Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/fswAwxI3lOcbptMtm2KRSXiaJSY.roa
File:                     fswAwxI3lOcbptMtm2KRSXiaJSY.roa (raw, json)
Hash identifier:          IwoKQ15as1QvDuczbS4oMdCVfGFfLEoaFHkoIKCx9+8=
Subject key identifier:   7E:CC:00:C3:12:37:94:E7:1B:A6:D3:2D:9B:62:91:49:78:9A:25:26
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018785AFC4639DC017AB93C1800201F8BA35
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/fswAwxI3lOcbptMtm2KRSXiaJSY.roa
Signing time:             Sat 15 Apr 2023 16:11:41 +0000
ROA not before:           Sat 15 Apr 2023 16:11:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:85:af:c4:63:9d:c0:17:ab:93:c1:80:02:01:f8:ba:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 15 16:11:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7ecc00c3123794e71ba6d32d9b629149789a2526
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:41:bc:3f:05:ce:3b:d0:3f:35:b0:5a:16:a1:
                    8d:0a:8a:64:83:5e:84:a2:b7:26:99:2a:80:ec:c8:
                    7f:3a:c5:3f:0c:5c:32:18:0b:71:71:58:33:54:e7:
                    42:67:c7:27:c4:7c:db:85:25:e3:09:d2:53:88:ea:
                    1c:df:9a:23:e9:53:10:e8:b3:46:a5:20:88:e5:65:
                    7d:ca:eb:9a:b0:9b:c3:a0:b3:46:b2:c9:d1:a5:f5:
                    33:46:17:a9:70:32:6a:c4:62:72:f5:d1:19:66:cf:
                    94:60:f7:a5:e2:13:5e:26:9a:62:80:56:a7:53:ec:
                    20:e5:f8:cf:50:5d:4d:29:d0:d7:a5:a3:7f:a3:f6:
                    55:96:3b:ca:fa:97:34:2c:ff:73:87:e6:25:f1:9b:
                    05:ae:bd:b0:cd:96:ef:7d:6c:ac:d1:41:f8:84:c2:
                    73:5b:14:3c:2d:eb:d4:eb:af:c7:ab:52:b0:e2:28:
                    0d:83:df:f4:e9:dd:b9:81:1b:3c:24:c1:b3:42:b8:
                    c7:ef:69:74:c6:09:cf:27:92:89:ed:e5:9f:2e:92:
                    b4:16:26:a4:8c:19:2c:a9:60:b6:7d:5c:cd:22:13:
                    59:db:69:6e:98:65:1a:e1:42:f6:73:0e:cd:81:6a:
                    40:3a:10:22:3a:f2:89:00:28:f3:5c:ae:70:59:b8:
                    ce:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:CC:00:C3:12:37:94:E7:1B:A6:D3:2D:9B:62:91:49:78:9A:25:26
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/fswAwxI3lOcbptMtm2KRSXiaJSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:f1:b5:9f:94:32:84:b1:7b:da:9e:4e:a2:ad:ae:9b:40:04:
         42:f0:c1:18:18:65:46:0b:47:03:4a:bd:96:7c:51:33:f4:66:
         5e:14:a0:1b:3e:67:7a:29:92:da:e8:fb:07:c0:2c:4e:32:ab:
         b5:c6:91:d0:ad:51:48:c2:d6:41:e5:d8:38:9d:7a:ff:61:99:
         1a:98:57:e8:4d:cd:48:6a:db:8c:ac:a1:d2:2d:1c:95:d1:45:
         d2:65:11:fe:fe:c0:04:c4:99:54:25:6f:20:41:9e:0e:34:49:
         5d:06:95:5a:8d:e3:d2:a8:a7:ff:c7:38:98:5c:de:62:77:15:
         c4:1e:0d:5e:70:01:78:77:52:bc:35:72:30:b2:ee:0d:4b:56:
         75:e1:2e:a6:04:28:56:65:2d:d9:e2:13:73:1a:c0:14:79:75:
         f7:4e:d4:30:74:5d:d7:b5:fe:cb:15:02:28:bb:71:3f:4c:16:
         b2:90:5e:db:31:3f:2b:a1:10:4c:e4:a8:f6:9f:e0:97:05:99:
         8b:68:87:70:57:e9:ca:15:3f:b3:4d:35:57:3b:ae:7c:66:9e:
         b5:d8:f6:ed:f0:ee:a8:a2:ec:6f:1d:7d:71:89:ea:bb:26:4b:
         dd:d1:02:c5:76:94:7b:d7:1e:49:5a:48:60:40:18:85:52:7b:
         4c:f5:10:3f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYeFr8RjncAXq5PBgAIB+Lo1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDE1MTYxMTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWNjMDBjMzEyMzc5NGU3MWJhNmQzMmQ5YjYyOTE0OTc4OWEyNTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjEG8PwXOO9A/NbBaFqGNCopkg16E
orcmmSqA7Mh/OsU/DFwyGAtxcVgzVOdCZ8cnxHzbhSXjCdJTiOoc35oj6VMQ6LNG
pSCI5WV9yuuasJvDoLNGssnRpfUzRhepcDJqxGJy9dEZZs+UYPel4hNeJppigFan
U+wg5fjPUF1NKdDXpaN/o/ZVljvK+pc0LP9zh+Yl8ZsFrr2wzZbvfWys0UH4hMJz
WxQ8LevU66/Hq1Kw4igNg9/06d25gRs8JMGzQrjH72l0xgnPJ5KJ7eWfLpK0Fiak
jBksqWC2fVzNIhNZ22lumGUa4UL2cw7NgWpAOhAiOvKJACjzXK5wWbjOgQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFH7MAMMSN5TnG6bTLZtikUl4miUmMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvZnN3QXd4STNsT2NicHRNdG0yS1JTWGlhSlNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADLxtZ+UMoSxe9qeTqKt
rptABELwwRgYZUYLRwNKvZZ8UTP0Zl4UoBs+Z3opktro+wfALE4yq7XGkdCtUUjC
1kHl2Didev9hmRqYV+hNzUhq24ysodItHJXRRdJlEf7+wATEmVQlbyBBng40SV0G
lVqN49Kop//HOJhc3mJ3FcQeDV5wAXh3Urw1cjCy7g1LVnXhLqYEKFZlLdniE3Ma
wBR5dfdO1DB0Xde1/ssVAii7cT9MFrKQXtsxPyuhEEzkqPaf4JcFmYtoh3BX6coV
P7NNNVc7rnxmnrXY9u3w7qii7G8dfXGJ6rsmS93RAsV2lHvXHklaSGBAGIVSe0z1
ED8=
-----END CERTIFICATE-----