Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/jI2-djuwEVv95NighQodwMxOihg.roa
File:                     jI2-djuwEVv95NighQodwMxOihg.roa (raw, json)
Hash identifier:          nEa+KtgvPkoleBK3+9XkGf0H5H7XzP59C4YpCVIOhjQ=
Subject key identifier:   8C:8D:BE:76:3B:B0:11:5B:FD:E4:D8:A0:85:0A:1D:C0:CC:4E:8A:18
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018816175BCEAEE010387B14F44D439EFF64
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/jI2-djuwEVv95NighQodwMxOihg.roa
Signing time:             Sat 13 May 2023 17:10:09 +0000
ROA not before:           Sat 13 May 2023 17:10:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:16:17:5b:ce:ae:e0:10:38:7b:14:f4:4d:43:9e:ff:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 13 17:10:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8c8dbe763bb0115bfde4d8a0850a1dc0cc4e8a18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:f3:8a:54:7d:bb:93:c4:01:95:a1:1e:c6:a0:
                    5b:b0:d5:82:6d:bf:91:9b:a3:13:9f:fa:d3:3c:77:
                    3e:09:f9:08:e1:b5:3c:46:91:2f:48:34:43:bd:65:
                    19:f9:f0:e9:b5:35:c6:41:57:61:b8:ce:e7:f4:42:
                    dc:c5:5c:9e:8a:2f:df:fa:f0:ed:ad:37:41:4b:25:
                    3d:23:6a:30:1c:8a:21:14:fb:df:46:92:27:7d:26:
                    ca:fb:63:90:64:27:bd:f3:d5:9f:f7:d9:16:01:33:
                    e2:93:be:8e:7c:25:a9:e2:2b:84:98:86:f2:d9:63:
                    6f:50:d8:12:36:39:47:c9:1e:32:1d:90:20:22:b2:
                    01:35:7f:4a:cf:ae:9a:b4:fa:0a:bd:ec:1c:00:b6:
                    fb:05:37:d4:3d:95:93:36:09:46:17:7a:f1:64:26:
                    d7:7c:ae:ce:80:57:a9:cb:ef:c4:bc:9a:c3:c5:72:
                    4e:9e:44:f4:fc:6c:79:50:be:71:5e:bc:24:ec:34:
                    48:b5:15:85:78:26:ab:46:39:d7:9d:ef:a0:92:e3:
                    73:af:0e:28:88:2e:b4:b2:d1:b9:2e:41:3c:ce:80:
                    1e:13:a7:c2:c3:ea:f7:92:46:df:06:8b:a1:b4:f0:
                    b5:34:ac:42:3e:f4:11:d9:fb:cb:52:cc:d9:38:2d:
                    6d:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:8D:BE:76:3B:B0:11:5B:FD:E4:D8:A0:85:0A:1D:C0:CC:4E:8A:18
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/jI2-djuwEVv95NighQodwMxOihg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         7d:5e:46:dd:4d:13:21:8a:65:bf:1e:82:e5:fd:f6:13:64:94:
         9a:89:ac:17:44:93:f1:5a:48:40:c0:fc:42:a0:df:d6:51:f7:
         e8:d3:f5:e0:85:d6:df:f5:b4:44:4a:2e:df:e4:8a:36:1f:d5:
         ed:e6:9c:6b:ab:8a:4e:9f:3c:73:10:50:18:4f:d8:71:29:bf:
         11:64:4d:14:07:3d:dd:8f:53:f3:07:4c:a6:d2:ab:4c:c5:17:
         83:ef:6c:da:64:fa:6c:8b:83:b7:27:0f:c5:c3:03:d1:cc:f8:
         80:a5:4b:90:b0:a2:f9:a7:9c:be:b8:05:59:06:34:7c:5c:b9:
         52:a3:08:4c:ed:3c:67:c7:10:80:83:58:76:97:8a:85:92:60:
         0c:ac:01:c4:f0:60:1b:90:d6:0d:89:0b:a7:91:e3:2b:47:86:
         ea:9b:b9:f0:f2:d1:31:7c:6d:47:93:ca:ac:d2:a1:7a:2d:9b:
         98:3b:1e:8e:ae:7c:b6:f2:17:a5:b7:7e:63:61:71:d2:26:99:
         b1:00:79:08:e5:a2:1d:10:47:02:49:63:b2:c3:cd:c2:0b:21:
         1b:ad:61:65:0f:e7:08:c4:72:1e:c2:35:0c:9c:67:d3:8e:0e:
         50:3e:62:3a:fd:22:87:90:b0:e3:1a:f6:d1:71:9f:e3:25:e8:
         41:3f:41:72
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgWF1vOruAQOHsU9E1Dnv9kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTEzMTcxMDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzhkYmU3NjNiYjAxMTViZmRlNGQ4YTA4NTBhMWRjMGNjNGU4YTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwfOKVH27k8QBlaEexqBbsNWCbb+R
m6MTn/rTPHc+CfkI4bU8RpEvSDRDvWUZ+fDptTXGQVdhuM7n9ELcxVyeii/f+vDt
rTdBSyU9I2owHIohFPvfRpInfSbK+2OQZCe989Wf99kWATPik76OfCWp4iuEmIby
2WNvUNgSNjlHyR4yHZAgIrIBNX9Kz66atPoKvewcALb7BTfUPZWTNglGF3rxZCbX
fK7OgFepy+/EvJrDxXJOnkT0/Gx5UL5xXrwk7DRItRWFeCarRjnXne+gkuNzrw4o
iC60stG5LkE8zoAeE6fCw+r3kkbfBouhtPC1NKxCPvQR2fvLUszZOC1tHQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIyNvnY7sBFb/eTYoIUKHcDMTooYMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvakkyLWRqdXdFVnY5NU5pZ2hRb2R3TXhPaWhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAH1eRt1NEyGKZb8eguX9
9hNklJqJrBdEk/FaSEDA/EKg39ZR9+jT9eCF1t/1tERKLt/kijYf1e3mnGurik6f
PHMQUBhP2HEpvxFkTRQHPd2PU/MHTKbSq0zFF4PvbNpk+myLg7cnD8XDA9HM+ICl
S5CwovmnnL64BVkGNHxcuVKjCEztPGfHEICDWHaXioWSYAysAcTwYBuQ1g2JC6eR
4ytHhuqbufDy0TF8bUeTyqzSoXotm5g7Ho6ufLbyF6W3fmNhcdImmbEAeQjloh0Q
RwJJY7LDzcILIRutYWUP5wjEch7CNQycZ9OODlA+Yjr9IoeQsOMa9tFxn+Ml6EE/
QXI=
-----END CERTIFICATE-----