Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ior1p2ZkJ_brnmXNbdiUAHfXcyQ.roa
File:                     ior1p2ZkJ_brnmXNbdiUAHfXcyQ.roa (raw, json)
Hash identifier:          qBBfDTl8ZHxexKt/0NoLZ/Zr/Y3RpuYJutIFiWTmw4w=
Subject key identifier:   8A:8A:F5:A7:66:64:27:F6:EB:9E:65:CD:6D:D8:94:00:77:D7:73:24
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187F9C711432F43C6E25BDDC2BD289AD9F6
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ior1p2ZkJ_brnmXNbdiUAHfXcyQ.roa
Signing time:             Mon 08 May 2023 05:13:05 +0000
ROA not before:           Mon 08 May 2023 05:13:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:f9:c7:11:43:2f:43:c6:e2:5b:dd:c2:bd:28:9a:d9:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  8 05:13:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8a8af5a7666427f6eb9e65cd6dd8940077d77324
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:c5:bd:d1:1b:41:03:fb:70:2b:f0:e9:30:5d:
                    be:8e:76:98:6f:a7:15:d4:44:75:b4:6f:00:cc:3f:
                    f5:d7:02:7c:84:ba:01:7f:4c:02:45:c3:0b:f7:ab:
                    6e:bd:09:41:d5:17:09:6f:78:30:bf:64:31:b8:6c:
                    90:a1:5b:96:1c:68:95:3f:08:20:8a:3f:4e:4b:96:
                    99:3d:68:0b:d8:3b:3e:89:3f:94:dc:fa:23:95:48:
                    07:a0:9b:6f:b1:61:43:8d:9d:c2:b8:ec:4d:83:12:
                    7f:a0:1f:22:60:c5:3c:73:0a:bf:bc:4c:fd:0a:34:
                    f1:50:3d:71:4c:20:c3:c7:22:4d:53:c0:98:f0:8a:
                    db:f6:aa:f9:0c:55:c5:f6:f1:d7:38:6b:eb:8b:1a:
                    60:6c:da:6e:13:8f:bb:71:b5:48:52:09:64:2b:a2:
                    37:ed:be:b7:95:42:3b:de:94:ce:e8:6f:0a:eb:a3:
                    2e:91:e9:bb:c4:58:7d:36:e1:5b:e4:c4:f7:7e:c5:
                    4a:0e:38:34:11:db:c2:de:6d:25:ed:c1:2b:c2:e5:
                    63:ab:e0:ca:a6:92:0a:2d:26:d8:7e:19:ef:e5:a9:
                    fe:f3:ae:87:74:ac:f3:ed:46:1d:1e:5f:e8:74:16:
                    18:37:14:79:b8:7f:62:bd:3c:1f:e4:b8:e4:90:b1:
                    87:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:8A:F5:A7:66:64:27:F6:EB:9E:65:CD:6D:D8:94:00:77:D7:73:24
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ior1p2ZkJ_brnmXNbdiUAHfXcyQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         25:a9:be:b2:20:8c:16:ec:a8:89:23:35:db:8d:f8:b9:6a:84:
         8f:33:5d:1a:d9:76:48:92:e3:ad:dd:4d:a4:dd:07:a8:18:19:
         9b:18:a9:d0:52:26:1e:ee:32:64:52:75:43:2d:12:3e:c2:fa:
         bd:a2:ae:0f:cd:14:a9:e0:5d:b9:d6:ee:23:29:b7:c2:57:16:
         3e:6d:67:35:a5:7d:ba:99:da:2e:65:a0:c0:6a:9a:2b:2b:f6:
         84:ce:53:5d:af:9e:64:9c:63:84:b4:ed:2a:15:bd:cc:25:54:
         9c:38:8e:89:f6:9f:d7:eb:7d:e3:84:24:7c:af:02:49:a1:e5:
         18:5c:52:2a:82:d6:bb:82:17:fa:5c:06:2b:67:0d:3b:81:21:
         ee:3d:bb:03:23:60:cb:52:57:b1:49:36:f1:d3:7f:e7:ec:1d:
         7f:b5:e0:2a:1f:66:71:ca:37:b8:98:75:1a:37:e6:9b:00:fd:
         c3:ae:23:0f:da:19:da:3f:d7:93:b0:0a:8f:55:8f:28:86:29:
         08:ec:3b:fa:ca:bf:cc:f3:d7:9d:db:af:d3:cf:21:ab:15:31:
         ca:b5:7a:2c:84:16:e0:5f:00:40:23:2e:d5:5e:64:49:52:09:
         eb:f7:b7:7f:ff:9e:4f:e6:cc:6a:ba:f2:5a:8a:c6:21:e8:48:
         6b:a5:b6:80
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYf5xxFDL0PG4lvdwr0omtn2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA4MDUxMzA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YThhZjVhNzY2NjQyN2Y2ZWI5ZTY1Y2Q2ZGQ4OTQwMDc3ZDc3MzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgMW90RtBA/twK/DpMF2+jnaYb6cV
1ER1tG8AzD/11wJ8hLoBf0wCRcML96tuvQlB1RcJb3gwv2QxuGyQoVuWHGiVPwgg
ij9OS5aZPWgL2Ds+iT+U3PojlUgHoJtvsWFDjZ3CuOxNgxJ/oB8iYMU8cwq/vEz9
CjTxUD1xTCDDxyJNU8CY8Irb9qr5DFXF9vHXOGvrixpgbNpuE4+7cbVIUglkK6I3
7b63lUI73pTO6G8K66Mukem7xFh9NuFb5MT3fsVKDjg0EdvC3m0l7cErwuVjq+DK
ppIKLSbYfhnv5an+866HdKzz7UYdHl/odBYYNxR5uH9ivTwf5LjkkLGH1wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIqK9admZCf2655lzW3YlAB313MkMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvaW9yMXAyWmtKX2Jybm1YTmJkaVVBSGZYY3lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACWpvrIgjBbsqIkjNduN
+LlqhI8zXRrZdkiS463dTaTdB6gYGZsYqdBSJh7uMmRSdUMtEj7C+r2irg/NFKng
XbnW7iMpt8JXFj5tZzWlfbqZ2i5loMBqmisr9oTOU12vnmScY4S07SoVvcwlVJw4
jon2n9frfeOEJHyvAkmh5RhcUiqC1ruCF/pcBitnDTuBIe49uwMjYMtSV7FJNvHT
f+fsHX+14CofZnHKN7iYdRo35psA/cOuIw/aGdo/15OwCo9VjyiGKQjsO/rKv8zz
153br9PPIasVMcq1eiyEFuBfAEAjLtVeZElSCev3t3//nk/mzGq68lqKxiHoSGul
toA=
-----END CERTIFICATE-----