Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ipaFAaQ2M1MAof8JPSm1bk9rS6k.roa
File:                     ipaFAaQ2M1MAof8JPSm1bk9rS6k.roa (raw, json)
Hash identifier:          9y4vOWdjsM4XaVMy3Mr+u0N4MtALzRSOoduhniX5Tls=
Subject key identifier:   8A:96:85:01:A4:36:33:53:00:A1:FF:09:3D:29:B5:6E:4F:6B:4B:A9
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187379A5729A6D80B6234846BC8EE0867ED
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ipaFAaQ2M1MAof8JPSm1bk9rS6k.roa
Signing time:             Fri 31 Mar 2023 12:17:54 +0000
ROA not before:           Fri 31 Mar 2023 12:17:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:37:9a:57:29:a6:d8:0b:62:34:84:6b:c8:ee:08:67:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 31 12:17:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8a968501a436335300a1ff093d29b56e4f6b4ba9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:50:f5:50:9f:10:50:a3:d2:41:40:f9:a1:6d:
                    86:66:3c:f5:6c:b6:c9:3f:26:83:2d:be:ee:dc:29:
                    24:4c:ee:29:5f:af:b9:b2:05:71:3d:eb:54:98:7d:
                    65:1a:b6:0a:2e:f2:ca:79:17:0a:7a:e4:94:6d:bc:
                    7c:3a:8b:ba:01:d8:de:1b:f9:9b:b3:d9:5b:43:d0:
                    bd:1d:01:7b:b8:2a:ab:e6:b2:bd:d0:3f:3f:a0:33:
                    ae:9c:c0:d9:63:8c:45:27:69:2b:11:8a:da:a1:ff:
                    84:47:62:8e:21:f4:55:50:6d:b0:55:e5:67:40:39:
                    8b:f6:f3:e0:a8:8f:3c:f4:c6:1d:f8:8f:b3:a5:4a:
                    1c:2b:48:db:69:92:84:7d:e2:93:1a:24:33:15:9d:
                    b6:ba:ef:b0:dd:59:31:37:72:07:22:b5:58:47:0c:
                    0d:70:a2:de:c0:a1:a9:a1:52:ad:2f:2f:ed:5a:b6:
                    33:9d:6d:6a:2c:9b:b3:7c:a0:30:a0:02:7a:65:f0:
                    dc:e7:10:80:b6:59:27:9f:46:20:47:0b:04:78:aa:
                    ba:ab:9a:69:5a:7d:34:67:01:05:84:ca:be:1d:5d:
                    34:4c:0d:7e:55:ee:18:fb:46:47:ad:4d:df:cb:a0:
                    62:09:87:0f:48:42:51:41:5b:87:76:4a:40:37:75:
                    91:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:96:85:01:A4:36:33:53:00:A1:FF:09:3D:29:B5:6E:4F:6B:4B:A9
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ipaFAaQ2M1MAof8JPSm1bk9rS6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         92:4c:aa:69:43:13:54:e8:a3:c1:45:b8:ab:34:5b:56:b2:ce:
         d3:3a:79:74:ac:48:1c:71:cc:8a:67:cf:18:1b:26:36:99:3e:
         c1:bb:fa:7b:0a:cb:2b:86:b1:1a:90:07:f2:25:4e:a4:53:f4:
         a9:b2:23:90:aa:ce:39:a4:17:63:67:7e:b3:4d:74:03:9d:10:
         4e:b4:05:4f:fe:98:46:f7:a1:f5:f8:c4:65:32:21:61:26:45:
         e2:1c:d8:f4:1a:67:d8:0f:f7:bd:7c:ac:07:0c:ba:a5:3b:a8:
         9a:6c:56:22:fd:6e:45:f8:64:91:0f:8d:2c:62:25:0a:1c:03:
         8f:5d:4c:63:b3:a2:a1:11:e7:a0:ba:da:05:f6:05:51:fd:97:
         36:18:3c:7e:8e:a1:f8:22:50:f4:ed:55:b6:50:14:5c:22:5f:
         ee:40:cc:24:3a:9b:d5:db:12:9c:42:77:3f:f1:25:31:81:11:
         77:f7:73:9c:5d:e7:8c:1d:62:51:da:48:19:b4:e8:14:9d:80:
         38:8d:bb:52:8e:81:7a:a0:2b:c2:bf:4e:65:71:a9:99:78:2f:
         e9:b8:c5:af:a7:a5:be:a5:78:bc:12:e3:0f:58:f8:6f:47:ce:
         ae:96:05:9e:c4:ea:de:8b:b5:0f:c2:c8:c7:62:8d:38:d5:36:
         84:72:bc:b6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYc3mlcpptgLYjSEa8juCGftMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzMxMTIxNzU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTk2ODUwMWE0MzYzMzUzMDBhMWZmMDkzZDI5YjU2ZTRmNmI0YmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAplD1UJ8QUKPSQUD5oW2GZjz1bLbJ
PyaDLb7u3CkkTO4pX6+5sgVxPetUmH1lGrYKLvLKeRcKeuSUbbx8Oou6AdjeG/mb
s9lbQ9C9HQF7uCqr5rK90D8/oDOunMDZY4xFJ2krEYraof+ER2KOIfRVUG2wVeVn
QDmL9vPgqI889MYd+I+zpUocK0jbaZKEfeKTGiQzFZ22uu+w3VkxN3IHIrVYRwwN
cKLewKGpoVKtLy/tWrYznW1qLJuzfKAwoAJ6ZfDc5xCAtlknn0YgRwsEeKq6q5pp
Wn00ZwEFhMq+HV00TA1+Ve4Y+0ZHrU3fy6BiCYcPSEJRQVuHdkpAN3WRNQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIqWhQGkNjNTAKH/CT0ptW5Pa0upMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvaXBhRkFhUTJNMU1Bb2Y4SlBTbTFiazlyUzZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJJMqmlDE1Too8FFuKs0
W1ayztM6eXSsSBxxzIpnzxgbJjaZPsG7+nsKyyuGsRqQB/IlTqRT9KmyI5Cqzjmk
F2NnfrNNdAOdEE60BU/+mEb3ofX4xGUyIWEmReIc2PQaZ9gP9718rAcMuqU7qJps
ViL9bkX4ZJEPjSxiJQocA49dTGOzoqER56C62gX2BVH9lzYYPH6OofgiUPTtVbZQ
FFwiX+5AzCQ6m9XbEpxCdz/xJTGBEXf3c5xd54wdYlHaSBm06BSdgDiNu1KOgXqg
K8K/TmVxqZl4L+m4xa+npb6leLwS4w9Y+G9Hzq6WBZ7E6t6LtQ/CyMdijTjVNoRy
vLY=
-----END CERTIFICATE-----