Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cryGnsrZ7mF1ajgO5OJYWyk9fpA.roa
File:                     cryGnsrZ7mF1ajgO5OJYWyk9fpA.roa (raw, json)
Hash identifier:          PXeOV1Qn/+oCm/v2pRs+QakdNMdzHLfTsaOFNYxsP6Q=
Subject key identifier:   72:BC:86:9E:CA:D9:EE:61:75:6A:38:0E:E4:E2:58:5B:29:3D:7E:90
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018830ED3D77906CB10D5917633A3F2A3C97
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cryGnsrZ7mF1ajgO5OJYWyk9fpA.roa
Signing time:             Thu 18 May 2023 22:13:54 +0000
ROA not before:           Thu 18 May 2023 22:13:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:30:ed:3d:77:90:6c:b1:0d:59:17:63:3a:3f:2a:3c:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 18 22:13:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=72bc869ecad9ee61756a380ee4e2585b293d7e90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a7:7d:d1:4c:81:f3:76:7d:5b:75:7a:44:f5:
                    96:22:e5:6c:88:ba:46:42:b7:4a:29:4c:55:17:fb:
                    7e:6f:4d:8d:8c:ed:15:16:85:91:59:1c:80:58:ed:
                    07:d1:79:a9:d1:26:b4:2e:ca:f6:d9:52:cf:c9:27:
                    4c:94:4c:a6:a9:d6:e5:8d:b9:d8:a3:d2:e2:c7:84:
                    3a:32:45:81:40:74:4a:24:72:91:20:d4:87:fb:ed:
                    57:58:27:fb:1e:bd:1b:f5:e5:8a:86:ec:c2:20:e2:
                    da:31:76:1c:30:10:0a:76:f2:2e:b0:a9:0e:2e:6d:
                    b0:8b:6d:a9:dd:9d:00:1d:88:1f:7d:a8:8c:e1:f2:
                    20:e5:7b:c9:41:70:fa:8f:4b:b8:a0:bd:fa:3e:cf:
                    e2:d5:9e:5c:55:98:ef:9c:a5:91:51:df:b9:37:28:
                    ca:fe:d3:ae:a5:32:6e:93:31:1d:b3:b5:46:2f:ec:
                    2d:5a:34:65:aa:28:13:b1:40:30:1a:59:21:9e:1f:
                    28:99:14:c3:97:96:c7:96:67:df:b4:1f:b5:0b:7e:
                    1e:2c:0b:db:af:2d:14:cd:3a:46:5c:f0:dd:99:aa:
                    3d:8c:3d:e5:ca:3c:5f:fd:97:3d:a2:2f:70:8d:d1:
                    fa:12:12:97:05:7f:87:6d:f5:77:38:6e:18:ac:58:
                    bc:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:BC:86:9E:CA:D9:EE:61:75:6A:38:0E:E4:E2:58:5B:29:3D:7E:90
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cryGnsrZ7mF1ajgO5OJYWyk9fpA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         7d:2a:96:0e:ac:38:07:bf:e3:fa:9e:54:47:7e:ca:48:59:4d:
         11:c9:3f:76:be:c2:e3:45:c8:d9:b2:cb:aa:48:e0:c2:9b:55:
         fb:00:dc:a4:a2:5b:99:27:72:37:7e:6f:32:d1:d3:da:a8:56:
         af:62:25:60:8c:47:8f:f7:84:dd:cb:ca:9e:ae:50:fa:05:83:
         dc:23:61:c6:f2:f7:ac:50:ce:5d:10:6d:6a:de:58:0e:f8:e0:
         1c:0e:c4:3c:f4:33:d3:5d:f4:a1:5f:86:9f:a9:ac:3c:4b:6e:
         52:8f:c8:b7:cd:b9:55:17:20:67:c8:33:05:ee:fd:da:57:93:
         e2:27:63:69:0b:4f:ab:eb:02:4a:43:6b:03:88:da:96:54:54:
         59:67:25:b8:31:aa:2b:46:6b:c2:ba:9a:cc:ea:80:bb:9c:3a:
         36:b1:f4:3a:3f:2f:b8:79:9b:7e:95:84:5c:0e:b7:86:ef:ca:
         c3:0c:8d:81:82:dd:47:6c:bb:f0:11:a4:38:62:73:c5:6e:11:
         46:60:4c:95:fb:f8:4c:d9:aa:ca:48:5a:09:6b:ca:8f:a1:49:
         f3:98:da:38:27:a4:4e:72:3b:f5:66:6d:6a:40:00:00:68:86:
         e1:30:38:d8:85:61:10:f2:f0:39:01:db:db:9d:ff:d4:d4:7a:
         40:b8:af:65
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgw7T13kGyxDVkXYzo/KjyXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTE4MjIxMzU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmJjODY5ZWNhZDllZTYxNzU2YTM4MGVlNGUyNTg1YjI5M2Q3ZTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnad90UyB83Z9W3V6RPWWIuVsiLpG
QrdKKUxVF/t+b02NjO0VFoWRWRyAWO0H0Xmp0Sa0Lsr22VLPySdMlEymqdbljbnY
o9Lix4Q6MkWBQHRKJHKRINSH++1XWCf7Hr0b9eWKhuzCIOLaMXYcMBAKdvIusKkO
Lm2wi22p3Z0AHYgffaiM4fIg5XvJQXD6j0u4oL36Ps/i1Z5cVZjvnKWRUd+5NyjK
/tOupTJukzEds7VGL+wtWjRlqigTsUAwGlkhnh8omRTDl5bHlmfftB+1C34eLAvb
ry0UzTpGXPDdmao9jD3lyjxf/Zc9oi9wjdH6EhKXBX+HbfV3OG4YrFi8RwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHK8hp7K2e5hdWo4DuTiWFspPX6QMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvY3J5R25zclo3bUYxYWpnTzVPSllXeWs5ZnBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAH0qlg6sOAe/4/qeVEd+
ykhZTRHJP3a+wuNFyNmyy6pI4MKbVfsA3KSiW5kncjd+bzLR09qoVq9iJWCMR4/3
hN3Lyp6uUPoFg9wjYcby96xQzl0QbWreWA744BwOxDz0M9Nd9KFfhp+prDxLblKP
yLfNuVUXIGfIMwXu/dpXk+InY2kLT6vrAkpDawOI2pZUVFlnJbgxqitGa8K6mszq
gLucOjax9Do/L7h5m36VhFwOt4bvysMMjYGC3Udsu/ARpDhic8VuEUZgTJX7+EzZ
qspIWglryo+hSfOY2jgnpE5yO/VmbWpAAABohuEwONiFYRDy8DkB29ud/9TUekC4
r2U=
-----END CERTIFICATE-----