Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/h_wXz6G6T4-So-Og0iyO7Ab6d6g.roa
File:                     h_wXz6G6T4-So-Og0iyO7Ab6d6g.roa (raw, json)
Hash identifier:          A0nyceyzAO+VYKW8MxvIu/AIGxV7nv9/uTEBWw1KOUg=
Subject key identifier:   87:FC:17:CF:A1:BA:4F:8F:92:A3:E3:A0:D2:2C:8E:EC:06:FA:77:A8
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01872B94DDDD03AA289423F4909070E6C263
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/h_wXz6G6T4-So-Og0iyO7Ab6d6g.roa
Signing time:             Wed 29 Mar 2023 04:16:29 +0000
ROA not before:           Wed 29 Mar 2023 04:16:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:2b:94:dd:dd:03:aa:28:94:23:f4:90:90:70:e6:c2:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 29 04:16:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=87fc17cfa1ba4f8f92a3e3a0d22c8eec06fa77a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:b4:45:74:67:de:d7:90:29:77:ec:9e:20:84:
                    69:88:8f:db:74:26:ff:97:a4:e6:a1:8f:d9:3c:06:
                    6b:5f:5a:18:3f:37:d1:10:23:4d:8f:0a:73:97:64:
                    3a:b5:8a:c6:16:d8:56:6c:3f:cd:c8:22:07:6c:a5:
                    da:8b:39:d9:1f:17:8b:0b:b8:08:0d:1c:e2:62:37:
                    28:10:fe:80:1c:05:09:8e:5a:74:e0:83:71:fc:c8:
                    fd:fa:cd:e0:02:e3:34:71:bf:a8:11:78:7a:6c:b5:
                    31:42:3e:22:ca:cc:8a:e7:58:a7:11:e3:d2:53:63:
                    f8:5c:6e:c9:b0:1e:d2:e7:99:cd:96:c1:dd:98:eb:
                    98:62:0c:d1:cd:e8:ef:92:1e:36:80:40:fa:a4:dd:
                    ce:bb:15:9f:e9:f7:86:de:8f:3a:fc:4e:57:1b:76:
                    19:f2:0a:d7:8d:4c:00:2a:9c:fe:86:b4:b6:5a:02:
                    92:e2:23:0b:00:85:7e:e9:53:10:5a:d3:e2:56:e8:
                    f2:c4:55:46:3d:33:5f:3f:70:71:e0:48:d3:23:2b:
                    e1:e1:49:94:8e:63:08:8c:44:62:b2:e5:7a:f5:09:
                    be:41:01:8f:74:f0:76:da:a8:e6:79:b9:54:a7:8f:
                    a7:31:4f:55:5d:13:a9:ca:5b:21:90:e8:09:04:36:
                    af:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:FC:17:CF:A1:BA:4F:8F:92:A3:E3:A0:D2:2C:8E:EC:06:FA:77:A8
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/h_wXz6G6T4-So-Og0iyO7Ab6d6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:aa:76:fd:0e:b6:96:f6:ca:3e:e4:87:07:96:4d:5c:6b:1b:
         e3:0e:d3:a3:36:62:d3:ec:f8:99:47:87:d6:bb:ab:41:84:4b:
         73:d9:3d:29:ac:bd:f8:d3:87:84:fa:d2:3d:93:4d:c9:09:e7:
         8b:37:fb:a2:8a:b4:0b:c4:ee:58:a2:30:3b:c8:8d:92:45:9e:
         d6:b9:2b:30:ef:37:9d:00:82:f9:81:eb:dc:a6:4e:9a:d4:4f:
         60:11:14:2f:29:ff:3f:5a:dc:39:6e:d7:68:1b:42:02:c5:22:
         76:a0:3d:23:af:0c:68:f6:75:70:b6:b9:21:25:de:f4:d8:17:
         c2:70:a8:7d:2a:a1:c8:7a:a8:44:05:40:72:eb:0e:87:f0:23:
         ba:52:da:c9:32:e6:e8:25:79:7e:3b:b3:6b:12:da:e3:bf:53:
         3f:82:00:f7:b0:dd:e4:2b:a0:52:13:4b:27:30:aa:b4:f3:94:
         08:9d:dc:7d:c2:0c:f0:bb:f0:51:27:e2:17:00:77:e1:f3:0f:
         eb:3a:86:43:e3:d1:a7:39:b7:e7:ad:51:c9:0b:12:d8:92:56:
         41:67:bb:00:94:ca:ad:2b:ab:12:fd:26:64:6b:16:65:72:1d:
         85:ef:e5:29:c9:52:8f:1e:8b:70:a5:2b:dc:6a:77:f1:9e:ce:
         64:98:51:e3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcrlN3dA6oolCP0kJBw5sJjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI5MDQxNjI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2ZjMTdjZmExYmE0ZjhmOTJhM2UzYTBkMjJjOGVlYzA2ZmE3N2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbRFdGfe15Apd+yeIIRpiI/bdCb/
l6TmoY/ZPAZrX1oYPzfRECNNjwpzl2Q6tYrGFthWbD/NyCIHbKXaiznZHxeLC7gI
DRziYjcoEP6AHAUJjlp04INx/Mj9+s3gAuM0cb+oEXh6bLUxQj4iysyK51inEePS
U2P4XG7JsB7S55nNlsHdmOuYYgzRzejvkh42gED6pN3OuxWf6feG3o86/E5XG3YZ
8grXjUwAKpz+hrS2WgKS4iMLAIV+6VMQWtPiVujyxFVGPTNfP3Bx4EjTIyvh4UmU
jmMIjERisuV69Qm+QQGPdPB22qjmeblUp4+nMU9VXROpylshkOgJBDavtwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIf8F8+huk+PkqPjoNIsjuwG+neoMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvaF93WHo2RzZUNC1Tby1PZzBpeU83QWI2ZDZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAC2qdv0Otpb2yj7khweW
TVxrG+MO06M2YtPs+JlHh9a7q0GES3PZPSmsvfjTh4T60j2TTckJ54s3+6KKtAvE
7liiMDvIjZJFnta5KzDvN50AgvmB69ymTprUT2ARFC8p/z9a3Dlu12gbQgLFInag
PSOvDGj2dXC2uSEl3vTYF8JwqH0qoch6qEQFQHLrDofwI7pS2sky5ugleX47s2sS
2uO/Uz+CAPew3eQroFITSycwqrTzlAid3H3CDPC78FEn4hcAd+HzD+s6hkPj0ac5
t+etUckLEtiSVkFnuwCUyq0rqxL9JmRrFmVyHYXv5SnJUo8ei3ClK9xqd/GezmSY
UeM=
-----END CERTIFICATE-----