Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/d2MVNB1_3MrZdrQ5Ngp80FAiZGI.roa
File:                     d2MVNB1_3MrZdrQ5Ngp80FAiZGI.roa (raw, json)
Hash identifier:          WzM6AbFfe1CDchzY2GMcoyFrvSO6iAvivdqEacTeUgc=
Subject key identifier:   77:63:15:34:1D:7F:DC:CA:D9:76:B4:39:36:0A:7C:D0:50:22:64:62
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186E86215658C2E6D4DF0422267EC2DE01C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/d2MVNB1_3MrZdrQ5Ngp80FAiZGI.roa
Signing time:             Thu 16 Mar 2023 03:06:27 +0000
ROA not before:           Thu 16 Mar 2023 03:06:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:e861:2fb5/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:e8:62:15:65:8c:2e:6d:4d:f0:42:22:67:ec:2d:e0:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 16 03:06:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=776315341d7fdccad976b439360a7cd050226462
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:96:49:29:59:82:d7:e5:f7:3d:e7:c2:64:52:
                    5d:f0:2e:3d:d2:2d:a9:ba:c9:0a:f3:55:85:b7:9a:
                    1a:f5:aa:4c:e4:1c:ca:9a:00:00:c8:44:ec:38:2c:
                    21:9f:7e:94:43:72:58:8e:96:21:6c:59:9d:8c:c7:
                    73:84:0c:b4:c5:f4:9f:90:d0:7e:b9:57:8d:61:69:
                    2e:bf:36:55:62:d9:e0:be:af:4f:8e:fa:79:40:f2:
                    9b:32:39:10:6d:29:e0:61:4c:8d:19:c9:2b:c4:a5:
                    8b:0b:b8:3d:bf:88:0f:df:ce:91:03:d9:bb:5a:fa:
                    0c:b8:f0:4b:31:8c:69:e8:c5:27:04:01:a7:a1:48:
                    2e:50:23:70:32:80:c7:90:03:d2:d5:82:25:35:c7:
                    8c:53:5c:2d:06:98:f0:a8:b8:9f:07:b6:c7:e2:11:
                    b4:cb:f1:f4:a8:b3:7d:1b:ed:8f:f2:73:0a:db:af:
                    3f:8c:25:3e:53:ee:fb:f7:22:b5:0c:10:53:d6:53:
                    f2:29:2c:d0:2d:f2:01:66:8c:6e:00:15:56:78:93:
                    a7:77:2a:56:0b:21:32:a9:93:27:87:b0:1c:a8:57:
                    36:45:7c:89:1d:8a:37:e0:31:6a:a0:c0:64:42:78:
                    58:97:16:cf:1a:d7:16:fd:a0:e2:a2:ca:18:9b:c1:
                    83:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:63:15:34:1D:7F:DC:CA:D9:76:B4:39:36:0A:7C:D0:50:22:64:62
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/d2MVNB1_3MrZdrQ5Ngp80FAiZGI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         b0:48:3e:1d:79:e8:37:19:81:23:d0:e9:34:4a:8c:a4:56:80:
         50:62:f6:6c:e2:7b:b6:18:22:37:cc:bb:96:6d:43:74:0e:b1:
         54:38:09:95:92:85:5e:10:7a:11:a8:2f:51:a5:c7:df:e7:dc:
         51:00:5b:08:eb:c3:3c:d5:be:86:90:24:3a:59:2e:6f:97:af:
         aa:6a:cd:a4:e9:e4:2d:9d:18:4f:c2:6b:40:41:3e:66:eb:91:
         88:33:9f:f3:06:5b:e7:16:06:a2:c7:fd:65:d5:bf:55:67:b9:
         57:74:9e:e5:4b:c0:44:46:68:9d:a1:a0:5b:79:a1:83:2b:90:
         1f:a7:7d:f1:21:7b:06:4b:de:4a:56:c2:b5:d2:53:e6:6b:ea:
         66:b4:64:48:2b:0d:f1:c4:94:d9:ef:99:aa:79:a5:19:8f:44:
         f5:de:fb:40:9e:08:45:c9:e1:31:4f:f1:e4:e9:ec:c5:1a:0b:
         f7:0c:59:64:b1:be:60:45:10:6b:73:22:43:9b:d6:59:f5:cb:
         57:1b:97:fd:bd:0d:3e:29:97:a9:30:9f:aa:c7:86:79:e2:2a:
         13:53:60:a4:35:82:c4:19:df:c7:96:00:4e:0d:c4:e1:4c:e2:
         80:91:8b:f9:f5:15:65:55:85:1c:e6:55:d8:d7:2f:37:e3:d4:
         c0:78:ac:d1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYboYhVljC5tTfBCImfsLeAcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzE2MDMwNjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzYzMTUzNDFkN2ZkY2NhZDk3NmI0MzkzNjBhN2NkMDUwMjI2NDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZZJKVmC1+X3PefCZFJd8C490i2p
uskK81WFt5oa9apM5BzKmgAAyETsOCwhn36UQ3JYjpYhbFmdjMdzhAy0xfSfkNB+
uVeNYWkuvzZVYtngvq9Pjvp5QPKbMjkQbSngYUyNGckrxKWLC7g9v4gP386RA9m7
WvoMuPBLMYxp6MUnBAGnoUguUCNwMoDHkAPS1YIlNceMU1wtBpjwqLifB7bH4hG0
y/H0qLN9G+2P8nMK268/jCU+U+779yK1DBBT1lPyKSzQLfIBZoxuABVWeJOndypW
CyEyqZMnh7AcqFc2RXyJHYo34DFqoMBkQnhYlxbPGtcW/aDiosoYm8GD4QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHdjFTQdf9zK2Xa0OTYKfNBQImRiMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvZDJNVk5CMV8zTXJaZHJRNU5ncDgwRkFpWkdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBALBIPh156DcZgSPQ6TRK
jKRWgFBi9mzie7YYIjfMu5ZtQ3QOsVQ4CZWShV4QehGoL1Glx9/n3FEAWwjrwzzV
voaQJDpZLm+Xr6pqzaTp5C2dGE/Ca0BBPmbrkYgzn/MGW+cWBqLH/WXVv1VnuVd0
nuVLwERGaJ2hoFt5oYMrkB+nffEhewZL3kpWwrXSU+Zr6ma0ZEgrDfHElNnvmap5
pRmPRPXe+0CeCEXJ4TFP8eTp7MUaC/cMWWSxvmBFEGtzIkOb1ln1y1cbl/29DT4p
l6kwn6rHhnniKhNTYKQ1gsQZ38eWAE4NxOFM4oCRi/n1FWVVhRzmVdjXLzfj1MB4
rNE=
-----END CERTIFICATE-----