Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cytpXpu2s58hipdGGjxLu0DER_E.roa
File:                     cytpXpu2s58hipdGGjxLu0DER_E.roa (raw, json)
Hash identifier:          QoBBcpmnQ+UqZ4JTsh0pMhLbhnCWAoHdjozFZShqz+8=
Subject key identifier:   73:2B:69:5E:9B:B6:B3:9F:21:8A:97:46:1A:3C:4B:BB:40:C4:47:F1
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018805C7A28601047C448322C03E933D433A
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cytpXpu2s58hipdGGjxLu0DER_E.roa
Signing time:             Wed 10 May 2023 13:09:09 +0000
ROA not before:           Wed 10 May 2023 13:09:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:05:c7:a2:86:01:04:7c:44:83:22:c0:3e:93:3d:43:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 10 13:09:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=732b695e9bb6b39f218a97461a3c4bbb40c447f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:54:55:d1:ac:12:39:8f:70:d9:4c:a5:b5:41:
                    00:70:51:b6:f7:56:9f:ba:89:06:88:ee:75:a7:cb:
                    62:00:14:09:63:f6:80:2a:76:f1:d8:65:ae:4f:1e:
                    7c:79:56:8f:87:92:6e:3c:7c:da:4a:5d:8c:37:cc:
                    a0:d5:30:79:2b:0a:4b:94:61:43:6f:47:2a:ba:be:
                    7c:0a:4d:4d:3b:1e:10:50:3a:0c:fe:cc:1d:20:13:
                    9f:2b:a1:8d:65:05:be:bf:fd:c0:28:30:58:79:7e:
                    90:e5:09:40:25:20:04:d6:20:69:d6:0d:fd:45:46:
                    66:c1:31:d2:60:bd:cc:4d:f7:38:0c:12:1c:de:39:
                    59:07:c5:72:0a:01:db:ab:5f:f9:b7:bf:d7:7b:4b:
                    83:23:4b:58:c7:22:53:4d:58:d5:b6:8f:3f:f8:10:
                    ed:56:50:d9:cf:8e:8d:ba:7c:e4:ef:ff:03:4f:ce:
                    e8:62:52:ad:9f:12:70:24:7b:c7:0d:ba:37:f1:2e:
                    a9:ac:31:dc:de:2c:ec:6e:54:ac:8c:17:c1:f7:44:
                    69:1a:0a:3a:96:8d:bf:96:a2:f9:fc:f8:03:64:8e:
                    7c:e3:08:77:a7:75:bb:c4:0a:9a:5c:56:ba:da:21:
                    db:57:25:91:0e:a5:35:40:5f:3f:30:14:a5:3c:e9:
                    9e:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:2B:69:5E:9B:B6:B3:9F:21:8A:97:46:1A:3C:4B:BB:40:C4:47:F1
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cytpXpu2s58hipdGGjxLu0DER_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         03:58:7e:f0:1e:6a:de:26:11:2f:1b:81:63:62:c7:2b:55:53:
         e9:52:3d:21:e6:1a:75:b2:d7:21:a0:95:55:e8:ba:fd:7e:16:
         a4:1c:97:49:ad:92:d1:fa:65:fc:de:56:98:e7:99:16:cd:64:
         47:54:8b:e1:13:ad:49:22:f3:3e:7c:04:f9:29:c9:33:94:9f:
         e8:a4:bb:58:b6:ed:2f:a7:68:a0:2c:00:ae:b4:1c:2b:c4:16:
         e9:8b:9d:59:bb:5a:41:e7:09:3a:46:f4:c3:02:05:61:ab:bc:
         bf:5a:84:e7:f6:45:82:fb:46:6b:7a:2d:c7:1e:2a:f3:1c:6b:
         18:80:9d:5d:f2:05:89:f4:3a:27:3b:75:7f:61:66:58:d5:a7:
         e6:63:20:a8:fb:30:2b:28:d5:48:1c:2b:49:1b:21:9f:4b:18:
         5e:86:c0:a5:b9:f5:c1:f1:1a:63:2c:3e:50:f2:b8:e9:83:cf:
         f5:f6:26:38:0b:90:40:1e:88:33:98:3b:d0:11:d3:eb:85:bf:
         e3:d3:b9:0a:44:7f:10:6f:c8:48:a4:7e:21:ed:6f:08:fa:41:
         ab:69:10:45:8e:6e:91:d4:e1:59:94:3b:fe:aa:de:1f:55:95:
         87:18:9b:da:8e:0d:e5:b8:cd:ed:b1:1a:00:95:d3:5b:a1:da:
         9f:56:43:80
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgFx6KGAQR8RIMiwD6TPUM6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTEwMTMwOTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzJiNjk1ZTliYjZiMzlmMjE4YTk3NDYxYTNjNGJiYjQwYzQ0N2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxlRV0awSOY9w2UyltUEAcFG291af
uokGiO51p8tiABQJY/aAKnbx2GWuTx58eVaPh5JuPHzaSl2MN8yg1TB5KwpLlGFD
b0cqur58Ck1NOx4QUDoM/swdIBOfK6GNZQW+v/3AKDBYeX6Q5QlAJSAE1iBp1g39
RUZmwTHSYL3MTfc4DBIc3jlZB8VyCgHbq1/5t7/Xe0uDI0tYxyJTTVjVto8/+BDt
VlDZz46Nunzk7/8DT87oYlKtnxJwJHvHDbo38S6prDHc3izsblSsjBfB90RpGgo6
lo2/lqL5/PgDZI584wh3p3W7xAqaXFa62iHbVyWRDqU1QF8/MBSlPOmehwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHMraV6btrOfIYqXRho8S7tAxEfxMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvY3l0cFhwdTJzNThoaXBkR0dqeEx1MERFUl9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAANYfvAeat4mES8bgWNi
xytVU+lSPSHmGnWy1yGglVXouv1+FqQcl0mtktH6ZfzeVpjnmRbNZEdUi+ETrUki
8z58BPkpyTOUn+iku1i27S+naKAsAK60HCvEFumLnVm7WkHnCTpG9MMCBWGrvL9a
hOf2RYL7Rmt6LcceKvMcaxiAnV3yBYn0Oic7dX9hZljVp+ZjIKj7MCso1UgcK0kb
IZ9LGF6GwKW59cHxGmMsPlDyuOmDz/X2JjgLkEAeiDOYO9AR0+uFv+PTuQpEfxBv
yEikfiHtbwj6QatpEEWObpHU4VmUO/6q3h9VlYcYm9qODeW4ze2xGgCV01uh2p9W
Q4A=
-----END CERTIFICATE-----