Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/gozMfxdTLAp-UeE76XBfDB_BM04.roa
File:                     gozMfxdTLAp-UeE76XBfDB_BM04.roa (raw, json)
Hash identifier:          YZf4r4mJdi216pnQABZHj/tIHQ5tUALvMxCAVCeEQ68=
Subject key identifier:   82:8C:CC:7F:17:53:2C:0A:7E:51:E1:3B:E9:70:5F:0C:1F:C1:33:4E
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187A9ECCF0434C9463F96DF2758F2D54C21
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/gozMfxdTLAp-UeE76XBfDB_BM04.roa
Signing time:             Sat 22 Apr 2023 17:04:41 +0000
ROA not before:           Sat 22 Apr 2023 17:04:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:187:a9ec:b827/128 maxlen: 128
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:a9:ec:cf:04:34:c9:46:3f:96:df:27:58:f2:d5:4c:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 22 17:04:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=828ccc7f17532c0a7e51e13be9705f0c1fc1334e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:78:ee:ee:0b:e3:d7:57:41:67:a8:65:53:7a:
                    19:ed:38:b0:ac:7b:f8:ea:48:19:59:44:c9:bd:27:
                    75:c8:61:db:4d:02:93:0c:2f:86:f2:da:54:5c:85:
                    8d:ec:48:1f:43:93:bc:7d:50:17:27:c3:1b:09:35:
                    b7:1f:c8:dd:c7:33:28:90:c6:a2:95:be:c4:60:65:
                    93:05:2d:f6:01:ed:42:b9:69:3c:84:4e:bc:6d:2a:
                    fe:71:b6:f9:53:88:8b:b0:c3:5c:8e:a5:3a:0e:79:
                    f1:a9:cb:4a:1d:08:71:37:0a:fd:2a:c0:50:0b:e6:
                    a9:44:2d:07:d9:01:20:dd:0d:b3:a0:90:e8:03:37:
                    a8:fd:8f:3e:63:bc:99:cc:b5:6d:29:e3:58:53:5c:
                    e3:16:79:db:72:51:69:0f:5f:52:8c:67:ed:1e:c8:
                    89:ba:e5:20:76:c1:f4:76:24:96:00:9e:f9:c1:bc:
                    76:99:d0:27:26:c0:e0:6d:05:82:61:fb:40:40:52:
                    da:6b:20:82:d4:2a:3c:2e:d7:53:06:5f:0f:ec:43:
                    8d:d4:f8:f5:24:f8:6e:76:8a:09:48:77:35:81:a4:
                    e7:20:e5:5b:af:10:91:3b:43:8d:94:98:5f:80:85:
                    2c:97:f6:9e:db:d4:c5:89:71:9a:11:9d:ec:48:56:
                    7d:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:8C:CC:7F:17:53:2C:0A:7E:51:E1:3B:E9:70:5F:0C:1F:C1:33:4E
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/gozMfxdTLAp-UeE76XBfDB_BM04.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         25:fc:5e:dc:93:5d:40:90:ad:46:a4:ea:6b:bd:c3:6e:59:dd:
         52:db:15:8e:1c:20:22:16:28:3e:5c:f7:83:91:a5:9c:0f:85:
         63:d3:e7:f9:f3:31:50:43:bb:a2:94:8e:71:cb:2c:58:62:25:
         30:fb:62:0c:a9:f1:a6:3b:70:00:3c:ff:cf:fc:c2:cd:53:e3:
         d5:b9:99:05:a7:ef:3c:68:8f:80:d2:ec:a9:17:a0:e7:2f:e4:
         fc:a8:08:87:59:25:40:3a:7a:ac:ea:f9:62:ef:dd:6c:0a:dc:
         33:b2:56:e1:0a:75:69:77:d5:51:4c:17:f8:cb:89:46:82:e3:
         42:41:da:0c:dd:f7:79:cf:73:53:3a:ee:15:66:96:a6:c9:b9:
         d9:38:fa:1b:99:c5:59:c3:99:dc:63:47:28:d2:17:be:71:e9:
         0f:82:92:4e:dc:16:77:01:fc:e5:95:25:c3:f2:27:4b:4b:b2:
         30:ee:6a:62:5b:dd:53:35:8f:f3:64:80:7a:b4:2d:78:20:1b:
         18:f5:0a:0a:af:79:c5:6b:3a:64:d4:f5:b6:67:40:f4:16:62:
         2d:e2:e3:82:49:58:ed:10:d5:9d:ec:76:64:ef:9d:26:a2:da:
         f7:0d:10:d9:28:1e:9f:5e:87:8a:10:ff:96:f2:2b:2a:20:af:
         f2:ec:33:26
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYep7M8ENMlGP5bfJ1jy1UwhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDIyMTcwNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjhjY2M3ZjE3NTMyYzBhN2U1MWUxM2JlOTcwNWYwYzFmYzEzMzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAknju7gvj11dBZ6hlU3oZ7TiwrHv4
6kgZWUTJvSd1yGHbTQKTDC+G8tpUXIWN7EgfQ5O8fVAXJ8MbCTW3H8jdxzMokMai
lb7EYGWTBS32Ae1CuWk8hE68bSr+cbb5U4iLsMNcjqU6DnnxqctKHQhxNwr9KsBQ
C+apRC0H2QEg3Q2zoJDoAzeo/Y8+Y7yZzLVtKeNYU1zjFnnbclFpD19SjGftHsiJ
uuUgdsH0diSWAJ75wbx2mdAnJsDgbQWCYftAQFLaayCC1Co8LtdTBl8P7EON1Pj1
JPhudooJSHc1gaTnIOVbrxCRO0ONlJhfgIUsl/ae29TFiXGaEZ3sSFZ9IQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIKMzH8XUywKflHhO+lwXwwfwTNOMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvZ296TWZ4ZFRMQXAtVWVFNzZYQmZEQl9CTTA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACX8XtyTXUCQrUak6mu9
w25Z3VLbFY4cICIWKD5c94ORpZwPhWPT5/nzMVBDu6KUjnHLLFhiJTD7Ygyp8aY7
cAA8/8/8ws1T49W5mQWn7zxoj4DS7KkXoOcv5PyoCIdZJUA6eqzq+WLv3WwK3DOy
VuEKdWl31VFMF/jLiUaC40JB2gzd93nPc1M67hVmlqbJudk4+huZxVnDmdxjRyjS
F75x6Q+Ckk7cFncB/OWVJcPyJ0tLsjDuamJb3VM1j/NkgHq0LXggGxj1CgqvecVr
OmTU9bZnQPQWYi3i44JJWO0Q1Z3sdmTvnSai2vcNENkoHp9eh4oQ/5byKyogr/Ls
MyY=
-----END CERTIFICATE-----