Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/jkb5nIUeX69sArDZJC7TwxO3jaU.roa
File:                     jkb5nIUeX69sArDZJC7TwxO3jaU.roa (raw, json)
Hash identifier:          dAF3NKIN5twqbEJMuB9R0KXV5mGORZJ5cYgJIzsH+sQ=
Subject key identifier:   8E:46:F9:9C:85:1E:5F:AF:6C:02:B0:D9:24:2E:D3:C3:13:B7:8D:A5
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018762B50258E248D863095599A85BD6D9AF
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/jkb5nIUeX69sArDZJC7TwxO3jaU.roa
Signing time:             Sat 08 Apr 2023 21:10:42 +0000
ROA not before:           Sat 08 Apr 2023 21:10:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:62:b5:02:58:e2:48:d8:63:09:55:99:a8:5b:d6:d9:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  8 21:10:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8e46f99c851e5faf6c02b0d9242ed3c313b78da5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:c6:2e:00:4f:fb:a1:57:d7:0b:72:b7:a7:bc:
                    3c:bc:33:c3:fd:70:af:12:93:d8:10:1e:37:b7:05:
                    84:db:e0:af:83:54:fb:c0:39:bd:38:4d:b6:89:83:
                    fe:a3:fc:9a:ab:e2:96:1a:9d:f5:9f:d6:e6:ad:a7:
                    ee:39:68:47:e1:bb:08:31:51:fa:72:6d:4a:d9:67:
                    41:89:11:fe:14:3b:97:91:b5:dd:ec:54:ba:92:52:
                    75:48:4f:87:e8:d7:cf:ef:43:98:b7:89:89:1c:f7:
                    63:79:1b:1d:bc:73:35:c5:4f:48:98:3e:6d:38:c0:
                    2b:bd:60:d1:ef:85:e2:d6:2a:2e:7f:64:05:b4:b6:
                    8d:42:0f:43:c8:90:c3:8a:50:b3:e5:cb:e3:ab:f8:
                    81:7b:1c:f0:43:ad:63:1c:72:27:10:fd:16:b9:bd:
                    c5:63:f9:b6:2f:85:54:3c:33:a0:b2:18:01:c9:95:
                    ca:f2:03:48:ec:08:ae:60:36:3b:9b:61:19:4f:87:
                    e3:a2:93:7c:b7:e3:c1:a9:ac:84:a0:60:79:09:16:
                    4d:f7:bb:74:32:8d:32:5e:23:9c:17:97:2b:c3:6e:
                    3f:41:6a:22:39:e8:95:b8:e4:05:89:2a:31:79:10:
                    5b:d0:5d:9f:75:92:41:d6:d6:ea:86:7f:0c:d4:5f:
                    13:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:46:F9:9C:85:1E:5F:AF:6C:02:B0:D9:24:2E:D3:C3:13:B7:8D:A5
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/jkb5nIUeX69sArDZJC7TwxO3jaU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         4e:26:e6:ee:46:b9:17:b3:40:da:3f:f0:d0:25:0e:6d:b3:ec:
         f4:2e:2a:88:8f:2c:e7:f7:3d:2c:d7:49:a8:f5:f0:d6:1c:eb:
         3d:72:7a:41:a0:d9:70:5c:51:9f:da:93:b7:02:b9:8c:be:d7:
         01:db:aa:f6:b5:69:87:e0:28:ce:db:47:51:a7:31:c3:a1:b9:
         e4:a2:c4:ab:e5:00:dd:73:f6:5b:00:1a:3a:a6:20:9f:ad:21:
         13:a5:ab:6f:f7:22:bf:49:b2:79:08:e7:5f:3f:c7:d3:bd:ec:
         16:40:18:ff:de:ed:b9:0e:91:7e:06:41:2d:9e:85:d2:90:1b:
         b8:ab:48:bd:1e:01:41:e3:66:f7:e7:88:78:d5:88:9c:d9:c2:
         a8:21:05:23:91:c5:1a:46:dd:b9:58:27:10:bf:cf:26:1b:53:
         3b:19:05:d9:20:a0:49:36:de:26:66:8a:05:66:93:cc:39:55:
         d0:dc:2c:42:8c:2a:6e:7a:e6:87:9b:75:f9:e8:aa:69:d1:91:
         14:3a:e2:7c:63:90:33:54:6b:b8:e9:6f:da:1a:c9:25:f5:09:
         c9:5d:ee:89:6b:cf:31:bb:a8:81:fb:ae:12:58:90:77:46:a3:
         a5:51:80:3b:b6:d6:50:00:b3:af:ad:1f:08:f4:1f:3a:6d:7a:
         1f:92:19:56
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYditQJY4kjYYwlVmahb1tmvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDA4MjExMDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTQ2Zjk5Yzg1MWU1ZmFmNmMwMmIwZDkyNDJlZDNjMzEzYjc4ZGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi8YuAE/7oVfXC3K3p7w8vDPD/XCv
EpPYEB43twWE2+Cvg1T7wDm9OE22iYP+o/yaq+KWGp31n9bmrafuOWhH4bsIMVH6
cm1K2WdBiRH+FDuXkbXd7FS6klJ1SE+H6NfP70OYt4mJHPdjeRsdvHM1xU9ImD5t
OMArvWDR74Xi1iouf2QFtLaNQg9DyJDDilCz5cvjq/iBexzwQ61jHHInEP0Wub3F
Y/m2L4VUPDOgshgByZXK8gNI7AiuYDY7m2EZT4fjopN8t+PBqayEoGB5CRZN97t0
Mo0yXiOcF5crw24/QWoiOeiVuOQFiSoxeRBb0F2fdZJB1tbqhn8M1F8TmwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFI5G+ZyFHl+vbAKw2SQu08MTt42lMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvamtiNW5JVWVYNjlzQXJEWkpDN1R3eE8zamFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAE4m5u5GuRezQNo/8NAl
Dm2z7PQuKoiPLOf3PSzXSaj18NYc6z1yekGg2XBcUZ/ak7cCuYy+1wHbqva1aYfg
KM7bR1GnMcOhueSixKvlAN1z9lsAGjqmIJ+tIROlq2/3Ir9JsnkI518/x9O97BZA
GP/e7bkOkX4GQS2ehdKQG7irSL0eAUHjZvfniHjViJzZwqghBSORxRpG3blYJxC/
zyYbUzsZBdkgoEk23iZmigVmk8w5VdDcLEKMKm565oebdfnoqmnRkRQ64nxjkDNU
a7jpb9oaySX1Ccld7olrzzG7qIH7rhJYkHdGo6VRgDu21lAAs6+tHwj0Hzpteh+S
GVY=
-----END CERTIFICATE-----