Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/eyW-yL26U_5adpjI1WF7z9EsjDQ.roa
File:                     eyW-yL26U_5adpjI1WF7z9EsjDQ.roa (raw, json)
Hash identifier:          I3R8Z289dDUILlcbhlKGPk8tZOhP2g0gLfER1tfPqGA=
Subject key identifier:   7B:25:BE:C8:BD:BA:53:FE:5A:76:98:C8:D5:61:7B:CF:D1:2C:8C:34
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187F9575EDAAABF08EC0EAB023C62171796
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/eyW-yL26U_5adpjI1WF7z9EsjDQ.roa
Signing time:             Mon 08 May 2023 03:11:05 +0000
ROA not before:           Mon 08 May 2023 03:11:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:f9:57:5e:da:aa:bf:08:ec:0e:ab:02:3c:62:17:17:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  8 03:11:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7b25bec8bdba53fe5a7698c8d5617bcfd12c8c34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:37:03:d2:03:4e:f5:e6:71:90:46:a4:12:f1:
                    1f:70:34:8f:4c:6d:64:4a:0d:00:6d:f2:b6:4d:96:
                    7c:aa:65:70:51:ed:49:55:31:df:c7:b8:3f:9a:b3:
                    51:b0:90:3e:4a:85:99:3d:76:fd:d3:08:3a:d2:83:
                    c4:c6:ea:dd:1a:31:13:75:e3:4f:33:52:15:5a:87:
                    df:90:e3:82:26:f6:22:8f:8a:de:72:08:91:16:d8:
                    ec:9d:7a:5e:0b:1d:c6:07:d1:47:7b:89:b2:80:f2:
                    5b:21:85:df:b4:e6:8c:ea:ed:76:71:56:97:96:02:
                    04:eb:b5:0b:9f:59:c1:79:01:3a:19:b0:d4:f9:ed:
                    3f:ba:8f:0b:b2:2d:ba:6b:89:28:f2:81:03:ed:9b:
                    92:91:5f:b1:bd:4d:c9:1a:3f:96:e5:8f:af:67:5a:
                    cb:27:00:4b:dd:37:b1:c4:30:c4:98:70:22:f9:cb:
                    8e:0e:1a:47:c5:a0:2b:6d:be:b1:0c:7d:c0:98:fd:
                    19:8c:ef:76:fd:05:00:51:76:32:37:70:0c:b1:47:
                    52:97:35:0a:0e:77:2a:fa:d6:57:6a:62:cf:d5:09:
                    e4:c1:79:88:68:b6:57:d2:18:1a:6e:5e:c3:ef:53:
                    69:2c:28:2e:06:79:42:04:46:0a:e0:47:6b:0a:1c:
                    d7:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:25:BE:C8:BD:BA:53:FE:5A:76:98:C8:D5:61:7B:CF:D1:2C:8C:34
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/eyW-yL26U_5adpjI1WF7z9EsjDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         5a:d5:16:33:0d:23:be:92:87:a4:1d:15:2e:0c:8c:7b:44:bd:
         c2:a0:bf:19:66:d6:78:cd:a6:47:a9:09:38:2d:6b:ff:99:be:
         f7:e9:ad:89:12:78:d4:bc:95:71:9c:5b:22:b8:73:85:fe:97:
         47:dc:9f:2e:d7:fb:98:19:7e:1f:e2:2c:08:9a:02:03:ad:9f:
         50:d0:19:e5:03:41:ed:8c:7b:fb:b3:49:4f:85:e6:c0:9a:8e:
         b6:d9:ad:74:d1:65:c9:9f:08:64:a8:eb:e8:a3:d3:81:51:e8:
         e3:92:2e:bf:4c:80:0f:3e:0d:d7:36:71:73:41:14:c5:c2:c4:
         dc:69:84:c5:ff:1e:cb:9e:22:4b:3a:8b:6f:54:22:a2:0c:92:
         30:66:9d:2a:e7:43:c6:b5:cc:76:92:e1:c9:0b:8c:3f:aa:92:
         42:be:fa:75:83:c8:b1:5b:8f:fa:d5:9c:c7:bd:6d:8c:20:14:
         a9:8c:dd:a7:d3:a5:db:9a:f5:4f:e7:0d:23:a3:43:9d:8d:34:
         f8:ae:cc:d4:61:e4:2e:f2:ac:cc:35:72:fb:9b:c6:40:fe:78:
         e7:e5:8c:e8:ac:0f:2b:94:64:1a:9e:d4:f3:14:93:93:4e:ab:
         62:f1:36:01:95:06:7f:99:8d:af:3f:ef:76:96:ad:74:f3:ae:
         27:55:0d:bd
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYf5V17aqr8I7A6rAjxiFxeWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA4MDMxMTA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjI1YmVjOGJkYmE1M2ZlNWE3Njk4YzhkNTYxN2JjZmQxMmM4YzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDcD0gNO9eZxkEakEvEfcDSPTG1k
Sg0AbfK2TZZ8qmVwUe1JVTHfx7g/mrNRsJA+SoWZPXb90wg60oPExurdGjETdeNP
M1IVWoffkOOCJvYij4recgiRFtjsnXpeCx3GB9FHe4mygPJbIYXftOaM6u12cVaX
lgIE67ULn1nBeQE6GbDU+e0/uo8Lsi26a4ko8oED7ZuSkV+xvU3JGj+W5Y+vZ1rL
JwBL3TexxDDEmHAi+cuODhpHxaArbb6xDH3AmP0ZjO92/QUAUXYyN3AMsUdSlzUK
Dncq+tZXamLP1QnkwXmIaLZX0hgabl7D71NpLCguBnlCBEYK4EdrChzXTQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHslvsi9ulP+WnaYyNVhe8/RLIw0MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvZXlXLXlMMjZVXzVhZHBqSTFXRjd6OUVzakRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFrVFjMNI76Sh6QdFS4M
jHtEvcKgvxlm1njNpkepCTgta/+ZvvfprYkSeNS8lXGcWyK4c4X+l0fcny7X+5gZ
fh/iLAiaAgOtn1DQGeUDQe2Me/uzSU+F5sCajrbZrXTRZcmfCGSo6+ij04FR6OOS
Lr9MgA8+Ddc2cXNBFMXCxNxphMX/HsueIks6i29UIqIMkjBmnSrnQ8a1zHaS4ckL
jD+qkkK++nWDyLFbj/rVnMe9bYwgFKmM3afTpdua9U/nDSOjQ52NNPiuzNRh5C7y
rMw1cvubxkD+eOfljOisDyuUZBqe1PMUk5NOq2LxNgGVBn+Zja8/73aWrXTzridV
Db0=
-----END CERTIFICATE-----