Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/iZA4ZqFm_-Jod1Kkw-vBrSM0V-g.roa
File:                     iZA4ZqFm_-Jod1Kkw-vBrSM0V-g.roa (raw, json)
Hash identifier:          jVbwZr+W6rHozmhlG0G+MRkxubbklX8WVNJ/5ZJfHk8=
Subject key identifier:   89:90:38:66:A1:66:FF:E2:68:77:52:A4:C3:EB:C1:AD:23:34:57:E8
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01879749138F0847D5AF378989E9B847A26E
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/iZA4ZqFm_-Jod1Kkw-vBrSM0V-g.roa
Signing time:             Wed 19 Apr 2023 02:12:41 +0000
ROA not before:           Wed 19 Apr 2023 02:12:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:97:49:13:8f:08:47:d5:af:37:89:89:e9:b8:47:a2:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 19 02:12:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=89903866a166ffe2687752a4c3ebc1ad233457e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:53:ae:07:90:c3:77:b2:ed:20:94:99:7e:11:
                    29:b2:51:c8:64:f5:a1:ff:f5:57:ac:c2:cd:a3:e9:
                    e7:fc:9d:b7:42:ba:92:e1:b8:14:48:ba:1b:31:6e:
                    a8:2d:30:01:57:bb:e7:57:8c:46:ae:ea:e5:54:6c:
                    9e:2b:30:0b:3a:da:1c:62:dd:6e:6c:76:64:81:92:
                    5f:f5:65:75:af:bf:a5:25:40:5d:90:5e:5e:76:97:
                    a4:2e:ac:d2:5d:e4:8e:62:e8:f6:bb:0e:ba:35:4a:
                    7d:d9:9d:c5:5f:1a:a8:92:2c:78:0c:99:0c:ca:21:
                    4c:fe:28:61:b8:7c:3b:6d:5f:68:75:20:74:c2:ac:
                    47:b5:e4:b7:8e:6c:18:22:bf:8a:c6:ce:89:af:2c:
                    12:51:87:34:8a:89:76:31:61:8e:bf:cc:80:2d:5d:
                    7c:d4:7a:a0:b5:5a:34:37:92:74:c1:98:61:8e:46:
                    72:85:1f:25:91:d1:88:68:4f:e1:79:9f:bc:6c:e6:
                    8f:28:81:70:be:ff:be:75:50:c3:85:0a:90:9d:a6:
                    57:b5:f3:37:64:8a:56:2d:ad:c4:53:6b:ca:39:d2:
                    86:5d:3c:a7:33:30:5d:ee:e8:3f:6a:3b:8e:ca:94:
                    35:14:6c:3b:83:fb:21:86:61:39:a8:4e:f1:1d:0e:
                    4c:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:90:38:66:A1:66:FF:E2:68:77:52:A4:C3:EB:C1:AD:23:34:57:E8
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/iZA4ZqFm_-Jod1Kkw-vBrSM0V-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         81:21:53:bd:dd:e9:b8:5b:9a:b4:8e:0d:13:83:06:e1:ea:46:
         fb:6a:ba:13:39:e8:d5:f5:5a:75:2d:a2:53:63:f6:f8:f8:73:
         2b:86:b7:1f:1b:fc:46:30:02:ca:83:72:a4:ad:8f:42:c2:cc:
         60:70:b0:32:7e:15:f7:5e:a9:be:10:03:59:37:1f:a7:2c:af:
         f0:13:22:0c:11:e8:1b:d9:e2:4d:ba:70:7b:e0:24:65:d1:98:
         00:6e:87:79:21:5c:62:c7:bb:0d:da:b5:c9:52:c2:9f:4d:6e:
         b9:94:36:fd:d4:fe:8d:01:50:d3:f6:e5:c4:eb:40:45:7c:af:
         a2:0e:4e:87:d4:35:41:d7:47:bc:ab:0e:28:1e:8b:e2:1f:62:
         25:ea:d2:91:02:37:24:75:19:35:c1:31:96:ce:eb:44:4c:57:
         4c:68:82:cb:f3:d2:ab:3b:f3:a0:88:41:a3:58:bb:b2:09:84:
         92:81:5c:ff:7d:fd:ce:67:e7:45:7d:ad:36:71:35:21:11:52:
         33:80:96:ba:de:8d:66:b1:ba:91:c3:a8:29:72:a0:1c:a3:1b:
         c9:6e:17:1a:19:16:ed:aa:28:ac:9d:9e:2a:1b:3e:4f:ea:94:
         26:c5:92:e1:29:bd:d4:e8:f8:f3:f4:f4:f1:33:d1:79:5c:15:
         1c:12:e3:b1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYeXSROPCEfVrzeJiem4R6JuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDE5MDIxMjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTkwMzg2NmExNjZmZmUyNjg3NzUyYTRjM2ViYzFhZDIzMzQ1N2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmVOuB5DDd7LtIJSZfhEpslHIZPWh
//VXrMLNo+nn/J23QrqS4bgUSLobMW6oLTABV7vnV4xGrurlVGyeKzALOtocYt1u
bHZkgZJf9WV1r7+lJUBdkF5edpekLqzSXeSOYuj2uw66NUp92Z3FXxqokix4DJkM
yiFM/ihhuHw7bV9odSB0wqxHteS3jmwYIr+Kxs6JrywSUYc0iol2MWGOv8yALV18
1HqgtVo0N5J0wZhhjkZyhR8lkdGIaE/heZ+8bOaPKIFwvv++dVDDhQqQnaZXtfM3
ZIpWLa3EU2vKOdKGXTynMzBd7ug/ajuOypQ1FGw7g/shhmE5qE7xHQ5MXwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFImQOGahZv/iaHdSpMPrwa0jNFfoMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvaVpBNFpxRm1fLUpvZDFLa3ctdkJyU00wVi1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIEhU73d6bhbmrSODROD
BuHqRvtquhM56NX1WnUtolNj9vj4cyuGtx8b/EYwAsqDcqStj0LCzGBwsDJ+Ffde
qb4QA1k3H6csr/ATIgwR6BvZ4k26cHvgJGXRmABuh3khXGLHuw3atclSwp9NbrmU
Nv3U/o0BUNP25cTrQEV8r6IOTofUNUHXR7yrDigei+IfYiXq0pECNyR1GTXBMZbO
60RMV0xogsvz0qs786CIQaNYu7IJhJKBXP99/c5n50V9rTZxNSERUjOAlrrejWax
upHDqClyoByjG8luFxoZFu2qKKydniobPk/qlCbFkuEpvdTo+PP09PEz0XlcFRwS
47E=
-----END CERTIFICATE-----