Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/i2vdKQbgolvolNnScd4ntsDwKIE.roa
File:                     i2vdKQbgolvolNnScd4ntsDwKIE.roa (raw, json)
Hash identifier:          SLw7kSYNjuFKgTu/MKYxv3klJq56cSvTiOWLfjoR5Ak=
Subject key identifier:   8B:6B:DD:29:06:E0:A2:5B:E8:94:D9:D2:71:DE:27:B6:C0:F0:28:81
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01873CEBBADD1A49E7F41A8683AABD92ED82
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/i2vdKQbgolvolNnScd4ntsDwKIE.roa
Signing time:             Sat 01 Apr 2023 13:04:54 +0000
ROA not before:           Sat 01 Apr 2023 13:04:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:3ceb:12c0/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:3c:eb:ba:dd:1a:49:e7:f4:1a:86:83:aa:bd:92:ed:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  1 13:04:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8b6bdd2906e0a25be894d9d271de27b6c0f02881
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:1e:7e:95:2b:0c:f6:96:80:d0:dd:9e:ac:bf:
                    63:de:25:7d:28:cf:9c:ef:86:42:fb:3f:90:e8:f7:
                    01:8a:92:06:f3:37:c7:65:df:4b:db:6e:1c:72:c5:
                    f6:3e:b1:96:d2:f6:b5:57:ed:fc:fd:a0:1b:a3:7a:
                    80:4e:48:50:83:55:ae:55:3d:4e:18:03:31:1d:a0:
                    74:cf:7d:ed:1a:b8:65:c4:34:4c:e8:89:52:9e:d3:
                    c1:84:89:01:b8:62:ca:23:6d:85:60:4b:a1:94:f3:
                    43:64:99:17:d9:97:60:54:5e:b7:48:91:69:a4:57:
                    36:c6:07:78:a1:39:9d:a9:93:a9:6c:bf:8e:8a:72:
                    aa:4b:7a:49:d0:b0:72:e8:ed:e2:e9:bc:22:71:29:
                    f9:38:54:98:e6:65:b9:1d:e9:2d:a3:01:43:64:bc:
                    5b:d3:10:63:50:63:fc:ff:48:c9:68:38:18:bd:f5:
                    18:f2:98:8d:3c:31:d3:e2:c1:54:1a:57:f6:f6:13:
                    15:94:7a:cd:a7:aa:8e:51:df:53:38:b8:ae:a7:3a:
                    ef:f6:d0:9a:41:5e:63:84:55:4d:e1:e1:51:92:bd:
                    04:19:fc:dd:b9:78:4f:93:77:60:09:d6:b5:a9:5e:
                    ab:fa:1e:6b:e4:f9:cf:55:4f:36:4a:fd:6b:b6:60:
                    20:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:6B:DD:29:06:E0:A2:5B:E8:94:D9:D2:71:DE:27:B6:C0:F0:28:81
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/i2vdKQbgolvolNnScd4ntsDwKIE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         3b:48:2d:bf:aa:ea:d7:0c:ef:66:47:3f:73:4f:6c:15:e5:99:
         f2:7b:c3:fc:86:d3:a7:fa:d3:e5:28:6a:f2:96:c5:83:35:55:
         cc:07:39:2e:5b:d6:ab:5e:73:a6:26:39:f8:02:57:cf:9a:69:
         69:b9:89:64:e6:18:c9:fd:c8:fc:6d:8d:0b:30:47:30:27:61:
         57:ef:9f:8c:38:c4:d5:08:3e:9c:c5:e1:35:96:21:ef:9b:84:
         01:f3:59:bc:d1:83:9c:25:13:f0:b5:34:f5:92:b3:59:dc:bc:
         9e:87:e6:d9:f3:8b:e2:4e:d5:39:84:56:79:d6:4a:76:e7:73:
         d1:a8:de:db:21:70:3a:01:13:f8:9e:1d:1a:9d:60:6a:77:67:
         75:06:12:40:19:92:86:dd:6b:e7:91:bb:58:9e:da:55:05:99:
         08:c7:b7:2c:8c:01:0c:d4:77:66:05:3c:ef:4f:cc:4a:41:b0:
         de:69:d3:9d:38:7d:94:cd:41:c2:58:fb:b6:40:9e:fd:0b:e8:
         02:74:14:58:d3:17:ab:cd:43:0c:2d:5d:15:48:60:6a:7f:77:
         55:0c:a2:9c:53:a1:e8:16:50:42:f3:d7:89:aa:7c:89:6f:63:
         c9:ad:51:27:fb:a0:3e:cb:b5:1f:78:f0:d8:de:c8:4a:cd:d6:
         e3:82:9f:6c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYc867rdGknn9BqGg6q9ku2CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDAxMTMwNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjZiZGQyOTA2ZTBhMjViZTg5NGQ5ZDI3MWRlMjdiNmMwZjAyODgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxh5+lSsM9paA0N2erL9j3iV9KM+c
74ZC+z+Q6PcBipIG8zfHZd9L224ccsX2PrGW0va1V+38/aAbo3qATkhQg1WuVT1O
GAMxHaB0z33tGrhlxDRM6IlSntPBhIkBuGLKI22FYEuhlPNDZJkX2ZdgVF63SJFp
pFc2xgd4oTmdqZOpbL+OinKqS3pJ0LBy6O3i6bwicSn5OFSY5mW5HektowFDZLxb
0xBjUGP8/0jJaDgYvfUY8piNPDHT4sFUGlf29hMVlHrNp6qOUd9TOLiupzrv9tCa
QV5jhFVN4eFRkr0EGfzduXhPk3dgCda1qV6r+h5r5PnPVU82Sv1rtmAgRQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFItr3SkG4KJb6JTZ0nHeJ7bA8CiBMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvaTJ2ZEtRYmdvbHZvbE5uU2NkNG50c0R3S0lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADtILb+q6tcM72ZHP3NP
bBXlmfJ7w/yG06f60+UoavKWxYM1VcwHOS5b1qtec6YmOfgCV8+aaWm5iWTmGMn9
yPxtjQswRzAnYVfvn4w4xNUIPpzF4TWWIe+bhAHzWbzRg5wlE/C1NPWSs1ncvJ6H
5tnzi+JO1TmEVnnWSnbnc9Go3tshcDoBE/ieHRqdYGp3Z3UGEkAZkobda+eRu1ie
2lUFmQjHtyyMAQzUd2YFPO9PzEpBsN5p0504fZTNQcJY+7ZAnv0L6AJ0FFjTF6vN
QwwtXRVIYGp/d1UMopxToegWUELz14mqfIlvY8mtUSf7oD7LtR948NjeyErN1uOC
n2w=
-----END CERTIFICATE-----