Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/gpnqErpWi8RikoiBtgmxj92pzs4.roa
File:                     gpnqErpWi8RikoiBtgmxj92pzs4.roa (raw, json)
Hash identifier:          AB5qR6kwr5dHKrftjRXFiQWaHp14/f/uQBIj8HvWK0Y=
Subject key identifier:   82:99:EA:12:BA:56:8B:C4:62:92:88:81:B6:09:B1:8F:DD:A9:CE:CE
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01872332FBE22EC664F5CEBBE54884E7D862
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/gpnqErpWi8RikoiBtgmxj92pzs4.roa
Signing time:             Mon 27 Mar 2023 13:12:36 +0000
ROA not before:           Mon 27 Mar 2023 13:12:36 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:23:32:fb:e2:2e:c6:64:f5:ce:bb:e5:48:84:e7:d8:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 27 13:12:36 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8299ea12ba568bc462928881b609b18fdda9cece
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:7c:db:b2:7d:c1:9c:86:59:7e:fc:8f:b9:c1:
                    96:e8:a5:2c:17:01:87:92:7a:68:df:a9:8a:48:ef:
                    b7:3b:76:d4:7d:d5:cb:08:e2:64:3d:fe:21:f6:33:
                    1f:dd:25:4a:bb:63:24:be:a2:50:e8:4d:27:5d:38:
                    dd:23:0e:d6:b0:12:bb:b2:8d:ca:b5:74:17:b1:d2:
                    23:3f:32:86:16:28:ad:90:3b:e9:21:5e:c8:a9:65:
                    c2:a8:d1:1f:cb:79:07:2d:f5:d4:8a:1b:9d:cf:44:
                    2b:f6:f4:7b:75:0f:80:eb:4b:7c:2c:fe:16:76:40:
                    28:1b:f9:bb:52:b0:b8:af:46:34:90:27:b8:cd:43:
                    08:f8:6f:e7:c6:78:b0:f5:4c:85:b0:2d:b8:2b:c1:
                    79:7f:c5:fb:3b:d3:9f:15:c9:ca:3f:8b:d1:1b:de:
                    38:d2:d4:32:5f:33:87:94:f5:37:52:e2:8e:05:62:
                    86:83:53:30:c2:ee:34:77:57:84:9e:a9:fc:b1:55:
                    c4:d3:ac:6c:a3:ae:d5:00:39:0b:91:0a:16:b6:5f:
                    33:c2:82:88:f1:86:a0:2d:7d:c3:87:f3:99:db:9f:
                    5a:36:03:9d:fd:8b:d3:4e:05:85:a1:bc:e7:4e:b2:
                    fe:5d:09:34:68:ed:d9:5c:ae:c8:d9:b0:b3:26:48:
                    f6:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:99:EA:12:BA:56:8B:C4:62:92:88:81:B6:09:B1:8F:DD:A9:CE:CE
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/gpnqErpWi8RikoiBtgmxj92pzs4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         8f:fe:cd:cf:6c:7c:2b:ea:26:ae:de:8f:5f:62:ca:03:7c:03:
         0a:58:fa:45:f6:10:3a:3f:a3:cf:c7:20:9d:c5:d2:8b:a8:6c:
         b9:f8:50:52:f3:10:fc:d2:c0:8b:db:80:0b:52:e1:9f:04:d4:
         af:1b:3a:e9:2d:a5:6c:bf:1f:96:9c:c4:12:dc:20:27:8b:0d:
         af:ad:78:6b:c6:fb:14:9f:10:65:72:69:49:c3:99:36:71:a7:
         c3:f1:fa:4a:0a:8e:ee:df:0c:bf:b1:8b:45:e7:da:cf:c0:f8:
         09:60:22:ec:29:81:32:48:73:e0:69:ca:07:0f:09:c7:de:bc:
         22:7a:8f:51:fa:cd:dc:bc:2d:ec:8d:21:f1:ad:64:b5:60:45:
         d7:0b:2f:80:ed:08:a0:5a:c7:db:cb:d0:4c:97:7b:c2:05:6f:
         46:f7:1d:4c:4e:db:09:4b:27:48:4c:49:69:bb:79:01:8f:72:
         9c:44:a3:9d:4f:dd:b3:ab:50:0d:57:76:f3:36:4e:0f:b6:99:
         1c:64:b2:22:83:bc:10:88:15:f8:1c:39:c9:cf:d7:23:29:de:
         84:4c:8d:e7:59:5f:75:00:49:2d:66:42:ed:fa:13:4c:ba:8d:
         0f:92:5f:74:00:da:20:d1:d4:52:07:00:11:0c:18:c8:f9:61:
         55:86:3f:62
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcjMvviLsZk9c675UiE59hiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI3MTMxMjM2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Mjk5ZWExMmJhNTY4YmM0NjI5Mjg4ODFiNjA5YjE4ZmRkYTljZWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxHzbsn3BnIZZfvyPucGW6KUsFwGH
knpo36mKSO+3O3bUfdXLCOJkPf4h9jMf3SVKu2MkvqJQ6E0nXTjdIw7WsBK7so3K
tXQXsdIjPzKGFiitkDvpIV7IqWXCqNEfy3kHLfXUihudz0Qr9vR7dQ+A60t8LP4W
dkAoG/m7UrC4r0Y0kCe4zUMI+G/nxniw9UyFsC24K8F5f8X7O9OfFcnKP4vRG944
0tQyXzOHlPU3UuKOBWKGg1Mwwu40d1eEnqn8sVXE06xso67VADkLkQoWtl8zwoKI
8YagLX3Dh/OZ259aNgOd/YvTTgWFobznTrL+XQk0aO3ZXK7I2bCzJkj2qQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIKZ6hK6VovEYpKIgbYJsY/dqc7OMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvZ3BucUVycFdpOFJpa29pQnRnbXhqOTJwenM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAI/+zc9sfCvqJq7ej19i
ygN8AwpY+kX2EDo/o8/HIJ3F0ouobLn4UFLzEPzSwIvbgAtS4Z8E1K8bOuktpWy/
H5acxBLcICeLDa+teGvG+xSfEGVyaUnDmTZxp8Px+koKju7fDL+xi0Xn2s/A+Alg
IuwpgTJIc+BpygcPCcfevCJ6j1H6zdy8LeyNIfGtZLVgRdcLL4DtCKBax9vL0EyX
e8IFb0b3HUxO2wlLJ0hMSWm7eQGPcpxEo51P3bOrUA1XdvM2Tg+2mRxksiKDvBCI
FfgcOcnP1yMp3oRMjedZX3UASS1mQu36E0y6jQ+SX3QA2iDR1FIHABEMGMj5YVWG
P2I=
-----END CERTIFICATE-----