Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/h21_hQuFrFWHhxs_EL7Ev0dJLAY.roa
File:                     h21_hQuFrFWHhxs_EL7Ev0dJLAY.roa (raw, json)
Hash identifier:          72kMuB3A/wOURvl8fb0tZ206KPdzpH3rBuqRXzWFxxI=
Subject key identifier:   87:6D:7F:85:0B:85:AC:55:87:87:1B:3F:10:BE:C4:BF:47:49:2C:06
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01887D83C188D4F36902E91AAE8C89BC002C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/h21_hQuFrFWHhxs_EL7Ev0dJLAY.roa
Signing time:             Fri 02 Jun 2023 19:09:26 +0000
ROA not before:           Fri 02 Jun 2023 19:09:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:7d:83:c1:88:d4:f3:69:02:e9:1a:ae:8c:89:bc:00:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  2 19:09:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=876d7f850b85ac5587871b3f10bec4bf47492c06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:05:1f:d7:55:4e:cc:ed:04:d4:e2:ba:48:37:
                    18:96:70:82:36:a4:a1:6d:b6:04:77:32:71:01:f2:
                    6a:34:06:da:30:20:8c:3a:c4:4c:75:de:3a:d2:6e:
                    a2:e1:c2:1c:b1:35:61:1b:f1:59:1e:ec:4f:5c:8c:
                    81:2f:7f:21:f4:6c:1e:c3:7a:c8:74:f0:f9:67:2e:
                    bb:c6:1f:d8:26:3f:fc:b3:15:f7:c7:84:ca:50:d3:
                    f5:ba:0a:c2:ee:6d:32:11:b2:79:06:5e:59:7b:5b:
                    49:4d:79:2d:3b:70:cb:0d:fd:91:2e:d7:9e:a8:5b:
                    8e:42:92:b6:e5:82:e8:9d:95:ad:ed:cb:3f:9b:c7:
                    89:55:8c:d8:52:84:24:91:b5:4a:26:dd:e3:45:84:
                    5f:9d:b9:78:f6:e5:e0:5b:53:57:77:6a:f7:49:ff:
                    ef:6b:c1:a3:4f:94:f7:78:f6:a0:ff:07:a9:03:84:
                    9b:59:11:f1:69:6f:0a:bd:80:0b:ee:ae:00:72:05:
                    e0:31:83:e9:41:a3:66:83:8f:0a:57:ff:d6:5e:0f:
                    8b:91:fa:c6:f1:7e:13:ab:fb:2d:87:5c:f5:42:1c:
                    56:65:8f:56:19:2e:e7:2d:6d:f2:83:de:29:5e:02:
                    e7:ca:c2:d8:fa:c1:97:f7:5f:e3:a2:87:7f:3d:9c:
                    c8:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:6D:7F:85:0B:85:AC:55:87:87:1B:3F:10:BE:C4:BF:47:49:2C:06
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/h21_hQuFrFWHhxs_EL7Ev0dJLAY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         aa:a1:05:02:f4:7b:a4:db:12:97:29:03:61:ff:f2:de:0b:c6:
         a2:b6:fd:e3:4b:01:5b:fc:cf:c1:ae:f3:76:a0:93:b5:a1:be:
         57:ce:85:d8:2b:5f:9f:4d:4a:0a:cf:fa:f9:ce:6c:87:fe:53:
         59:3c:90:fb:95:a4:95:d0:7c:c2:d6:b5:3c:4b:4d:a0:f8:a8:
         fa:2f:99:38:44:74:b5:e7:b3:73:e3:ec:3c:98:fc:dc:32:e3:
         8f:12:15:25:4a:35:19:9e:25:50:e3:4b:e6:79:5a:62:66:3a:
         ae:45:38:6d:99:67:37:26:44:fa:e1:20:1c:57:a2:23:31:31:
         cf:41:fb:74:85:8c:3e:cd:1e:73:23:fe:69:e7:65:98:94:7a:
         63:61:d7:3a:3e:67:bb:8f:86:21:c1:0e:ce:79:17:85:a3:35:
         ec:f6:3a:05:b1:9b:b9:95:f8:be:37:1b:35:66:cd:7b:23:22:
         49:42:e4:dc:9b:62:1b:2a:06:05:0f:38:31:8e:d6:6c:6e:ee:
         10:20:4e:58:9a:06:b6:78:b7:e0:a2:51:08:21:cd:64:9a:9d:
         8c:5f:78:97:eb:25:03:9f:7d:b0:c7:00:92:3d:7c:be:98:25:
         5d:92:fc:ce:e5:72:7a:78:af:f4:a9:ac:d9:83:70:28:34:ad:
         50:06:0e:45
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYh9g8GI1PNpAukaroyJvAAsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjAyMTkwOTI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzZkN2Y4NTBiODVhYzU1ODc4NzFiM2YxMGJlYzRiZjQ3NDkyYzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4AUf11VOzO0E1OK6SDcYlnCCNqSh
bbYEdzJxAfJqNAbaMCCMOsRMdd460m6i4cIcsTVhG/FZHuxPXIyBL38h9Gwew3rI
dPD5Zy67xh/YJj/8sxX3x4TKUNP1ugrC7m0yEbJ5Bl5Ze1tJTXktO3DLDf2RLtee
qFuOQpK25YLonZWt7cs/m8eJVYzYUoQkkbVKJt3jRYRfnbl49uXgW1NXd2r3Sf/v
a8GjT5T3ePag/wepA4SbWRHxaW8KvYAL7q4AcgXgMYPpQaNmg48KV//WXg+LkfrG
8X4Tq/sth1z1QhxWZY9WGS7nLW3yg94pXgLnysLY+sGX91/jood/PZzIfwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIdtf4ULhaxVh4cbPxC+xL9HSSwGMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvaDIxX2hRdUZyRldIaHhzX0VMN0V2MGRKTEFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKqhBQL0e6TbEpcpA2H/
8t4LxqK2/eNLAVv8z8Gu83agk7WhvlfOhdgrX59NSgrP+vnObIf+U1k8kPuVpJXQ
fMLWtTxLTaD4qPovmThEdLXns3Pj7DyY/Nwy448SFSVKNRmeJVDjS+Z5WmJmOq5F
OG2ZZzcmRPrhIBxXoiMxMc9B+3SFjD7NHnMj/mnnZZiUemNh1zo+Z7uPhiHBDs55
F4WjNez2OgWxm7mV+L43GzVmzXsjIklC5NybYhsqBgUPODGO1mxu7hAgTliaBrZ4
t+CiUQghzWSanYxfeJfrJQOffbDHAJI9fL6YJV2S/M7lcnp4r/SprNmDcCg0rVAG
DkU=
-----END CERTIFICATE-----