Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/gCZkxw0InuDHlBxxb5e8OAL5Syc.roa
File:                     gCZkxw0InuDHlBxxb5e8OAL5Syc.roa (raw, json)
Hash identifier:          msJ/fAvvcJyQz4JsEee/pk2S1iiN/7rdL3dTVHGSMMo=
Subject key identifier:   80:26:64:C7:0D:08:9E:E0:C7:94:1C:71:6F:97:BC:38:02:F9:4B:27
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01878BE260ED87824211BF5BE19CD27A7E58
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/gCZkxw0InuDHlBxxb5e8OAL5Syc.roa
Signing time:             Sun 16 Apr 2023 21:04:41 +0000
ROA not before:           Sun 16 Apr 2023 21:04:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:187:8be2:4e4d/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:8b:e2:60:ed:87:82:42:11:bf:5b:e1:9c:d2:7a:7e:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 16 21:04:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=802664c70d089ee0c7941c716f97bc3802f94b27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:cd:0a:99:de:2d:a4:c7:f9:1c:d5:30:55:44:
                    0c:74:14:e1:de:4b:13:72:ed:cb:b1:0e:f8:b3:8a:
                    95:d0:69:2a:78:47:76:f2:da:fe:7f:49:03:87:2a:
                    01:d0:15:3f:00:5e:21:9b:30:06:f0:50:c2:a9:b7:
                    f8:36:aa:6d:de:56:bf:95:c5:dd:ac:73:53:57:b0:
                    19:4b:92:2e:39:22:79:00:99:a6:26:cb:a1:16:24:
                    50:d5:bc:7b:39:2a:b7:d3:64:93:d6:6a:93:72:98:
                    43:e7:7d:ec:c5:05:f3:9d:ee:16:33:02:b9:eb:01:
                    4c:25:0f:01:25:57:07:6d:0e:79:2b:de:a4:44:22:
                    af:09:82:d7:6e:22:c3:ca:3e:0c:46:72:89:91:89:
                    80:14:04:33:94:b4:35:ae:db:56:ad:ef:fc:31:89:
                    d6:90:86:90:7e:30:67:2d:1d:a7:17:16:bd:3e:ca:
                    a2:3c:2f:a4:b2:bc:6a:26:e5:08:8c:9e:b0:63:b9:
                    5d:5a:60:59:b5:c4:34:d4:33:36:ab:7d:25:ec:be:
                    9e:80:ee:97:e8:41:31:3e:48:e6:ec:cb:ce:dc:b6:
                    7b:81:da:30:21:6a:a3:ec:8f:d7:78:ac:79:9e:5b:
                    74:c6:39:0c:9c:d4:ce:3f:08:52:82:8a:6b:49:c9:
                    7e:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:26:64:C7:0D:08:9E:E0:C7:94:1C:71:6F:97:BC:38:02:F9:4B:27
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/gCZkxw0InuDHlBxxb5e8OAL5Syc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         71:f1:ea:23:3a:8d:04:24:0f:da:7b:f7:d6:84:09:8a:9b:1e:
         eb:d2:c7:b6:5e:ce:ae:2d:35:20:8f:61:8b:1e:80:b5:12:1a:
         6f:af:3f:1d:31:78:5f:b9:17:82:03:7f:ef:8a:a2:dc:e1:5f:
         97:be:03:4b:d0:64:36:fa:eb:d6:b5:1f:06:bc:58:c0:32:0e:
         5f:0a:94:ef:86:8d:6f:6c:f7:8d:e8:13:29:2c:74:29:cb:40:
         29:12:9d:93:12:da:32:97:5d:cf:09:83:d8:22:ca:c8:e6:e0:
         5d:5c:1a:44:47:8a:a9:b1:a1:1e:25:96:8a:70:71:4b:66:f0:
         11:fa:08:50:95:51:be:81:47:fc:13:8f:c6:36:ee:15:00:5a:
         36:7e:8a:74:68:60:d9:0b:34:6b:56:16:93:b2:ec:91:49:34:
         85:0b:bd:33:ae:e2:60:a1:34:36:ba:82:32:14:8e:3f:9e:8d:
         c1:90:6e:95:f8:84:54:5a:01:62:bc:59:9d:48:ed:0f:18:9f:
         a8:c0:58:1f:d2:04:f6:49:68:d0:47:17:97:6b:69:fa:6a:e4:
         44:cd:57:6a:7d:44:71:ab:e0:72:30:1b:32:5c:50:31:d5:d9:
         e3:e9:30:65:9b:80:e6:4b:3b:e2:b4:77:ad:f8:74:39:73:e5:
         d0:28:b0:ca
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYeL4mDth4JCEb9b4ZzSen5YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDE2MjEwNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDI2NjRjNzBkMDg5ZWUwYzc5NDFjNzE2Zjk3YmMzODAyZjk0YjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh80Kmd4tpMf5HNUwVUQMdBTh3ksT
cu3LsQ74s4qV0GkqeEd28tr+f0kDhyoB0BU/AF4hmzAG8FDCqbf4Nqpt3la/lcXd
rHNTV7AZS5IuOSJ5AJmmJsuhFiRQ1bx7OSq302ST1mqTcphD533sxQXzne4WMwK5
6wFMJQ8BJVcHbQ55K96kRCKvCYLXbiLDyj4MRnKJkYmAFAQzlLQ1rttWre/8MYnW
kIaQfjBnLR2nFxa9PsqiPC+ksrxqJuUIjJ6wY7ldWmBZtcQ01DM2q30l7L6egO6X
6EExPkjm7MvO3LZ7gdowIWqj7I/XeKx5nlt0xjkMnNTOPwhSgoprScl+dQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIAmZMcNCJ7gx5QccW+XvDgC+UsnMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvZ0Naa3h3MEludURIbEJ4eGI1ZThPQUw1U3ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHHx6iM6jQQkD9p799aE
CYqbHuvSx7Zezq4tNSCPYYsegLUSGm+vPx0xeF+5F4IDf++KotzhX5e+A0vQZDb6
69a1Hwa8WMAyDl8KlO+GjW9s943oEyksdCnLQCkSnZMS2jKXXc8Jg9giysjm4F1c
GkRHiqmxoR4llopwcUtm8BH6CFCVUb6BR/wTj8Y27hUAWjZ+inRoYNkLNGtWFpOy
7JFJNIULvTOu4mChNDa6gjIUjj+ejcGQbpX4hFRaAWK8WZ1I7Q8Yn6jAWB/SBPZJ
aNBHF5drafpq5ETNV2p9RHGr4HIwGzJcUDHV2ePpMGWbgOZLO+K0d634dDlz5dAo
sMo=
-----END CERTIFICATE-----