Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/i0tV41FPidN66X1ITnU8N3gAjP0.roa
File:                     i0tV41FPidN66X1ITnU8N3gAjP0.roa (raw, json)
Hash identifier:          YBEDn5kmr72Gzkc2HVFu1y9DP1Y/OvKw435GTBra2wU=
Subject key identifier:   8B:4B:55:E3:51:4F:89:D3:7A:E9:7D:48:4E:75:3C:37:78:00:8C:FD
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186DD4296E973CC5A197BCCB3969865F200
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/i0tV41FPidN66X1ITnU8N3gAjP0.roa
Signing time:             Mon 13 Mar 2023 23:16:14 +0000
ROA not before:           Mon 13 Mar 2023 23:16:14 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:dd:42:96:e9:73:cc:5a:19:7b:cc:b3:96:98:65:f2:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 13 23:16:14 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8b4b55e3514f89d37ae97d484e753c3778008cfd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:f4:cc:33:39:5d:b3:d2:85:65:23:37:05:cf:
                    f0:e9:01:e3:ca:64:35:57:ff:f6:f6:78:2d:fe:3c:
                    9e:1a:e1:c4:a6:01:9c:f4:87:fa:a4:04:d8:1e:cd:
                    16:ea:19:27:9e:9b:76:3d:28:5a:2c:85:48:95:00:
                    9a:28:f9:a9:39:ac:00:15:0b:38:fd:2f:7f:de:de:
                    4e:38:7c:af:fb:2d:4c:f5:71:79:98:46:6e:94:28:
                    63:ee:a8:e8:28:ff:30:23:11:25:b8:a7:e9:3c:fa:
                    2f:11:dd:f6:e3:75:8d:20:25:ab:d1:f4:11:e6:34:
                    1e:96:13:e8:aa:58:d3:1a:6f:ad:61:a5:1a:9e:24:
                    4c:9e:6c:c9:84:41:fd:ed:a0:3c:d9:e5:3a:f5:a2:
                    b5:49:22:f5:72:3e:9a:53:02:23:d9:ea:1b:61:33:
                    9f:c1:26:12:cd:e1:74:fc:1e:3a:43:4f:ed:b6:82:
                    3c:92:f2:dc:e8:69:ac:9d:24:6c:5d:69:7d:71:2b:
                    2e:13:27:9c:33:10:86:e3:2c:32:1d:63:70:09:85:
                    c0:f2:e4:90:3c:42:63:1d:cc:39:1e:8e:88:36:0f:
                    1e:36:90:f6:98:38:31:23:1e:49:3b:ee:66:ef:8c:
                    bc:eb:95:f5:60:ab:e0:1f:c9:af:da:29:bf:5e:eb:
                    41:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:4B:55:E3:51:4F:89:D3:7A:E9:7D:48:4E:75:3C:37:78:00:8C:FD
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/i0tV41FPidN66X1ITnU8N3gAjP0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         24:9a:aa:f1:21:fc:42:72:d9:2a:73:ee:d0:d2:12:61:cb:79:
         e3:f8:21:2c:12:cb:1e:f4:ef:e1:a7:88:f6:e3:b4:83:56:02:
         2d:c3:45:92:2c:ef:c2:c5:60:4a:eb:4c:b5:c9:41:6b:e3:e8:
         9a:4a:82:44:c7:f9:87:2a:89:73:20:5c:fc:f0:da:51:d7:f3:
         f6:0a:7a:f7:c2:eb:4b:d7:34:84:01:ed:ba:ec:8a:1a:9e:e5:
         e5:17:0c:5c:1d:bd:cf:5b:23:ef:82:0d:48:4f:5f:cc:de:45:
         f7:81:ba:4d:38:43:25:8f:80:71:7f:78:9e:0e:49:a9:4d:33:
         55:0d:b0:12:bc:e4:eb:be:67:e6:5e:3a:28:fe:5e:de:57:fb:
         bd:a6:68:75:74:35:c5:6d:c4:16:f4:92:f7:7c:2f:c3:bc:af:
         a0:c9:e6:a8:b3:ae:67:05:1f:cf:f9:62:7c:e4:67:37:fb:73:
         22:bc:33:61:d6:18:2d:2c:8f:e9:27:c0:0d:1a:c9:19:0e:62:
         4f:28:a0:03:7e:75:67:d2:f7:f4:85:30:0a:d5:08:04:7e:d8:
         40:9b:f7:08:c0:2b:63:46:e0:1a:da:92:10:03:8c:96:97:67:
         9a:f5:e6:79:9c:72:d9:56:b1:dd:1c:b0:8c:f1:69:a1:98:21:
         f8:c7:2b:e4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbdQpbpc8xaGXvMs5aYZfIAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzEzMjMxNjE0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjRiNTVlMzUxNGY4OWQzN2FlOTdkNDg0ZTc1M2MzNzc4MDA4Y2ZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/TMMzlds9KFZSM3Bc/w6QHjymQ1
V//29ngt/jyeGuHEpgGc9If6pATYHs0W6hknnpt2PShaLIVIlQCaKPmpOawAFQs4
/S9/3t5OOHyv+y1M9XF5mEZulChj7qjoKP8wIxEluKfpPPovEd3243WNICWr0fQR
5jQelhPoqljTGm+tYaUaniRMnmzJhEH97aA82eU69aK1SSL1cj6aUwIj2eobYTOf
wSYSzeF0/B46Q0/ttoI8kvLc6GmsnSRsXWl9cSsuEyecMxCG4ywyHWNwCYXA8uSQ
PEJjHcw5Ho6INg8eNpD2mDgxIx5JO+5m74y865X1YKvgH8mv2im/XutBnQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFItLVeNRT4nTeul9SE51PDd4AIz9MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvaTB0VjQxRlBpZE42NlgxSVRuVThOM2dBalAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACSaqvEh/EJy2Spz7tDS
EmHLeeP4ISwSyx707+GniPbjtINWAi3DRZIs78LFYErrTLXJQWvj6JpKgkTH+Ycq
iXMgXPzw2lHX8/YKevfC60vXNIQB7brsihqe5eUXDFwdvc9bI++CDUhPX8zeRfeB
uk04QyWPgHF/eJ4OSalNM1UNsBK85Ou+Z+ZeOij+Xt5X+72maHV0NcVtxBb0kvd8
L8O8r6DJ5qizrmcFH8/5YnzkZzf7cyK8M2HWGC0sj+knwA0ayRkOYk8ooAN+dWfS
9/SFMArVCAR+2ECb9wjAK2NG4BrakhADjJaXZ5r15nmcctlWsd0csIzxaaGYIfjH
K+Q=
-----END CERTIFICATE-----