Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hkZbC_6osnJ13sADtGPpKbRsMoY.roa
File:                     hkZbC_6osnJ13sADtGPpKbRsMoY.roa (raw, json)
Hash identifier:          XedTOk7eaKecdId8hWzkh72sJ8B41hK5U1c3tUwBlVg=
Subject key identifier:   86:46:5B:0B:FE:A8:B2:72:75:DE:C0:03:B4:63:E9:29:B4:6C:32:86
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018797EC0AA9973F3E615A3C5EDA791D2538
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hkZbC_6osnJ13sADtGPpKbRsMoY.roa
Signing time:             Wed 19 Apr 2023 05:10:41 +0000
ROA not before:           Wed 19 Apr 2023 05:10:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:97:ec:0a:a9:97:3f:3e:61:5a:3c:5e:da:79:1d:25:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 19 05:10:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=86465b0bfea8b27275dec003b463e929b46c3286
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:d2:a6:ac:55:0e:67:d8:15:40:9b:f5:f2:ba:
                    e1:f6:df:d7:2f:14:6e:00:9f:6a:16:b9:29:55:8c:
                    2d:2f:69:71:fd:14:ac:79:3c:f6:14:8e:4d:d3:50:
                    3a:bf:c0:d5:92:b0:4b:aa:e8:24:a8:9b:db:52:5f:
                    1f:dc:4d:f1:4b:7b:e7:75:f2:55:1c:60:ee:24:b0:
                    d0:33:61:a5:d7:fb:21:e6:1e:59:ea:91:58:6c:d3:
                    32:f7:3b:62:89:b4:b2:61:f7:78:d4:e7:e8:af:73:
                    7b:81:37:16:7f:fe:d5:e2:17:c2:aa:05:c2:2a:2c:
                    7f:b1:a0:68:49:b0:d0:fa:70:cc:f5:8c:71:45:57:
                    d7:dd:8a:05:26:43:e4:f4:58:c7:59:33:f0:c2:05:
                    78:b7:bc:c3:9a:5c:13:78:c2:e3:b0:0c:dc:42:f1:
                    1b:1e:95:e7:f8:71:36:e5:9d:b0:91:45:b6:f9:71:
                    91:3a:59:4a:ac:87:7b:44:c2:9b:36:37:10:c1:87:
                    2e:53:3a:13:da:f7:5b:73:91:e4:40:02:b8:cf:62:
                    40:2e:ba:95:a2:45:0a:9a:75:a1:fb:06:11:de:a6:
                    dd:b2:0f:a5:61:7f:bb:af:81:94:44:5f:8c:27:f2:
                    fe:9e:26:e3:51:79:52:f1:da:f6:d2:2e:a4:71:66:
                    0f:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:46:5B:0B:FE:A8:B2:72:75:DE:C0:03:B4:63:E9:29:B4:6C:32:86
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hkZbC_6osnJ13sADtGPpKbRsMoY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         37:1e:3d:64:65:be:01:16:e6:8e:23:4f:f9:10:be:7e:4e:a8:
         6b:13:64:7c:1d:e9:ba:1a:05:0d:fb:5d:06:86:10:fe:a1:46:
         9f:9c:b5:94:a8:02:9e:ab:df:dc:f2:71:29:6e:70:d8:d9:a5:
         77:6e:f8:1c:cb:ff:c6:20:06:ae:a2:9f:74:60:41:bd:47:f3:
         dc:4c:1c:74:7d:2e:50:46:56:aa:3e:c8:c1:be:2a:cb:f8:63:
         43:90:1f:5f:12:d3:a2:a6:1d:ed:fb:e7:27:01:02:9d:81:80:
         96:57:d4:7f:ff:70:ea:ba:a1:16:6b:a1:d4:88:14:5a:a6:04:
         ca:81:fb:29:b3:6a:d9:13:0c:53:cd:92:5d:69:fb:60:20:ac:
         63:73:66:02:2e:e7:0b:88:33:9e:48:eb:2d:4d:48:6a:a6:c0:
         ba:0f:14:43:26:fa:36:9c:86:11:f8:e0:93:a9:67:b7:bb:05:
         f3:fa:bf:24:7f:bf:1c:f5:c8:84:ff:cb:50:66:98:5e:71:1b:
         f9:fe:5a:e6:66:69:5a:8a:bf:bf:21:fd:d0:e8:06:fe:5a:04:
         ef:a0:d2:69:88:aa:d6:f3:8a:89:f4:fc:7c:ed:71:4b:9e:ea:
         24:5b:be:dd:3f:bb:ae:eb:13:05:90:b6:a0:72:a5:23:1e:b2:
         c2:37:c3:9f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYeX7Aqplz8+YVo8Xtp5HSU4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDE5MDUxMDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjQ2NWIwYmZlYThiMjcyNzVkZWMwMDNiNDYzZTkyOWI0NmMzMjg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh9KmrFUOZ9gVQJv18rrh9t/XLxRu
AJ9qFrkpVYwtL2lx/RSseTz2FI5N01A6v8DVkrBLqugkqJvbUl8f3E3xS3vndfJV
HGDuJLDQM2Gl1/sh5h5Z6pFYbNMy9ztiibSyYfd41Ofor3N7gTcWf/7V4hfCqgXC
Kix/saBoSbDQ+nDM9YxxRVfX3YoFJkPk9FjHWTPwwgV4t7zDmlwTeMLjsAzcQvEb
HpXn+HE25Z2wkUW2+XGROllKrId7RMKbNjcQwYcuUzoT2vdbc5HkQAK4z2JALrqV
okUKmnWh+wYR3qbdsg+lYX+7r4GURF+MJ/L+nibjUXlS8dr20i6kcWYPCwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIZGWwv+qLJydd7AA7Rj6Sm0bDKGMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvaGtaYkNfNm9zbkoxM3NBRHRHUHBLYlJzTW9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADcePWRlvgEW5o4jT/kQ
vn5OqGsTZHwd6boaBQ37XQaGEP6hRp+ctZSoAp6r39zycSlucNjZpXdu+BzL/8Yg
Bq6in3RgQb1H89xMHHR9LlBGVqo+yMG+Ksv4Y0OQH18S06KmHe375ycBAp2BgJZX
1H//cOq6oRZrodSIFFqmBMqB+ymzatkTDFPNkl1p+2AgrGNzZgIu5wuIM55I6y1N
SGqmwLoPFEMm+jachhH44JOpZ7e7BfP6vyR/vxz1yIT/y1BmmF5xG/n+WuZmaVqK
v78h/dDoBv5aBO+g0mmIqtbzion0/HztcUue6iRbvt0/u67rEwWQtqBypSMessI3
w58=
-----END CERTIFICATE-----