Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/djYLBTjAh5WXaPYI-HLRTupKROE.roa
File:                     djYLBTjAh5WXaPYI-HLRTupKROE.roa (raw, json)
Hash identifier:          5GMcy4cxPuz8++6EfB5Dejak57IgJ00p3WFFoAm14t4=
Subject key identifier:   76:36:0B:05:38:C0:87:95:97:68:F6:08:F8:72:D1:4E:EA:4A:44:E1
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187A34B6C49C451BDCB39BCC826DA7E0C6F
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/djYLBTjAh5WXaPYI-HLRTupKROE.roa
Signing time:             Fri 21 Apr 2023 10:10:41 +0000
ROA not before:           Fri 21 Apr 2023 10:10:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:a3:4b:6c:49:c4:51:bd:cb:39:bc:c8:26:da:7e:0c:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 21 10:10:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=76360b0538c087959768f608f872d14eea4a44e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:09:20:55:56:8f:ea:ed:50:79:ab:1f:4c:c7:
                    ed:42:43:77:1f:45:13:df:ff:e5:bb:5c:5a:f7:0b:
                    47:f0:45:9e:3c:e3:62:a1:ea:52:7a:c2:13:93:39:
                    d0:4a:44:36:c0:56:a1:a3:ef:55:56:82:f6:ae:ce:
                    64:3d:63:36:be:7c:f4:a0:92:54:27:d9:50:f9:d3:
                    02:e2:34:ac:4c:e5:3c:d6:6b:22:5e:13:08:74:3f:
                    6e:f9:a1:8a:71:18:9a:98:74:c3:15:aa:b4:37:93:
                    16:e2:87:fc:c0:22:f7:98:08:b5:ed:ab:7e:5f:b7:
                    db:5f:d4:26:82:81:38:30:10:32:5c:c2:6b:fe:b7:
                    1e:e8:00:d8:04:20:ae:76:b5:53:47:c9:e0:ba:54:
                    87:79:25:ae:33:dd:3a:b7:a6:64:d5:25:6d:8c:27:
                    f6:61:e5:8c:a4:9d:5a:dc:61:75:0d:60:f5:3e:c3:
                    69:9a:2a:27:5e:d5:3f:2d:f1:d8:61:be:45:87:34:
                    3d:d6:51:95:60:b3:34:e5:42:bf:86:8a:8c:7a:18:
                    5d:6e:b0:99:dd:6e:1c:2c:67:94:59:31:0c:b0:08:
                    1a:9e:78:f3:ef:70:31:e9:4a:28:ed:41:76:83:a3:
                    9e:b0:26:42:cd:36:be:e5:d2:33:ed:28:24:aa:9a:
                    43:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:36:0B:05:38:C0:87:95:97:68:F6:08:F8:72:D1:4E:EA:4A:44:E1
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/djYLBTjAh5WXaPYI-HLRTupKROE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:b7:fb:cf:4c:58:76:fc:f9:d7:d9:81:e4:45:ee:6d:82:97:
         b6:b3:01:5c:6a:44:8f:8c:97:c4:e4:1b:0a:2b:a8:47:8c:e0:
         e3:aa:19:7e:d4:e8:db:1e:36:b4:18:80:1e:b8:26:be:ea:83:
         25:f7:0d:3a:80:df:77:9e:73:6f:f6:a7:aa:0a:b9:7a:30:94:
         4c:42:88:e3:74:c0:89:99:43:f1:82:64:30:11:c4:56:8d:b7:
         b8:36:63:d4:2c:13:0d:c2:10:a6:6d:a4:e1:41:75:03:61:3f:
         f3:32:db:cb:69:cd:7f:7a:14:2b:74:24:aa:b8:ee:6c:c5:a0:
         09:93:84:a0:69:0e:ab:27:c7:54:76:57:b5:97:92:a7:8c:fe:
         2a:4e:d6:f2:b7:0a:d1:e0:84:ca:3b:25:ac:d0:11:7b:9c:23:
         54:9c:3d:d0:0f:64:29:05:f4:09:52:56:4e:ee:4c:ad:60:c8:
         d4:da:16:eb:db:eb:c8:1c:5b:4f:b5:2c:17:7a:7f:87:49:de:
         0e:81:b9:56:dc:9a:be:e7:54:19:e3:0b:63:5b:61:b4:d3:ca:
         7a:48:8d:97:1e:5c:53:4d:35:9d:63:ef:68:dd:1c:71:42:d3:
         f0:78:ac:1a:be:a3:ff:7a:02:c3:28:e2:32:4a:2e:92:39:4d:
         c9:ce:b3:5d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYejS2xJxFG9yzm8yCbafgxvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDIxMTAxMDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjM2MGIwNTM4YzA4Nzk1OTc2OGY2MDhmODcyZDE0ZWVhNGE0NGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgkgVVaP6u1QeasfTMftQkN3H0UT
3//lu1xa9wtH8EWePONioepSesITkznQSkQ2wFaho+9VVoL2rs5kPWM2vnz0oJJU
J9lQ+dMC4jSsTOU81msiXhMIdD9u+aGKcRiamHTDFaq0N5MW4of8wCL3mAi17at+
X7fbX9QmgoE4MBAyXMJr/rce6ADYBCCudrVTR8ngulSHeSWuM906t6Zk1SVtjCf2
YeWMpJ1a3GF1DWD1PsNpmionXtU/LfHYYb5FhzQ91lGVYLM05UK/hoqMehhdbrCZ
3W4cLGeUWTEMsAgannjz73Ax6Uoo7UF2g6OesCZCzTa+5dIz7SgkqppD6QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHY2CwU4wIeVl2j2CPhy0U7qSkThMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvZGpZTEJUakFoNVdYYVBZSS1ITFJUdXBLUk9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAA+3+89MWHb8+dfZgeRF
7m2Cl7azAVxqRI+Ml8TkGworqEeM4OOqGX7U6NseNrQYgB64Jr7qgyX3DTqA33ee
c2/2p6oKuXowlExCiON0wImZQ/GCZDARxFaNt7g2Y9QsEw3CEKZtpOFBdQNhP/My
28tpzX96FCt0JKq47mzFoAmThKBpDqsnx1R2V7WXkqeM/ipO1vK3CtHghMo7JazQ
EXucI1ScPdAPZCkF9AlSVk7uTK1gyNTaFuvb68gcW0+1LBd6f4dJ3g6BuVbcmr7n
VBnjC2NbYbTTynpIjZceXFNNNZ1j72jdHHFC0/B4rBq+o/96AsMo4jJKLpI5TcnO
s10=
-----END CERTIFICATE-----