Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/dN5L2hUuMpf1FRXwBQs4EMBxfWI.roa
File:                     dN5L2hUuMpf1FRXwBQs4EMBxfWI.roa (raw, json)
Hash identifier:          tDJcGTf4t5pywmljIS1qo0Pkk7iC4RswdPPbHQ7U/YM=
Subject key identifier:   74:DE:4B:DA:15:2E:32:97:F5:15:15:F0:05:0B:38:10:C0:71:7D:62
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01878FC590181A96F2E34F421DA1D6929E63
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/dN5L2hUuMpf1FRXwBQs4EMBxfWI.roa
Signing time:             Mon 17 Apr 2023 15:11:41 +0000
ROA not before:           Mon 17 Apr 2023 15:11:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:8f:c5:90:18:1a:96:f2:e3:4f:42:1d:a1:d6:92:9e:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 17 15:11:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=74de4bda152e3297f51515f0050b3810c0717d62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:3d:9e:92:3a:95:34:13:21:e2:c8:21:a0:ea:
                    1b:d0:ac:8b:f5:8e:ba:48:c7:58:34:1d:f2:c7:7d:
                    57:05:05:9e:78:f1:a8:a0:4a:75:cf:ff:ea:b7:a8:
                    84:03:28:21:b7:62:fa:6e:05:44:36:14:a7:85:5d:
                    78:a4:80:1d:ab:26:00:2b:a1:23:25:4b:ce:f5:ad:
                    ce:b6:4b:65:9f:a8:d5:2e:e0:f7:97:f8:bb:8c:bf:
                    2d:88:2b:4b:fd:8e:2a:42:d4:17:e2:90:55:6f:80:
                    bb:1c:36:45:cd:b0:19:a8:f4:32:01:41:dd:ef:77:
                    f3:29:e1:32:2c:98:02:c3:75:b7:56:e9:cf:d0:0c:
                    c6:7e:1d:ad:4e:1f:b6:28:2f:d8:d0:12:ee:7a:99:
                    ea:46:dd:9a:98:67:a4:5f:ce:54:82:3c:89:d2:db:
                    e8:bd:3c:2a:e1:ce:a4:f9:a5:cd:54:4f:c4:24:6c:
                    e2:b0:27:f4:51:ac:6e:17:6b:96:a7:f8:ff:3d:ab:
                    c5:8d:ac:09:05:28:ad:c7:7b:04:61:23:41:ae:79:
                    73:51:6a:d9:5a:6a:85:42:d1:aa:d4:30:f1:92:19:
                    da:a3:3d:8a:9b:1d:83:bd:a1:78:96:79:0b:b8:7b:
                    b1:30:ee:7e:35:d0:50:55:63:47:37:8b:3c:e5:4a:
                    3e:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:DE:4B:DA:15:2E:32:97:F5:15:15:F0:05:0B:38:10:C0:71:7D:62
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/dN5L2hUuMpf1FRXwBQs4EMBxfWI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:d1:24:1a:15:f3:3e:23:2e:89:4b:80:a4:34:48:4b:10:96:
         e7:dd:4c:71:e7:be:f5:89:0a:6a:f6:5e:44:13:79:08:41:0f:
         69:71:81:24:e4:37:5c:df:e4:1a:dc:70:81:44:ae:35:fc:7b:
         82:6b:fb:63:d9:66:a7:2d:4d:7e:39:0b:bd:58:d3:b7:3c:50:
         b9:30:67:1f:4a:30:be:ff:a7:a5:e0:40:a6:06:a9:09:2f:e4:
         30:ae:ad:0d:97:53:dd:dd:95:3e:b1:d5:e1:1d:fa:a8:db:a2:
         14:ab:bf:ab:1c:b3:64:4b:d0:8b:89:51:8e:69:84:23:ce:68:
         21:31:70:ee:29:d6:5d:2a:7d:43:4e:f7:f4:42:b9:7c:81:28:
         0e:3c:df:46:26:ee:3f:d7:e2:c7:ff:0a:38:96:5f:83:d2:f7:
         1c:ba:b5:55:57:b5:cf:7c:4f:43:75:1d:21:36:cb:29:50:b9:
         92:79:e7:ce:48:e6:12:ee:c1:b0:61:55:c0:de:fd:51:3a:26:
         47:b5:24:0d:40:88:a1:65:57:96:33:ca:b6:7d:84:f4:5f:bc:
         c0:50:70:8c:bc:2e:dd:59:d2:15:d3:5d:26:fb:11:9b:5a:64:
         b1:13:9a:2a:e4:b5:00:6c:d1:1d:d9:3c:c1:b1:e1:b5:aa:02:
         07:d5:14:d8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYePxZAYGpby409CHaHWkp5jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDE3MTUxMTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGRlNGJkYTE1MmUzMjk3ZjUxNTE1ZjAwNTBiMzgxMGMwNzE3ZDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjj2ekjqVNBMh4sghoOob0KyL9Y66
SMdYNB3yx31XBQWeePGooEp1z//qt6iEAyght2L6bgVENhSnhV14pIAdqyYAK6Ej
JUvO9a3Otktln6jVLuD3l/i7jL8tiCtL/Y4qQtQX4pBVb4C7HDZFzbAZqPQyAUHd
73fzKeEyLJgCw3W3VunP0AzGfh2tTh+2KC/Y0BLuepnqRt2amGekX85UgjyJ0tvo
vTwq4c6k+aXNVE/EJGzisCf0UaxuF2uWp/j/PavFjawJBSitx3sEYSNBrnlzUWrZ
WmqFQtGq1DDxkhnaoz2Kmx2DvaF4lnkLuHuxMO5+NdBQVWNHN4s85Uo+rwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHTeS9oVLjKX9RUV8AULOBDAcX1iMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvZE41TDJoVXVNcGYxRlJYd0JRczRFTUJ4ZldJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFLRJBoV8z4jLolLgKQ0
SEsQlufdTHHnvvWJCmr2XkQTeQhBD2lxgSTkN1zf5BrccIFErjX8e4Jr+2PZZqct
TX45C71Y07c8ULkwZx9KML7/p6XgQKYGqQkv5DCurQ2XU93dlT6x1eEd+qjbohSr
v6scs2RL0IuJUY5phCPOaCExcO4p1l0qfUNO9/RCuXyBKA4830Ym7j/X4sf/CjiW
X4PS9xy6tVVXtc98T0N1HSE2yylQuZJ5585I5hLuwbBhVcDe/VE6Jke1JA1AiKFl
V5YzyrZ9hPRfvMBQcIy8Lt1Z0hXTXSb7EZtaZLETmirktQBs0R3ZPMGx4bWqAgfV
FNg=
-----END CERTIFICATE-----