Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/jb0FYi-2mer-PpGN27IMKv9wGBQ.roa
File:                     jb0FYi-2mer-PpGN27IMKv9wGBQ.roa (raw, json)
Hash identifier:          sDbKWx/zsGLHVHCxo/PkeRsB8mjv0JzkkRhQmeJFYxs=
Subject key identifier:   8D:BD:05:62:2F:B6:99:EA:FE:3E:91:8D:DB:B2:0C:2A:FF:70:18:14
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187F57A9DBA6F1050A10EE604A7CD860130
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/jb0FYi-2mer-PpGN27IMKv9wGBQ.roa
Signing time:             Sun 07 May 2023 09:11:06 +0000
ROA not before:           Sun 07 May 2023 09:11:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:f5:7a:9d:ba:6f:10:50:a1:0e:e6:04:a7:cd:86:01:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  7 09:11:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8dbd05622fb699eafe3e918ddbb20c2aff701814
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:41:af:c8:e6:e8:39:c1:25:1c:c9:07:7d:1f:
                    56:e5:1e:fa:14:3b:21:59:fc:94:ac:0d:c3:e6:2d:
                    42:2b:57:0b:75:4a:c9:dc:08:19:13:ae:47:ee:f0:
                    36:ee:02:18:b8:92:07:dc:aa:d4:3c:b9:2f:36:f9:
                    b9:a3:e1:c4:1a:a0:84:23:4a:e3:2c:c0:9d:09:97:
                    c5:82:04:75:8d:9f:bc:17:66:b9:ac:4a:d7:32:b9:
                    47:f6:c2:a5:57:e8:0e:af:21:a9:13:90:59:a6:5d:
                    bb:cc:d6:da:3c:4d:9b:1b:62:ad:c8:af:08:ab:e3:
                    3a:e8:20:36:d2:10:c3:9e:3b:32:2f:49:b3:6e:56:
                    7b:26:65:97:6f:f6:a4:8c:eb:b5:aa:b3:d0:c3:75:
                    2d:c1:dd:8d:ea:fa:3c:56:9c:67:65:c1:dd:a7:ce:
                    da:5e:45:7d:07:66:eb:79:71:ad:73:78:9a:9c:68:
                    85:d0:61:82:73:2b:6f:6a:b1:52:fc:3d:cc:27:c5:
                    2e:ec:69:e1:c0:a1:04:0e:90:c3:c7:e7:f2:3a:bd:
                    41:0d:92:31:46:5b:06:51:0c:a4:5a:db:22:bc:1b:
                    87:11:dd:e9:44:d9:66:80:5f:cf:1b:fb:ef:2c:37:
                    89:fa:57:95:df:5e:33:61:6f:76:a1:b9:d2:5a:26:
                    56:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:BD:05:62:2F:B6:99:EA:FE:3E:91:8D:DB:B2:0C:2A:FF:70:18:14
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/jb0FYi-2mer-PpGN27IMKv9wGBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a4:68:07:91:09:7d:be:fe:17:34:37:f9:6f:fa:4f:7f:df:97:
         b2:15:ee:4e:30:d5:6b:5b:8e:f3:ba:0a:42:ee:e8:86:72:7e:
         ea:b4:99:de:6c:e3:f1:b1:ed:a8:55:dc:4b:d6:28:32:ab:e1:
         c2:3e:dd:53:c2:f0:1d:cb:cc:25:14:1b:fb:9f:6d:ee:f6:ab:
         42:73:ba:d4:08:99:20:5e:3c:d0:53:2e:3c:32:29:b4:30:1d:
         47:68:a5:aa:5b:08:6e:0e:3b:cd:6e:6a:e6:a7:59:e0:c3:07:
         7a:81:ba:1e:61:97:96:cd:df:01:89:34:55:9a:71:5a:88:55:
         64:13:c9:a0:91:b1:05:b6:13:97:46:b1:da:33:fb:f8:0b:74:
         c0:d2:50:a3:41:a2:f8:15:40:d0:c6:06:4a:3c:67:b5:ca:81:
         ec:63:ef:e3:a3:d8:d6:3f:db:26:79:6e:c0:27:23:62:69:46:
         09:79:9b:56:39:89:f2:b1:64:45:6b:72:01:70:64:d1:13:47:
         0b:61:72:6e:9a:bf:42:9b:9f:28:dd:fa:08:21:9a:c8:6a:2b:
         a8:8d:df:02:d8:09:f2:c6:9c:fb:6f:b6:ba:4b:fc:47:cc:8a:
         b0:99:12:b0:44:51:33:19:d8:4a:da:6c:6e:91:d0:8e:9e:1a:
         08:23:b1:d4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYf1ep26bxBQoQ7mBKfNhgEwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA3MDkxMTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGJkMDU2MjJmYjY5OWVhZmUzZTkxOGRkYmIyMGMyYWZmNzAxODE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsEGvyOboOcElHMkHfR9W5R76FDsh
WfyUrA3D5i1CK1cLdUrJ3AgZE65H7vA27gIYuJIH3KrUPLkvNvm5o+HEGqCEI0rj
LMCdCZfFggR1jZ+8F2a5rErXMrlH9sKlV+gOryGpE5BZpl27zNbaPE2bG2KtyK8I
q+M66CA20hDDnjsyL0mzblZ7JmWXb/akjOu1qrPQw3Utwd2N6vo8VpxnZcHdp87a
XkV9B2breXGtc3ianGiF0GGCcytvarFS/D3MJ8Uu7GnhwKEEDpDDx+fyOr1BDZIx
RlsGUQykWtsivBuHEd3pRNlmgF/PG/vvLDeJ+leV314zYW92obnSWiZWawIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFI29BWIvtpnq/j6RjduyDCr/cBgUMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvamIwRllpLTJtZXItUHBHTjI3SU1Ldjl3R0JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKRoB5EJfb7+FzQ3+W/6
T3/fl7IV7k4w1WtbjvO6CkLu6IZyfuq0md5s4/Gx7ahV3EvWKDKr4cI+3VPC8B3L
zCUUG/ufbe72q0JzutQImSBePNBTLjwyKbQwHUdopapbCG4OO81uauanWeDDB3qB
uh5hl5bN3wGJNFWacVqIVWQTyaCRsQW2E5dGsdoz+/gLdMDSUKNBovgVQNDGBko8
Z7XKgexj7+Oj2NY/2yZ5bsAnI2JpRgl5m1Y5ifKxZEVrcgFwZNETRwthcm6av0Kb
nyjd+gghmshqK6iN3wLYCfLGnPtvtrpL/EfMirCZErBEUTMZ2ErabG6R0I6eGggj
sdQ=
-----END CERTIFICATE-----