Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/er-k2WK2m6nZT93bd1_RX93wtK0.roa
File:                     er-k2WK2m6nZT93bd1_RX93wtK0.roa (raw, json)
Hash identifier:          Jma0ddvRPodfkfLKNIsWka332emx+S9kfVXlwGTQF7M=
Subject key identifier:   7A:BF:A4:D9:62:B6:9B:A9:D9:4F:DD:DB:77:5F:D1:5F:DD:F0:B4:AD
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186D32BE00B1EF1CDB70F9C253031D6EE55
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/er-k2WK2m6nZT93bd1_RX93wtK0.roa
Signing time:             Sun 12 Mar 2023 00:15:13 +0000
ROA not before:           Sun 12 Mar 2023 00:15:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:d3:2b:e0:0b:1e:f1:cd:b7:0f:9c:25:30:31:d6:ee:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 12 00:15:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7abfa4d962b69ba9d94fdddb775fd15fddf0b4ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:67:68:bb:57:fb:80:a9:d4:ea:f8:76:ea:96:
                    b8:49:63:15:9a:07:8d:68:8b:a0:c6:8f:22:ed:dc:
                    e6:f5:a1:f6:03:7d:49:02:24:93:57:11:8c:ac:8e:
                    fa:30:33:a1:a0:e2:b7:7e:d1:8d:3f:ea:66:54:20:
                    08:e1:b3:9d:a7:23:a9:6a:d5:db:2a:3d:a0:49:9a:
                    b6:52:c2:f9:33:10:4b:b3:5b:45:d6:e4:1a:d9:9b:
                    bb:d8:5d:8d:b9:96:a1:c4:8d:98:fd:67:8d:5e:c7:
                    35:af:38:65:43:a4:f3:d0:3b:7d:85:e8:67:dd:bc:
                    a6:3a:8e:40:12:9b:cc:9b:3b:6e:a2:1e:18:76:ed:
                    a6:20:20:59:7d:7e:c9:28:27:80:4b:b1:b1:08:84:
                    37:a6:fa:74:01:f7:a4:81:72:99:b1:38:85:6a:dc:
                    80:3e:0b:62:64:fa:2f:fd:5a:45:f4:c1:9e:06:2c:
                    fd:f4:7f:7f:4d:12:7a:f2:f7:82:47:5d:ea:4f:01:
                    b7:a3:2d:38:6e:6d:97:de:92:4c:b7:2a:21:04:dd:
                    9b:07:41:49:8a:99:8f:42:16:5c:e4:0b:e6:53:15:
                    1e:f6:3e:bb:58:69:08:dd:90:3e:52:74:e3:ae:73:
                    35:1f:81:03:22:18:58:f7:9d:7e:4b:df:78:10:da:
                    ca:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:BF:A4:D9:62:B6:9B:A9:D9:4F:DD:DB:77:5F:D1:5F:DD:F0:B4:AD
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/er-k2WK2m6nZT93bd1_RX93wtK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         31:c4:9d:3e:c6:49:0a:99:09:27:5f:03:f0:95:b7:5c:fd:d0:
         d9:f0:11:9b:ec:ae:e4:68:34:71:4d:a3:c5:4c:17:3b:fa:75:
         71:5b:52:88:d6:cd:98:1e:5a:a7:89:29:3c:d0:d5:6a:4d:84:
         0d:a6:42:19:28:c7:8a:70:3f:d6:92:64:c2:e5:77:4f:30:9a:
         36:83:54:72:b7:6b:e6:cd:3b:e4:e3:80:d5:42:b9:50:46:3f:
         58:02:3c:33:44:87:30:63:d7:88:f6:b3:c1:51:a6:02:98:69:
         94:b0:99:5b:90:4f:24:3a:60:b1:34:8a:88:8f:82:a1:12:64:
         86:88:be:be:4a:87:b5:11:b1:0a:f8:ea:87:f0:b6:b6:7d:7b:
         b0:ad:07:e9:5c:83:eb:4b:8c:58:ae:e8:ec:ad:33:82:53:7c:
         72:43:d9:d7:5b:57:91:6d:43:5f:ed:fd:a7:95:00:4f:ae:c3:
         7c:7e:3c:08:02:49:8c:0e:84:e8:fa:82:d1:fe:ff:b3:4d:1b:
         0c:31:4c:ac:34:08:e2:4e:ae:87:77:67:4b:c8:2a:0f:55:fb:
         81:d6:e1:79:2e:21:f1:78:04:e1:7b:9d:84:5c:7a:8e:37:7c:
         d6:9f:13:7f:d8:19:bd:5a:e8:4b:6e:15:d7:63:14:d6:b9:8e:
         49:d6:cb:4b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbTK+ALHvHNtw+cJTAx1u5VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzEyMDAxNTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWJmYTRkOTYyYjY5YmE5ZDk0ZmRkZGI3NzVmZDE1ZmRkZjBiNGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2dou1f7gKnU6vh26pa4SWMVmgeN
aIugxo8i7dzm9aH2A31JAiSTVxGMrI76MDOhoOK3ftGNP+pmVCAI4bOdpyOpatXb
Kj2gSZq2UsL5MxBLs1tF1uQa2Zu72F2NuZahxI2Y/WeNXsc1rzhlQ6Tz0Dt9hehn
3bymOo5AEpvMmztuoh4Ydu2mICBZfX7JKCeAS7GxCIQ3pvp0AfekgXKZsTiFatyA
PgtiZPov/VpF9MGeBiz99H9/TRJ68veCR13qTwG3oy04bm2X3pJMtyohBN2bB0FJ
ipmPQhZc5AvmUxUe9j67WGkI3ZA+UnTjrnM1H4EDIhhY951+S994ENrKMQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHq/pNlitpup2U/d23df0V/d8LStMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvZXItazJXSzJtNm5aVDkzYmQxX1JYOTN3dEswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADHEnT7GSQqZCSdfA/CV
t1z90NnwEZvsruRoNHFNo8VMFzv6dXFbUojWzZgeWqeJKTzQ1WpNhA2mQhkox4pw
P9aSZMLld08wmjaDVHK3a+bNO+TjgNVCuVBGP1gCPDNEhzBj14j2s8FRpgKYaZSw
mVuQTyQ6YLE0ioiPgqESZIaIvr5Kh7URsQr46ofwtrZ9e7CtB+lcg+tLjFiu6Oyt
M4JTfHJD2ddbV5FtQ1/t/aeVAE+uw3x+PAgCSYwOhOj6gtH+/7NNGwwxTKw0COJO
rod3Z0vIKg9V+4HW4XkuIfF4BOF7nYRceo43fNafE3/YGb1a6EtuFddjFNa5jknW
y0s=
-----END CERTIFICATE-----