Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ihrFap59oRl_dGoz4ROvF49io_U.roa
File:                     ihrFap59oRl_dGoz4ROvF49io_U.roa (raw, json)
Hash identifier:          fc6TMXyfjkvPjmW5LKgb3iaqEwzaEwvi6WD93HP9zmg=
Subject key identifier:   8A:1A:C5:6A:9E:7D:A1:19:7F:74:6A:33:E1:13:AF:17:8F:62:A3:F5
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01874B52900EBC8F5024E85143126A361841
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ihrFap59oRl_dGoz4ROvF49io_U.roa
Signing time:             Tue 04 Apr 2023 08:11:54 +0000
ROA not before:           Tue 04 Apr 2023 08:11:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:4b:52:90:0e:bc:8f:50:24:e8:51:43:12:6a:36:18:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  4 08:11:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8a1ac56a9e7da1197f746a33e113af178f62a3f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:e7:1e:5b:71:f4:3b:a7:22:3b:68:c0:b8:ee:
                    85:29:6d:df:df:96:8e:d0:99:91:aa:a5:90:2f:c5:
                    e2:b3:57:8b:19:65:20:e8:bb:74:76:1e:4d:2d:6f:
                    d0:85:94:11:32:07:9d:28:a4:98:51:11:f5:eb:e2:
                    02:98:8e:fd:10:8c:e3:3f:0a:99:62:c6:86:1a:67:
                    0c:60:0e:b3:7a:84:da:4f:e1:37:06:1d:cf:8b:d0:
                    42:d1:13:ce:39:f0:0b:64:bf:6e:3f:b2:53:f7:e5:
                    2b:a0:ad:f0:ed:c5:c7:c6:94:e9:2b:15:25:e2:a4:
                    12:15:61:e5:de:4c:88:54:ae:d2:2d:96:e2:5f:e1:
                    68:89:97:93:83:19:7c:b8:e8:35:aa:b7:be:79:74:
                    23:39:b4:7d:1f:15:7e:a7:98:3f:64:6d:6d:1d:94:
                    c6:a1:78:60:f8:af:b0:4d:8f:cc:7e:43:01:ce:e9:
                    ad:8e:e1:82:ac:37:8b:dd:1d:48:68:64:29:46:cd:
                    b6:be:60:78:b7:02:2e:b4:a9:31:c2:de:36:66:b8:
                    86:eb:21:e9:e9:7f:5f:58:61:3b:3b:92:87:3c:71:
                    29:93:46:3d:f1:60:08:6b:70:d4:6e:c0:c3:b9:8f:
                    5f:80:d2:f6:ad:99:a2:aa:52:0d:01:69:b1:d0:66:
                    dd:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:1A:C5:6A:9E:7D:A1:19:7F:74:6A:33:E1:13:AF:17:8F:62:A3:F5
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ihrFap59oRl_dGoz4ROvF49io_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         17:dc:75:96:a3:c3:d8:35:bc:45:b5:d5:59:11:d3:fd:f1:c8:
         d3:69:db:dd:ba:79:48:88:34:09:a4:c2:8d:56:13:a6:ed:a6:
         df:aa:7a:46:51:72:89:13:ca:0a:a8:c1:c0:24:07:45:fb:ea:
         fb:c2:44:c6:0a:c0:29:74:8a:bd:09:29:92:02:2c:d1:ca:d8:
         3e:94:59:e9:d7:b7:2d:0a:55:cf:de:b3:23:0c:b1:44:45:81:
         ec:52:8d:81:27:1a:36:40:53:9f:8f:14:1e:f5:d5:ab:5f:4c:
         0d:ad:1a:d7:e1:08:8e:ee:fa:a2:7f:bc:85:13:57:f1:f6:42:
         1e:58:10:a7:99:ec:8a:7c:72:c7:2e:9e:51:fb:5a:e9:7b:ba:
         54:fd:09:19:9f:f2:15:66:77:7d:05:e9:13:7c:4c:5b:73:83:
         be:5e:39:df:07:af:a6:ec:d0:9a:91:e4:68:4d:5e:c8:22:5b:
         40:7b:dc:2b:ab:d0:23:f3:10:a6:5f:da:5c:30:97:74:7f:c5:
         5d:1d:58:f4:d8:f9:06:bf:84:cd:e9:cb:b1:3a:fb:f7:00:dd:
         4d:0f:19:64:57:07:f1:40:a4:9b:1a:aa:e4:de:1a:c3:cb:1c:
         b2:cc:3b:2a:30:2a:d1:44:c9:ad:07:bc:30:d4:f3:50:37:dc:
         62:96:a5:68
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdLUpAOvI9QJOhRQxJqNhhBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDA0MDgxMTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTFhYzU2YTllN2RhMTE5N2Y3NDZhMzNlMTEzYWYxNzhmNjJhM2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApeceW3H0O6ciO2jAuO6FKW3f35aO
0JmRqqWQL8Xis1eLGWUg6Lt0dh5NLW/QhZQRMgedKKSYURH16+ICmI79EIzjPwqZ
YsaGGmcMYA6zeoTaT+E3Bh3Pi9BC0RPOOfALZL9uP7JT9+UroK3w7cXHxpTpKxUl
4qQSFWHl3kyIVK7SLZbiX+FoiZeTgxl8uOg1qre+eXQjObR9HxV+p5g/ZG1tHZTG
oXhg+K+wTY/MfkMBzumtjuGCrDeL3R1IaGQpRs22vmB4twIutKkxwt42ZriG6yHp
6X9fWGE7O5KHPHEpk0Y98WAIa3DUbsDDuY9fgNL2rZmiqlINAWmx0GbdeQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIoaxWqefaEZf3RqM+ETrxePYqP1MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvaWhyRmFwNTlvUmxfZEdvejRST3ZGNDlpb19VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABfcdZajw9g1vEW11VkR
0/3xyNNp2926eUiINAmkwo1WE6btpt+qekZRcokTygqowcAkB0X76vvCRMYKwCl0
ir0JKZICLNHK2D6UWenXty0KVc/esyMMsURFgexSjYEnGjZAU5+PFB711atfTA2t
GtfhCI7u+qJ/vIUTV/H2Qh5YEKeZ7Ip8cscunlH7Wul7ulT9CRmf8hVmd30F6RN8
TFtzg75eOd8Hr6bs0JqR5GhNXsgiW0B73Cur0CPzEKZf2lwwl3R/xV0dWPTY+Qa/
hM3py7E6+/cA3U0PGWRXB/FApJsaquTeGsPLHLLMOyowKtFEya0HvDDU81A33GKW
pWg=
-----END CERTIFICATE-----