Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/dea-9WE18QuhQ3Ctp-vhviuXryU.roa
File:                     dea-9WE18QuhQ3Ctp-vhviuXryU.roa (raw, json)
Hash identifier:          jA7jMsAHvohRc42wtkvWpDcPxOXDmV8PUiYe9wpBl2w=
Subject key identifier:   75:E6:BE:F5:61:35:F1:0B:A1:43:70:AD:A7:EB:E1:BE:2B:97:AF:25
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01872D10D08F887906778763F2BD6B96CBD5
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/dea-9WE18QuhQ3Ctp-vhviuXryU.roa
Signing time:             Wed 29 Mar 2023 11:11:29 +0000
ROA not before:           Wed 29 Mar 2023 11:11:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:2d:10:d0:8f:88:79:06:77:87:63:f2:bd:6b:96:cb:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 29 11:11:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=75e6bef56135f10ba14370ada7ebe1be2b97af25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:d4:5e:67:b8:f9:42:70:6e:78:98:6e:b6:96:
                    b2:26:e1:33:13:c3:d1:ba:a3:e4:9b:e0:0f:6c:e0:
                    30:42:aa:e3:43:93:66:81:5e:d4:26:8f:e9:9a:a2:
                    54:0e:6a:6d:4b:0b:da:31:c1:01:8e:1a:40:4f:96:
                    fe:3a:e6:19:99:20:a1:6f:41:c0:5e:62:17:2c:bd:
                    55:16:c3:81:9d:e2:aa:f1:52:59:23:45:82:d0:13:
                    1b:83:dc:63:c6:13:7f:13:8f:43:6e:67:57:e3:6c:
                    45:fe:b6:64:6a:bb:25:15:73:8b:ac:ce:a2:f2:10:
                    81:66:c5:39:fd:c2:56:cb:77:71:a5:7a:12:77:34:
                    25:5f:d2:14:7b:b5:93:98:03:9e:f6:23:23:76:df:
                    a1:9d:c2:86:44:8c:3d:5c:5b:ae:61:30:11:e2:00:
                    c2:7e:b9:4b:5f:59:6e:9a:2c:ca:2b:21:7f:1e:59:
                    62:b9:bd:54:a5:61:bb:0d:fd:d9:13:b0:20:2f:2c:
                    dd:77:ab:1b:71:a7:5a:58:b4:93:b5:9e:d8:1e:06:
                    e8:4a:d3:f7:6e:15:e7:68:55:ae:bb:d7:c2:57:70:
                    24:aa:13:cb:a3:4e:5c:16:8e:56:45:1b:c7:59:f3:
                    c0:60:4b:16:9a:56:23:10:4f:ab:83:52:72:d9:99:
                    3c:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:E6:BE:F5:61:35:F1:0B:A1:43:70:AD:A7:EB:E1:BE:2B:97:AF:25
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/dea-9WE18QuhQ3Ctp-vhviuXryU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         75:b5:12:3b:2a:63:e3:3f:ec:45:18:c6:2d:68:84:cd:2f:9e:
         6a:f2:c4:82:9e:1c:34:35:55:8b:84:6c:3b:8a:85:4c:df:46:
         35:13:2a:d8:36:d3:4c:63:bf:13:f9:96:6e:d7:df:ca:44:38:
         0a:2e:34:44:97:30:6c:a7:b8:b1:57:d8:3a:ea:a2:0b:43:88:
         10:8b:25:6b:ce:a5:20:73:44:27:7d:e5:12:89:fb:3b:39:b5:
         6d:62:fd:b8:49:78:82:ff:db:54:9b:42:03:a5:d6:95:cd:1c:
         1b:31:6b:96:2d:8a:a0:3e:3f:32:4f:2a:7c:ac:07:f6:b6:03:
         0e:4d:b9:f7:a5:b3:e9:18:80:06:f7:2a:3c:f9:23:ee:68:33:
         d5:fa:dc:04:ad:61:96:a5:c1:62:30:32:9c:e8:98:43:77:0c:
         da:71:12:40:45:9d:3d:d1:13:41:7f:4a:d9:44:6f:a3:0b:99:
         e2:51:10:70:8b:b1:a7:66:01:0d:b8:c5:4e:ee:c0:76:c3:c1:
         6f:53:83:fc:60:8d:5d:5a:85:ee:7f:9e:bf:03:4f:25:ac:10:
         3f:06:4d:6b:03:7d:89:56:4e:13:60:2a:4a:ef:0a:25:a8:ba:
         ba:81:07:10:dc:30:ee:de:a0:bc:78:6c:2e:ea:29:a8:d8:dc:
         bd:f9:4d:ce
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYctENCPiHkGd4dj8r1rlsvVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI5MTExMTI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWU2YmVmNTYxMzVmMTBiYTE0MzcwYWRhN2ViZTFiZTJiOTdhZjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA69ReZ7j5QnBueJhutpayJuEzE8PR
uqPkm+APbOAwQqrjQ5NmgV7UJo/pmqJUDmptSwvaMcEBjhpAT5b+OuYZmSChb0HA
XmIXLL1VFsOBneKq8VJZI0WC0BMbg9xjxhN/E49DbmdX42xF/rZkarslFXOLrM6i
8hCBZsU5/cJWy3dxpXoSdzQlX9IUe7WTmAOe9iMjdt+hncKGRIw9XFuuYTAR4gDC
frlLX1lumizKKyF/Hlliub1UpWG7Df3ZE7AgLyzdd6sbcadaWLSTtZ7YHgboStP3
bhXnaFWuu9fCV3AkqhPLo05cFo5WRRvHWfPAYEsWmlYjEE+rg1Jy2Zk8fwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHXmvvVhNfELoUNwrafr4b4rl68lMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvZGVhLTlXRTE4UXVoUTNDdHAtdmh2aXVYcnlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHW1EjsqY+M/7EUYxi1o
hM0vnmryxIKeHDQ1VYuEbDuKhUzfRjUTKtg200xjvxP5lm7X38pEOAouNESXMGyn
uLFX2DrqogtDiBCLJWvOpSBzRCd95RKJ+zs5tW1i/bhJeIL/21SbQgOl1pXNHBsx
a5YtiqA+PzJPKnysB/a2Aw5Nufels+kYgAb3Kjz5I+5oM9X63AStYZalwWIwMpzo
mEN3DNpxEkBFnT3RE0F/StlEb6MLmeJREHCLsadmAQ24xU7uwHbDwW9Tg/xgjV1a
he5/nr8DTyWsED8GTWsDfYlWThNgKkrvCiWourqBBxDcMO7eoLx4bC7qKajY3L35
Tc4=
-----END CERTIFICATE-----