Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hzIvayX06Vk5x6EvYIeslEo4Ls8.roa
File:                     hzIvayX06Vk5x6EvYIeslEo4Ls8.roa (raw, json)
Hash identifier:          xXm/tN1+GMhFHK8fc2XOlx5DeVDIJndSMSwoB+j6vGw=
Subject key identifier:   87:32:2F:6B:25:F4:E9:59:39:C7:A1:2F:60:87:AC:94:4A:38:2E:CF
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01877D81F53CC3F8B13C5A865A09BE4F9DC7
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hzIvayX06Vk5x6EvYIeslEo4Ls8.roa
Signing time:             Fri 14 Apr 2023 02:04:41 +0000
ROA not before:           Fri 14 Apr 2023 02:04:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
                          2001:67c:64:ffff:0:187:7d81:98cb/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:7d:81:f5:3c:c3:f8:b1:3c:5a:86:5a:09:be:4f:9d:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 14 02:04:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=87322f6b25f4e95939c7a12f6087ac944a382ecf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:d3:8a:df:91:78:d5:e8:0e:e6:3f:c4:c0:d5:
                    c0:45:fd:dd:94:f7:37:dd:5b:34:54:37:ed:66:bb:
                    05:f5:e5:75:fc:7b:f4:c6:2c:9f:bb:53:07:09:cd:
                    a3:ce:f9:ae:b2:8e:82:ec:86:d3:ea:5f:83:3e:48:
                    e8:78:16:9d:24:0f:82:e3:78:80:3a:17:b1:55:03:
                    6a:8d:ad:c6:bc:61:8f:a4:a9:46:59:38:49:c9:0c:
                    86:e7:07:7b:08:14:fb:d7:d9:6a:a6:01:5c:92:75:
                    20:bb:c6:c5:0c:f8:76:cd:1e:63:4f:03:bb:86:50:
                    32:9a:65:e4:14:63:e9:45:ff:c5:d4:f3:96:ca:55:
                    92:b4:55:8c:4e:1d:9d:79:1d:43:c4:f9:26:95:81:
                    6d:9e:95:fc:67:02:e8:63:d5:0a:90:93:69:64:39:
                    d8:d1:c5:3e:cf:e0:ed:c5:b6:6e:bc:4e:3e:2b:dc:
                    79:e9:88:3e:ab:d8:7c:ba:8f:95:d8:cb:06:63:31:
                    ad:19:6a:b6:25:64:3b:54:ee:68:b4:56:34:5d:8a:
                    ae:c8:38:0e:d9:02:5f:ce:5d:25:26:7e:1c:ca:20:
                    30:dd:3d:2a:34:4e:dc:33:48:ab:cb:28:06:ea:4b:
                    1b:75:91:9d:ae:9b:d9:6e:19:df:02:3e:85:ef:6e:
                    79:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:32:2F:6B:25:F4:E9:59:39:C7:A1:2F:60:87:AC:94:4A:38:2E:CF
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hzIvayX06Vk5x6EvYIeslEo4Ls8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a8:b3:8d:0d:97:28:32:2b:83:4a:da:87:aa:f0:45:6c:eb:0d:
         cd:04:dc:0f:13:d9:fa:cd:f5:a4:ac:64:d4:96:6b:fb:90:a3:
         4c:87:f3:ef:41:ae:f3:85:a3:40:a0:d4:f5:91:bd:3a:5b:36:
         c3:d3:6e:89:66:eb:ec:2c:d3:55:86:d5:79:25:ff:67:32:a0:
         f5:50:60:10:9d:e3:5c:f3:48:a7:b7:be:48:e5:3b:75:41:ef:
         96:34:c5:40:db:69:ef:b2:42:42:47:69:f0:16:8f:37:d9:87:
         e0:2a:a0:a4:4d:ab:ed:28:02:48:62:90:a3:1a:ba:a8:3d:fa:
         0a:10:51:5d:5f:5c:d1:57:f7:87:c4:c6:3c:6a:0e:3a:40:92:
         04:f1:b9:0e:2c:83:d4:d0:47:f8:5a:ae:db:a7:99:44:bf:57:
         6f:cb:a9:0f:33:b8:44:24:71:aa:be:b5:a3:f0:f4:1a:d1:a6:
         ce:2d:8f:ba:8d:31:8a:89:85:57:37:88:06:11:d6:a1:70:07:
         d1:06:4f:84:df:24:ee:68:9e:4d:7a:b5:9d:e6:86:90:93:be:
         d2:4f:4e:7d:d3:aa:d4:a0:f1:55:d0:10:4e:7c:be:3d:73:e2:
         01:df:12:df:41:e2:d3:a6:90:e3:de:17:46:fd:8c:4b:d7:cb:
         cc:97:6d:17
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYd9gfU8w/ixPFqGWgm+T53HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDE0MDIwNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzMyMmY2YjI1ZjRlOTU5MzljN2ExMmY2MDg3YWM5NDRhMzgyZWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNOK35F41egO5j/EwNXARf3dlPc3
3Vs0VDftZrsF9eV1/Hv0xiyfu1MHCc2jzvmuso6C7IbT6l+DPkjoeBadJA+C43iA
OhexVQNqja3GvGGPpKlGWThJyQyG5wd7CBT719lqpgFcknUgu8bFDPh2zR5jTwO7
hlAymmXkFGPpRf/F1POWylWStFWMTh2deR1DxPkmlYFtnpX8ZwLoY9UKkJNpZDnY
0cU+z+DtxbZuvE4+K9x56Yg+q9h8uo+V2MsGYzGtGWq2JWQ7VO5otFY0XYquyDgO
2QJfzl0lJn4cyiAw3T0qNE7cM0iryygG6ksbdZGdrpvZbhnfAj6F72559QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIcyL2sl9OlZOcehL2CHrJRKOC7PMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvaHpJdmF5WDA2Vms1eDZFdllJZXNsRW80THM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKizjQ2XKDIrg0rah6rw
RWzrDc0E3A8T2frN9aSsZNSWa/uQo0yH8+9BrvOFo0Cg1PWRvTpbNsPTbolm6+ws
01WG1Xkl/2cyoPVQYBCd41zzSKe3vkjlO3VB75Y0xUDbae+yQkJHafAWjzfZh+Aq
oKRNq+0oAkhikKMauqg9+goQUV1fXNFX94fExjxqDjpAkgTxuQ4sg9TQR/hartun
mUS/V2/LqQ8zuEQkcaq+taPw9BrRps4tj7qNMYqJhVc3iAYR1qFwB9EGT4TfJO5o
nk16tZ3mhpCTvtJPTn3TqtSg8VXQEE58vj1z4gHfEt9B4tOmkOPeF0b9jEvXy8yX
bRc=
-----END CERTIFICATE-----