Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/f5XhFlnrGnMdZ1033amREyLsCco.roa
File:                     f5XhFlnrGnMdZ1033amREyLsCco.roa (raw, json)
Hash identifier:          ZUb/0gfgVMlCMGVpzEG+O9Dl3JGeI/V6kpiB5CavN8I=
Subject key identifier:   7F:95:E1:16:59:EB:1A:73:1D:67:5D:37:DD:A9:91:13:22:EC:09:CA
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187E63D08B025694F6595295A2A646E9132
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/f5XhFlnrGnMdZ1033amREyLsCco.roa
Signing time:             Thu 04 May 2023 10:09:32 +0000
ROA not before:           Thu 04 May 2023 10:09:32 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:e6:3d:08:b0:25:69:4f:65:95:29:5a:2a:64:6e:91:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  4 10:09:32 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7f95e11659eb1a731d675d37dda9911322ec09ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:f6:17:90:78:67:64:be:74:ad:75:92:53:c1:
                    1a:22:d5:ab:44:0b:ac:87:79:6e:5c:ef:5c:f4:11:
                    01:8f:66:db:4a:9a:83:1d:28:58:47:35:da:14:78:
                    69:3c:f0:77:fa:1c:83:9e:1b:49:98:d4:5e:e4:6d:
                    79:61:78:09:c8:c2:40:ac:a2:3f:11:60:35:4c:de:
                    3b:1d:18:32:f7:28:2a:b6:2f:3f:33:c4:8e:63:fb:
                    53:0f:0b:64:f8:17:4d:12:ba:7b:4c:04:56:db:70:
                    de:98:f8:c8:c4:69:25:fa:73:4b:1e:f8:75:11:a0:
                    a2:a1:69:15:e2:54:b7:99:49:56:54:d6:df:98:66:
                    72:f1:55:45:86:5e:48:02:c6:7c:88:18:7a:e9:76:
                    08:bc:a5:5d:7a:3e:a2:28:45:8c:6f:89:4d:ef:d4:
                    4f:d6:56:3c:e2:ad:8d:37:74:d0:2c:51:77:32:b1:
                    ec:e7:a4:29:54:2d:ec:78:bb:c7:16:e8:78:1a:5b:
                    d1:55:9a:17:e7:8d:51:60:d8:6f:3b:eb:ee:23:ad:
                    b5:53:ac:09:21:fb:38:65:eb:54:94:cf:b9:3d:20:
                    1e:2c:f9:ed:48:b8:4d:f1:11:1e:ef:86:4a:b0:02:
                    d9:78:1f:3b:bd:0c:14:f7:86:2b:cc:20:08:c6:33:
                    f7:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:95:E1:16:59:EB:1A:73:1D:67:5D:37:DD:A9:91:13:22:EC:09:CA
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/f5XhFlnrGnMdZ1033amREyLsCco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         6b:5c:2a:5e:fe:0d:fd:39:04:2e:7a:50:c2:1a:1a:bb:80:6e:
         4f:2d:6c:bc:08:c4:27:8f:0e:09:1b:ef:8c:cc:65:86:25:d3:
         19:f1:f9:c6:06:ce:4d:b7:b2:b6:ff:23:fa:a0:6b:0a:10:50:
         d6:7d:e4:2f:ef:d4:96:ba:76:84:e5:fb:c9:b8:86:82:0c:b5:
         99:93:fa:25:97:54:ee:cc:3a:d7:f7:9c:b1:b0:cb:a4:14:27:
         f1:c4:07:55:06:ae:82:f2:a4:0b:7d:f7:06:0f:44:43:05:90:
         17:48:26:46:bb:43:97:1d:69:aa:ac:1a:aa:e2:eb:8a:60:3a:
         a6:0e:8d:1c:cd:e6:a9:ac:6d:b4:75:25:b0:7a:66:2d:21:8b:
         e5:27:f0:28:51:6a:ae:5b:ab:9a:15:b3:98:e7:25:fb:0f:b4:
         09:2c:5d:7d:8d:09:db:f2:c4:6c:b1:b6:46:65:25:15:4b:a4:
         4c:ea:80:bb:ad:c7:bb:6a:cc:5d:3f:c9:d5:a8:02:ab:8f:df:
         95:7f:db:a9:c1:fb:98:74:8a:a4:78:67:d7:8f:7e:fc:a9:38:
         e0:d1:14:ae:d0:f9:bc:c7:81:46:66:d8:7d:6d:85:8d:b4:5e:
         ac:16:f2:41:2b:b9:b8:d9:78:9f:03:a9:bc:54:ad:1e:19:03:
         1d:9d:75:c8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfmPQiwJWlPZZUpWipkbpEyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA0MTAwOTMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Zjk1ZTExNjU5ZWIxYTczMWQ2NzVkMzdkZGE5OTExMzIyZWMwOWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1fYXkHhnZL50rXWSU8EaItWrRAus
h3luXO9c9BEBj2bbSpqDHShYRzXaFHhpPPB3+hyDnhtJmNRe5G15YXgJyMJArKI/
EWA1TN47HRgy9ygqti8/M8SOY/tTDwtk+BdNErp7TARW23DemPjIxGkl+nNLHvh1
EaCioWkV4lS3mUlWVNbfmGZy8VVFhl5IAsZ8iBh66XYIvKVdej6iKEWMb4lN79RP
1lY84q2NN3TQLFF3MrHs56QpVC3seLvHFuh4GlvRVZoX541RYNhvO+vuI621U6wJ
Ifs4ZetUlM+5PSAeLPntSLhN8REe74ZKsALZeB87vQwU94YrzCAIxjP3qQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFH+V4RZZ6xpzHWddN92pkRMi7AnKMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvZjVYaEZsbnJHbk1kWjEwMzNhbVJFeUxzQ2NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGtcKl7+Df05BC56UMIa
GruAbk8tbLwIxCePDgkb74zMZYYl0xnx+cYGzk23srb/I/qgawoQUNZ95C/v1Ja6
doTl+8m4hoIMtZmT+iWXVO7MOtf3nLGwy6QUJ/HEB1UGroLypAt99wYPREMFkBdI
Jka7Q5cdaaqsGqri64pgOqYOjRzN5qmsbbR1JbB6Zi0hi+Un8ChRaq5bq5oVs5jn
JfsPtAksXX2NCdvyxGyxtkZlJRVLpEzqgLutx7tqzF0/ydWoAquP35V/26nB+5h0
iqR4Z9ePfvypOODRFK7Q+bzHgUZm2H1thY20XqwW8kErubjZeJ8DqbxUrR4ZAx2d
dcg=
-----END CERTIFICATE-----