Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/igX0wN4oghdn8k3zUbkA3rbcdZo.roa
File:                     igX0wN4oghdn8k3zUbkA3rbcdZo.roa (raw, json)
Hash identifier:          LOcYwYpBywq2UM2IfRbhL9V92GgGq2bbBjIxpLdAElk=
Subject key identifier:   8A:05:F4:C0:DE:28:82:17:67:F2:4D:F3:51:B9:00:DE:B6:DC:75:9A
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186D021ADCE3A72E3FC004B436FCF4A9DCD
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/igX0wN4oghdn8k3zUbkA3rbcdZo.roa
Signing time:             Sat 11 Mar 2023 10:05:13 +0000
ROA not before:           Sat 11 Mar 2023 10:05:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
                          2001:67c:64:ffff:0:186:d020:c4ac/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:d0:21:ad:ce:3a:72:e3:fc:00:4b:43:6f:cf:4a:9d:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 11 10:05:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8a05f4c0de28821767f24df351b900deb6dc759a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:cc:0f:36:71:42:c2:32:18:0f:c4:8b:35:9a:
                    fa:16:ed:a9:77:ed:7d:8f:62:59:47:52:66:17:6b:
                    74:f6:ce:51:fa:43:e6:98:54:78:8c:f4:cd:cd:39:
                    71:1b:90:69:6f:1e:29:d3:ec:47:a2:77:0f:53:e4:
                    8a:17:48:6e:eb:3d:0b:17:37:76:28:1e:65:31:8a:
                    44:6a:a4:a3:15:0d:3a:e9:9d:34:19:51:eb:e8:5e:
                    ec:fa:b1:b3:5d:82:0e:19:3a:16:0b:be:61:89:a1:
                    a2:3e:d2:1f:70:2c:dd:91:92:95:6c:4f:fa:fd:95:
                    8f:a0:b7:3c:cc:d1:de:72:69:17:ea:12:f2:5c:f1:
                    f4:c6:ba:f8:f7:1f:9d:cd:33:0e:83:01:00:9c:22:
                    6e:f9:a3:47:88:01:07:df:78:06:e6:c1:15:89:4f:
                    d0:28:a3:97:c2:5c:46:11:0a:a3:61:91:72:2b:02:
                    73:88:b3:3e:78:38:1b:5a:b0:96:41:08:77:21:89:
                    fe:ac:87:5d:bf:c5:c9:42:6b:12:fa:a5:8e:3b:4c:
                    2a:a3:a9:a6:ac:28:82:a9:57:6c:b3:f9:6f:53:de:
                    f0:e4:a0:8e:bc:e4:63:31:d9:7d:3e:4c:20:5a:30:
                    c0:16:f9:7b:48:e4:78:df:d1:cc:ab:e2:57:17:a4:
                    f4:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:05:F4:C0:DE:28:82:17:67:F2:4D:F3:51:B9:00:DE:B6:DC:75:9A
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/igX0wN4oghdn8k3zUbkA3rbcdZo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         19:2a:65:ce:35:43:0d:6d:a8:03:0d:9d:a0:42:77:c0:6b:08:
         77:38:96:92:65:f0:70:d3:7a:3c:c9:a6:e6:79:13:c1:23:34:
         8a:0e:b8:2b:b7:d3:49:1c:b3:81:e5:9c:2e:e3:15:05:ca:d3:
         73:41:28:77:62:1e:e2:bd:fd:c3:62:c6:e0:ef:99:2c:f8:e6:
         99:b2:d5:91:c0:82:1d:5c:e1:3e:dc:5f:13:44:44:32:d0:3f:
         81:e2:c5:e1:bd:49:35:e4:07:ce:b5:68:b4:27:ab:26:97:6e:
         86:b3:16:a9:3b:65:ff:9f:9b:1f:c4:0a:75:ad:06:9f:8a:1d:
         7b:01:5b:cf:68:63:cb:b2:d3:15:21:cf:cf:ea:20:62:a1:a3:
         be:23:c0:de:9d:2a:00:42:dc:95:ff:6b:d6:f9:a4:ed:0e:65:
         fe:aa:07:77:f6:68:95:e2:b1:c5:c3:b4:0a:5d:71:32:01:6c:
         b3:f2:fb:37:ba:d0:7c:7a:ef:cc:9b:b2:e0:1f:8f:48:01:b4:
         a9:2b:db:ad:dd:7b:c7:5e:30:8a:26:6a:06:6a:2e:af:2c:7b:
         da:d2:f4:6c:7a:a5:03:c1:49:09:f2:a3:0a:c1:0a:a5:69:78:
         d1:93:a6:45:08:88:f3:08:a0:43:37:ae:04:2b:40:09:78:dc:
         d2:f8:42:e7
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbQIa3OOnLj/ABLQ2/PSp3NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzExMTAwNTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTA1ZjRjMGRlMjg4MjE3NjdmMjRkZjM1MWI5MDBkZWI2ZGM3NTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmcwPNnFCwjIYD8SLNZr6Fu2pd+19
j2JZR1JmF2t09s5R+kPmmFR4jPTNzTlxG5Bpbx4p0+xHoncPU+SKF0hu6z0LFzd2
KB5lMYpEaqSjFQ066Z00GVHr6F7s+rGzXYIOGToWC75hiaGiPtIfcCzdkZKVbE/6
/ZWPoLc8zNHecmkX6hLyXPH0xrr49x+dzTMOgwEAnCJu+aNHiAEH33gG5sEViU/Q
KKOXwlxGEQqjYZFyKwJziLM+eDgbWrCWQQh3IYn+rIddv8XJQmsS+qWOO0wqo6mm
rCiCqVdss/lvU97w5KCOvORjMdl9PkwgWjDAFvl7SOR439HMq+JXF6T0qQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIoF9MDeKIIXZ/JN81G5AN623HWaMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvaWdYMHdONG9naGRuOGszelVia0EzcmJjZFpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABkqZc41Qw1tqAMNnaBC
d8BrCHc4lpJl8HDTejzJpuZ5E8EjNIoOuCu300kcs4HlnC7jFQXK03NBKHdiHuK9
/cNixuDvmSz45pmy1ZHAgh1c4T7cXxNERDLQP4HixeG9STXkB861aLQnqyaXboaz
Fqk7Zf+fmx/ECnWtBp+KHXsBW89oY8uy0xUhz8/qIGKho74jwN6dKgBC3JX/a9b5
pO0OZf6qB3f2aJXiscXDtApdcTIBbLPy+ze60Hx678ybsuAfj0gBtKkr263de8de
MIomagZqLq8se9rS9Gx6pQPBSQnyowrBCqVpeNGTpkUIiPMIoEM3rgQrQAl43NL4
Quc=
-----END CERTIFICATE-----