Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/jXNdL53-YCoZR71Bd3YQfrTylsA.roa
File:                     jXNdL53-YCoZR71Bd3YQfrTylsA.roa (raw, json)
Hash identifier:          htiHcN6UODcLWKUdwtF2w/5TYKIJ+834snQZL/0P8Ao=
Subject key identifier:   8D:73:5D:2F:9D:FE:60:2A:19:47:BD:41:77:76:10:7E:B4:F2:96:C0
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186F6CC929EDC35B377C61762FAA87F7A77
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/jXNdL53-YCoZR71Bd3YQfrTylsA.roa
Signing time:             Sat 18 Mar 2023 22:17:27 +0000
ROA not before:           Sat 18 Mar 2023 22:17:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:f6:cc:92:9e:dc:35:b3:77:c6:17:62:fa:a8:7f:7a:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 18 22:17:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8d735d2f9dfe602a1947bd417776107eb4f296c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:89:f9:d8:f0:d4:5c:fe:42:de:9f:f8:59:f7:
                    d8:5a:69:6d:24:4e:89:cc:96:8e:84:d4:c7:44:49:
                    1c:eb:92:72:c7:0d:b3:ec:28:89:e3:4e:14:33:11:
                    2b:ba:ba:aa:11:f0:e5:bf:41:95:c7:5b:cc:93:54:
                    4c:61:4e:78:ba:4c:d7:11:12:4d:f2:2e:21:4f:51:
                    f3:21:cb:b2:48:62:bb:05:47:d7:ec:3d:92:c4:19:
                    05:3f:df:a3:73:77:56:36:a2:c9:8c:12:07:c7:8a:
                    99:fc:dc:f5:90:a7:30:73:c6:34:aa:fa:de:12:52:
                    6f:00:17:4b:d1:e8:c6:39:e6:76:e0:2a:3e:23:53:
                    e2:22:b1:7d:20:99:c4:5b:f2:a8:8a:fe:42:89:a8:
                    07:10:4d:7c:29:32:51:4a:45:ce:8a:50:e3:af:f0:
                    bd:dc:02:d2:8c:b2:cd:05:ce:67:34:4c:a8:cc:46:
                    7e:75:d2:00:c5:8c:b8:a0:65:6f:7d:38:e3:e6:a9:
                    d2:5f:6c:25:10:4c:bc:ef:69:fe:af:59:dc:1c:f4:
                    fc:c3:6b:d1:56:76:32:62:12:81:e0:62:97:a6:c7:
                    88:64:26:51:05:99:34:5f:bf:4b:fa:5b:d4:10:6b:
                    81:d6:1a:fe:f6:02:76:99:8a:ad:8d:2b:e5:21:dd:
                    48:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:73:5D:2F:9D:FE:60:2A:19:47:BD:41:77:76:10:7E:B4:F2:96:C0
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/jXNdL53-YCoZR71Bd3YQfrTylsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         28:71:95:90:74:d3:ce:9a:7a:e7:d1:b7:59:46:ae:34:7e:36:
         6b:fa:5b:44:0e:f3:c5:d5:ce:44:7b:f7:20:5b:90:5b:f5:3e:
         47:9b:58:e6:fd:b0:07:24:e2:44:34:04:c2:be:40:ce:ed:37:
         4a:3a:86:5f:91:8c:77:57:82:70:40:d6:de:02:f9:22:c5:03:
         27:2b:75:dd:ea:56:c6:26:e9:f1:42:44:f8:e3:13:35:db:49:
         ad:d1:53:f3:51:64:3c:e6:e5:95:4f:dd:5c:28:bd:78:c9:f4:
         b2:a8:8e:ee:39:c5:03:86:af:09:91:3a:e2:da:fd:21:5b:86:
         6f:f6:fb:31:fa:04:e7:db:ae:2b:37:9f:07:bf:66:73:4b:92:
         b3:48:ee:dd:55:ad:32:62:14:82:43:2c:6c:ae:45:fb:0b:2e:
         e9:c8:9e:a7:5b:cc:77:a5:52:91:af:d7:d0:7c:8e:26:41:44:
         7f:36:7e:6c:6f:31:88:1d:94:b8:10:cf:89:6c:97:77:1d:3f:
         13:7e:e8:d2:5c:78:50:6a:fb:fc:da:5a:2b:4c:aa:3b:57:7f:
         f3:0d:cf:da:b1:6b:d6:a1:c2:36:a3:71:bc:4c:f4:64:73:77:
         bd:fb:e2:ab:b9:05:49:cd:cf:87:b5:4a:d4:30:d3:c0:7b:6f:
         66:b7:a4:e2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYb2zJKe3DWzd8YXYvqof3p3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzE4MjIxNzI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDczNWQyZjlkZmU2MDJhMTk0N2JkNDE3Nzc2MTA3ZWI0ZjI5NmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuon52PDUXP5C3p/4WffYWmltJE6J
zJaOhNTHREkc65Jyxw2z7CiJ404UMxErurqqEfDlv0GVx1vMk1RMYU54ukzXERJN
8i4hT1HzIcuySGK7BUfX7D2SxBkFP9+jc3dWNqLJjBIHx4qZ/Nz1kKcwc8Y0qvre
ElJvABdL0ejGOeZ24Co+I1PiIrF9IJnEW/Koiv5CiagHEE18KTJRSkXOilDjr/C9
3ALSjLLNBc5nNEyozEZ+ddIAxYy4oGVvfTjj5qnSX2wlEEy872n+r1ncHPT8w2vR
VnYyYhKB4GKXpseIZCZRBZk0X79L+lvUEGuB1hr+9gJ2mYqtjSvlId1I8QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFI1zXS+d/mAqGUe9QXd2EH608pbAMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvalhOZEw1My1ZQ29aUjcxQmQzWVFmclR5bHNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAChxlZB0086aeufRt1lG
rjR+Nmv6W0QO88XVzkR79yBbkFv1PkebWOb9sAck4kQ0BMK+QM7tN0o6hl+RjHdX
gnBA1t4C+SLFAycrdd3qVsYm6fFCRPjjEzXbSa3RU/NRZDzm5ZVP3VwovXjJ9LKo
ju45xQOGrwmROuLa/SFbhm/2+zH6BOfbris3nwe/ZnNLkrNI7t1VrTJiFIJDLGyu
RfsLLunInqdbzHelUpGv19B8jiZBRH82fmxvMYgdlLgQz4lsl3cdPxN+6NJceFBq
+/zaWitMqjtXf/MNz9qxa9ahwjajcbxM9GRzd7374qu5BUnNz4e1StQw08B7b2a3
pOI=
-----END CERTIFICATE-----