Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/e9DgbZGwhCiHXIz_5OJINoig4qY.roa
File:                     e9DgbZGwhCiHXIz_5OJINoig4qY.roa (raw, json)
Hash identifier:          ZX30IhVS+w6jZBUedYGaV4F8Z7yyspLO+ECZy4rORN8=
Subject key identifier:   7B:D0:E0:6D:91:B0:84:28:87:5C:8C:FF:E4:E2:48:36:88:A0:E2:A6
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01882E5A0F76C0BD762684A286821EF2FC27
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/e9DgbZGwhCiHXIz_5OJINoig4qY.roa
Signing time:             Thu 18 May 2023 10:13:54 +0000
ROA not before:           Thu 18 May 2023 10:13:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:2e:5a:0f:76:c0:bd:76:26:84:a2:86:82:1e:f2:fc:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 18 10:13:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7bd0e06d91b08428875c8cffe4e2483688a0e2a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:85:a6:2b:07:c6:2b:3d:b3:3b:6c:b3:4e:8f:
                    c6:d5:61:98:be:c7:69:9d:7a:35:89:fd:d2:31:0b:
                    7a:1c:71:d3:a7:02:26:61:0e:6b:ea:4c:d6:11:f1:
                    c0:8d:45:f7:9c:1b:af:4d:d4:4a:8b:17:49:16:f1:
                    44:bc:a9:77:87:df:4b:15:e1:43:ae:a8:ff:65:d1:
                    0e:55:df:03:db:9b:a6:d1:4d:c0:ca:19:09:10:db:
                    2c:b2:48:5e:be:b9:23:d9:80:35:b0:3a:5e:5a:58:
                    d2:e7:50:dc:56:b4:e4:4c:e5:a7:b5:e9:70:da:6b:
                    68:c6:61:dd:15:b3:27:74:31:14:71:d3:02:ea:b9:
                    30:c1:09:d9:8c:50:7a:ec:a3:19:23:a9:4e:ea:8f:
                    f7:9a:3a:10:74:d9:a8:98:21:31:2d:68:ed:f1:fc:
                    b9:c6:da:d1:5f:4c:d4:fb:e5:2a:06:83:d4:0c:76:
                    52:5f:2c:85:06:4b:d2:b3:f7:25:bc:fb:34:48:79:
                    06:0b:9d:28:bf:1f:ea:71:ae:20:75:f4:a3:4b:84:
                    93:49:3f:c2:34:ff:e4:45:50:f3:e5:4b:b0:1f:ca:
                    01:31:54:1b:96:7e:50:52:0a:4f:cc:d6:b1:3c:7c:
                    05:9d:c2:d0:63:1e:0b:30:10:9a:ad:c4:3d:d9:ef:
                    2d:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:D0:E0:6D:91:B0:84:28:87:5C:8C:FF:E4:E2:48:36:88:A0:E2:A6
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/e9DgbZGwhCiHXIz_5OJINoig4qY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         67:2b:bf:d0:60:8a:90:e7:e2:df:2e:ba:3b:70:ea:92:c0:0d:
         98:1d:df:88:8c:22:48:f9:ac:d9:f0:cb:01:ee:68:df:eb:36:
         01:ed:52:fd:47:57:6b:35:53:f5:d3:f1:df:39:ee:a0:c4:a2:
         9d:22:98:66:3b:c3:e0:64:01:2f:cd:06:1c:57:df:84:5e:de:
         02:fc:ec:58:99:ac:df:85:f6:2e:b3:a8:97:ab:0a:c4:4f:29:
         52:60:3b:19:d8:c6:f7:cb:19:fe:8a:ad:d6:f4:b6:c1:08:cc:
         3d:7b:51:66:62:a3:7d:9e:aa:e8:91:1e:3a:fe:5d:56:13:ef:
         18:c2:37:b4:e2:0c:bd:2c:75:1d:31:0c:d3:a1:7c:13:33:78:
         dc:d6:a5:6c:8a:4a:12:d8:a5:c0:7f:f7:66:7e:ee:d4:23:ab:
         d2:5e:8f:72:c4:ab:ce:04:38:9c:a5:41:65:fd:83:02:48:a6:
         96:1f:74:79:e9:8a:a3:ae:6c:6c:1e:0d:30:d1:9b:17:7e:04:
         68:81:0a:41:91:b5:2f:8b:0e:b0:10:58:c6:cf:dc:46:38:f2:
         6b:7e:38:5b:6b:45:8e:f8:6f:ac:4a:cb:2c:34:2c:3f:23:0c:
         aa:ef:34:f2:51:2c:e0:00:a6:8a:b5:37:6f:59:c7:32:33:67:
         73:a0:52:24
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYguWg92wL12JoSihoIe8vwnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTE4MTAxMzU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmQwZTA2ZDkxYjA4NDI4ODc1YzhjZmZlNGUyNDgzNjg4YTBlMmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgIWmKwfGKz2zO2yzTo/G1WGYvsdp
nXo1if3SMQt6HHHTpwImYQ5r6kzWEfHAjUX3nBuvTdRKixdJFvFEvKl3h99LFeFD
rqj/ZdEOVd8D25um0U3AyhkJENssskhevrkj2YA1sDpeWljS51DcVrTkTOWntelw
2mtoxmHdFbMndDEUcdMC6rkwwQnZjFB67KMZI6lO6o/3mjoQdNmomCExLWjt8fy5
xtrRX0zU++UqBoPUDHZSXyyFBkvSs/clvPs0SHkGC50ovx/qca4gdfSjS4STST/C
NP/kRVDz5UuwH8oBMVQbln5QUgpPzNaxPHwFncLQYx4LMBCarcQ92e8t7QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHvQ4G2RsIQoh1yM/+TiSDaIoOKmMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvZTlEZ2JaR3doQ2lIWEl6XzVPSklOb2lnNHFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGcrv9BgipDn4t8uujtw
6pLADZgd34iMIkj5rNnwywHuaN/rNgHtUv1HV2s1U/XT8d857qDEop0imGY7w+Bk
AS/NBhxX34Re3gL87FiZrN+F9i6zqJerCsRPKVJgOxnYxvfLGf6Krdb0tsEIzD17
UWZio32equiRHjr+XVYT7xjCN7TiDL0sdR0xDNOhfBMzeNzWpWyKShLYpcB/92Z+
7tQjq9Jej3LEq84EOJylQWX9gwJIppYfdHnpiqOubGweDTDRmxd+BGiBCkGRtS+L
DrAQWMbP3EY48mt+OFtrRY74b6xKyyw0LD8jDKrvNPJRLOAApoq1N29ZxzIzZ3Og
UiQ=
-----END CERTIFICATE-----