C:64:C2:C2:81:5A:44:7B:66:85:95:9A:E3:7C:05:0B:D0:61:73
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/bRxkwsKBWkR7ZoWVmuN8BQvQYXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2f:95:6a:51:27:cd:b2:21:a7:b3:b3:51:d9:0c:70:dd:09:8a:
         00:9e:0e:39:e6:6c:02:af:3b:93:c5:cd:7a:cc:6b:f0:8c:c2:
         be:b1:a6:e1:a1:2f:e1:ae:20:5c:4a:3e:82:0c:b0:d5:d0:99:
         a5:02:21:3d:6d:59:6b:5e:9a:a6:7a:63:97:34:23:1b:3d:48:
         49:cf:16:22:d3:85:2e:b6:c7:66:2a:55:17:22:02:d3:03:74:
         f7:94:b2:55:81:82:2b:b7:22:9e:4b:10:7d:bf:89:96:09:e5:
         b4:18:a3:31:3d:6a:99:c0:17:2b:56:ae:25:c4:3e:d8:58:46:
         59:3b:88:d8:ae:da:30:2f:12:01:24:27:e6:d9:2a:cb:59:d1:
         d0:e3:ce:2e:73:4f:e2:d9:55:fe:a1:af:96:99:b8:9d:90:7c:
         4a:79:1f:88:fe:b7:53:51:be:ff:31:0f:43:c8:07:2d:a6:2b:
         88:a9:e0:15:67:a3:b6:68:24:fa:a4:55:23:2a:f0:95:f2:a6:
         fa:b4:09:87:c7:bc:21:0b:ff:df:8c:4d:a0:95:2b:71:79:dd:
         9a:e6:92:41:c3:87:f7:fe:dc:e7:4a:1e:b3:06:84:f9:b6:e1:
         6c:5b:e7:49:54:3d:5e:0e:da:99:d4:5d:ed:7a:b9:54:fe:1a:
         15:f9:fe:74
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbV8z8dwkFb2fHOANbrFmb2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzEyMTMxMjEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDFjNjRjMmMyODE1YTQ0N2I2Njg1OTU5YWUzN2MwNTBiZDA2MTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqY7F+Fif08h2zMwAtGD8/hkPKo1x
FiisMm4eIgCtiU1mURHAhwaOqVOIgiWRo070csJf1cnw5W1fW6H7TqRghGtMT0YM
HtMhBNP3cGrOhCnSt28YuWEObNy1A/DFPB5GmzaG01tZK8KJXXtD+7mGr4NVcZma
wQ1usAr4QePO4Dl1uJAO3wriDTAfSd4jXakLmXTLaVz6P4jGJ3N2KYU2WLJb8Sd4
Rznkg1+/v0phbierIGLiM9GVQnxPQv8F/pVazpEOFvrfOHJglmmEprYKtzV6Qgh3
2Nf9c3auYkz2XshMxuOx73p3p5un7k0N1h273I38fRXQTx/n7K6hfjyoKwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFG0cZMLCgVpEe2aFlZrjfAUL0GFzMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvYlJ4a3dzS0JXa1I3Wm9XVm11TjhCUXZRWVhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAC+ValEnzbIhp7OzUdkM
cN0JigCeDjnmbAKvO5PFzXrMa/CMwr6xpuGhL+GuIFxKPoIMsNXQmaUCIT1tWWte
mqZ6Y5c0Ixs9SEnPFiLThS62x2YqVRciAtMDdPeUslWBgiu3Ip5LEH2/iZYJ5bQY
ozE9apnAFytWriXEPthYRlk7iNiu2jAvEgEkJ+bZKstZ0dDjzi5zT+LZVf6hr5aZ
uJ2QfEp5H4j+t1NRvv8xD0PIBy2mK4ip4BVno7ZoJPqkVSMq8JXypvq0CYfHvCEL
/9+MTaCVK3F53ZrmkkHDh/f+3OdKHrMGhPm24Wxb50lUPV4O2pnUXe16uVT+GhX5
/nQ=
-----END CERTIFICATE-----