Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hbpgZTnJRq4bxudm6HXebGdnWNU.roa
File:                     hbpgZTnJRq4bxudm6HXebGdnWNU.roa (raw, json)
Hash identifier:          ljIYwpEm1jGdSyOzFw6aJReX+eWpqlgh+kqwnAyq8cg=
Subject key identifier:   85:BA:60:65:39:C9:46:AE:1B:C6:E7:66:E8:75:DE:6C:67:67:58:D5
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187646C759ABF944F5C220B356BB64D70BF
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hbpgZTnJRq4bxudm6HXebGdnWNU.roa
Signing time:             Sun 09 Apr 2023 05:10:42 +0000
ROA not before:           Sun 09 Apr 2023 05:10:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:64:6c:75:9a:bf:94:4f:5c:22:0b:35:6b:b6:4d:70:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  9 05:10:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=85ba606539c946ae1bc6e766e875de6c676758d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:02:9d:66:94:01:a7:af:06:5c:5e:ef:46:56:
                    99:87:4c:7b:9a:b3:bd:f0:e0:2c:30:95:cf:c0:a8:
                    5a:ce:4b:8d:b5:7f:e1:13:56:d4:76:4b:57:ad:3a:
                    a5:0d:f7:b7:31:d4:16:85:f2:e3:66:ba:b4:9c:f5:
                    72:0d:6c:c3:df:1f:82:42:7c:69:4f:f8:a4:e6:03:
                    94:d7:bc:de:d2:62:41:54:8a:77:64:b8:48:51:44:
                    d4:5e:37:b8:f2:16:2d:f9:fc:6b:34:09:ba:30:03:
                    0e:33:63:f1:59:cd:66:0d:47:69:9d:bf:a5:9d:33:
                    ed:37:c2:d2:c7:ca:9b:ca:a6:ea:6e:41:e0:99:e3:
                    0c:7d:3c:64:25:b2:fa:69:29:b4:21:f6:45:6d:f4:
                    39:e0:f3:71:c0:f4:27:a3:f2:56:75:af:d8:58:d0:
                    4a:6c:3e:3b:9c:a6:eb:a1:61:cf:a5:54:31:a7:4b:
                    b6:77:83:ea:7a:50:a3:da:91:ad:e2:12:b5:18:ae:
                    b1:d6:e1:29:20:58:80:44:7e:02:e1:4d:72:c3:6b:
                    33:9b:a3:4c:0a:37:a8:51:96:b8:02:a2:b7:a5:4e:
                    f6:52:da:c6:68:35:79:09:6b:f0:ec:8b:fb:e6:dd:
                    47:a0:b6:54:6d:56:c9:07:d7:0c:d4:f9:8b:e7:c6:
                    a3:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:BA:60:65:39:C9:46:AE:1B:C6:E7:66:E8:75:DE:6C:67:67:58:D5
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hbpgZTnJRq4bxudm6HXebGdnWNU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a6:02:42:94:2d:21:e3:b2:59:bf:2c:ba:69:9e:06:d5:cd:35:
         e2:b0:ec:7c:e2:a4:15:52:fa:c0:4e:b9:58:8d:fb:43:db:5e:
         12:1e:90:b0:eb:76:f2:fb:08:81:99:90:dd:d1:41:24:8a:73:
         fc:11:cc:38:30:71:d2:1e:5b:4e:8c:5b:a4:38:03:c6:63:e4:
         40:94:00:0c:44:1f:55:ac:d5:d9:e5:e0:2c:d7:14:04:f8:64:
         79:1d:ac:16:a4:23:16:4a:b9:23:be:d9:e1:c9:5a:a9:5b:d8:
         75:6c:1d:6d:01:09:8f:2d:a0:07:1b:80:e7:fa:97:b5:73:4b:
         8c:b6:75:79:f9:e8:15:ab:cf:0c:e2:c8:ac:df:1e:1c:d8:c3:
         00:b9:00:bd:3c:a3:bf:48:e7:f4:38:46:91:5d:a2:32:f9:d1:
         43:0d:05:79:a5:2a:23:dd:87:a7:d7:78:b2:ab:81:02:ca:45:
         8b:5b:2c:22:9c:4d:fd:5a:f8:37:b1:d4:7a:01:af:a7:48:c0:
         61:8c:ea:ea:cd:40:b9:cd:7f:e6:13:98:17:db:89:4c:95:db:
         2c:25:85:b9:ea:32:9f:eb:c9:dc:cf:5b:15:b7:98:c5:c5:68:
         cb:cb:f8:68:ae:39:a9:db:ba:6e:51:41:f8:01:85:ed:3e:21:
         d2:34:d9:1f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdkbHWav5RPXCILNWu2TXC/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDA5MDUxMDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWJhNjA2NTM5Yzk0NmFlMWJjNmU3NjZlODc1ZGU2YzY3Njc1OGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAKdZpQBp68GXF7vRlaZh0x7mrO9
8OAsMJXPwKhazkuNtX/hE1bUdktXrTqlDfe3MdQWhfLjZrq0nPVyDWzD3x+CQnxp
T/ik5gOU17ze0mJBVIp3ZLhIUUTUXje48hYt+fxrNAm6MAMOM2PxWc1mDUdpnb+l
nTPtN8LSx8qbyqbqbkHgmeMMfTxkJbL6aSm0IfZFbfQ54PNxwPQno/JWda/YWNBK
bD47nKbroWHPpVQxp0u2d4PqelCj2pGt4hK1GK6x1uEpIFiARH4C4U1yw2szm6NM
CjeoUZa4AqK3pU72UtrGaDV5CWvw7Iv75t1HoLZUbVbJB9cM1PmL58ajIwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIW6YGU5yUauG8bnZuh13mxnZ1jVMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvaGJwZ1pUbkpScTRieHVkbTZIWGViR2RuV05VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKYCQpQtIeOyWb8summe
BtXNNeKw7HzipBVS+sBOuViN+0PbXhIekLDrdvL7CIGZkN3RQSSKc/wRzDgwcdIe
W06MW6Q4A8Zj5ECUAAxEH1Ws1dnl4CzXFAT4ZHkdrBakIxZKuSO+2eHJWqlb2HVs
HW0BCY8toAcbgOf6l7VzS4y2dXn56BWrzwziyKzfHhzYwwC5AL08o79I5/Q4RpFd
ojL50UMNBXmlKiPdh6fXeLKrgQLKRYtbLCKcTf1a+Dex1HoBr6dIwGGM6urNQLnN
f+YTmBfbiUyV2ywlhbnqMp/rydzPWxW3mMXFaMvL+GiuOanbum5RQfgBhe0+IdI0
2R8=
-----END CERTIFICATE-----