Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/jumolBs3PboDC7NL7Y1D2crLjk0.roa
File:                     jumolBs3PboDC7NL7Y1D2crLjk0.roa (raw, json)
Hash identifier:          hzo4mGcDkYDrX71XK+yDTNdQgGaAnE/vMezsYb57dog=
Subject key identifier:   8E:E9:A8:94:1B:37:3D:BA:03:0B:B3:4B:ED:8D:43:D9:CA:CB:8E:4D
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187E4F60C7C04DE1A0E65871C0438BD08B2
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/jumolBs3PboDC7NL7Y1D2crLjk0.roa
Signing time:             Thu 04 May 2023 04:12:22 +0000
ROA not before:           Thu 04 May 2023 04:12:22 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:e4:f6:0c:7c:04:de:1a:0e:65:87:1c:04:38:bd:08:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  4 04:12:22 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8ee9a8941b373dba030bb34bed8d43d9cacb8e4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:73:71:48:b1:78:62:b2:3a:45:d2:f8:3b:24:
                    0e:ae:fb:4b:0b:a7:e1:f7:2e:ac:15:ce:9f:fa:51:
                    6f:ca:23:2b:21:52:75:f6:94:45:01:77:f0:1a:99:
                    3a:8f:23:dd:9e:43:1b:ac:92:ba:10:f5:ea:30:22:
                    45:76:e7:37:d4:d7:7f:d9:a6:84:61:17:d6:ab:ed:
                    86:ad:8b:c4:14:85:9b:e1:0c:a2:f2:0f:0a:d4:37:
                    8a:64:fd:75:1d:3e:19:7e:43:31:fc:48:08:ba:1d:
                    5b:1c:c6:5d:00:31:31:fa:9d:22:bf:03:2e:08:46:
                    7d:f2:a6:98:ea:af:9c:04:cd:64:15:46:f3:b4:20:
                    57:dd:b5:9e:88:78:48:e3:37:6a:09:a3:fc:15:cb:
                    cc:bc:be:82:f7:c5:2f:ec:36:79:61:30:e0:d8:c2:
                    49:e1:a2:f7:ec:63:62:c3:3e:da:2c:17:eb:50:3c:
                    87:49:42:d1:5c:83:37:5f:f8:3a:60:dd:4b:4f:f2:
                    48:9b:32:94:52:29:d1:3c:4b:82:e2:4b:18:ed:c9:
                    44:4e:26:7a:98:bd:bb:7b:82:10:46:d5:28:6c:aa:
                    35:52:6a:6f:60:87:2b:d5:67:3a:2b:b2:87:1e:25:
                    0a:a6:a8:0a:86:e2:75:f3:9b:88:a8:96:de:b8:f9:
                    db:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:E9:A8:94:1B:37:3D:BA:03:0B:B3:4B:ED:8D:43:D9:CA:CB:8E:4D
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/jumolBs3PboDC7NL7Y1D2crLjk0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         b1:d2:06:7b:3e:fe:01:db:3b:d8:07:ba:11:07:11:54:cc:89:
         21:17:db:d6:de:55:da:81:b4:15:46:43:22:50:37:e8:e2:d1:
         60:5f:f9:41:8e:e6:9f:e6:82:07:a7:d9:c9:6f:ac:e3:a7:41:
         a3:02:23:31:fc:e3:8f:ad:28:21:6c:d2:39:05:d7:75:89:0a:
         da:07:91:68:80:0b:6b:eb:b5:a7:c4:da:4e:b7:69:d4:5f:f6:
         eb:42:d8:ee:f0:78:47:0a:76:1c:38:54:ee:d8:05:79:b3:5a:
         78:cc:0c:bc:cb:36:a2:ba:06:6e:3d:3d:c6:f2:9f:05:0e:ea:
         67:c9:ad:ad:ca:ae:8f:c3:aa:e5:08:83:ff:c6:1d:1a:50:55:
         6a:ee:58:a6:df:2d:d9:36:b7:a8:05:f9:b9:44:99:76:24:77:
         63:89:70:c0:6b:04:1f:d1:5d:d4:53:e1:93:53:b5:60:3e:cf:
         fc:bb:52:23:03:50:cf:ba:22:77:59:cd:d8:5f:eb:6b:64:d5:
         c6:6f:18:10:30:67:01:a8:d8:ad:48:d2:be:dc:f3:b2:b2:54:
         8c:59:0d:8c:5f:11:97:07:69:33:0c:5b:3d:f2:0a:09:be:a0:
         bf:45:af:d9:27:40:e8:40:1a:17:3e:16:77:fe:e1:cb:7b:b3:
         e0:f8:08:4e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfk9gx8BN4aDmWHHAQ4vQiyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA0MDQxMjIyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWU5YTg5NDFiMzczZGJhMDMwYmIzNGJlZDhkNDNkOWNhY2I4ZTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj3NxSLF4YrI6RdL4OyQOrvtLC6fh
9y6sFc6f+lFvyiMrIVJ19pRFAXfwGpk6jyPdnkMbrJK6EPXqMCJFduc31Nd/2aaE
YRfWq+2GrYvEFIWb4Qyi8g8K1DeKZP11HT4ZfkMx/EgIuh1bHMZdADEx+p0ivwMu
CEZ98qaY6q+cBM1kFUbztCBX3bWeiHhI4zdqCaP8FcvMvL6C98Uv7DZ5YTDg2MJJ
4aL37GNiwz7aLBfrUDyHSULRXIM3X/g6YN1LT/JImzKUUinRPEuC4ksY7clETiZ6
mL27e4IQRtUobKo1UmpvYIcr1Wc6K7KHHiUKpqgKhuJ185uIqJbeuPnbJQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFI7pqJQbNz26AwuzS+2NQ9nKy45NMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvanVtb2xCczNQYm9EQzdOTDdZMUQyY3JMamswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBALHSBns+/gHbO9gHuhEH
EVTMiSEX29beVdqBtBVGQyJQN+ji0WBf+UGO5p/mggen2clvrOOnQaMCIzH844+t
KCFs0jkF13WJCtoHkWiAC2vrtafE2k63adRf9utC2O7weEcKdhw4VO7YBXmzWnjM
DLzLNqK6Bm49PcbynwUO6mfJra3Kro/DquUIg//GHRpQVWruWKbfLdk2t6gF+blE
mXYkd2OJcMBrBB/RXdRT4ZNTtWA+z/y7UiMDUM+6IndZzdhf62tk1cZvGBAwZwGo
2K1I0r7c87KyVIxZDYxfEZcHaTMMWz3yCgm+oL9Fr9knQOhAGhc+Fnf+4ct7s+D4
CE4=
-----END CERTIFICATE-----