Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/kWgQdxPWyXzGRNNhVf3ls3yuUls.roa
File:                     kWgQdxPWyXzGRNNhVf3ls3yuUls.roa (raw, json)
Hash identifier:          cgl+nHsT3KhT12IoDZs1/R2Sle3O3PAIaaMCh08M8z0=
Subject key identifier:   91:68:10:77:13:D6:C9:7C:C6:44:D3:61:55:FD:E5:B3:7C:AE:52:5B
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187638EE69C37DA600EA2640618B54F6935
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/kWgQdxPWyXzGRNNhVf3ls3yuUls.roa
Signing time:             Sun 09 Apr 2023 01:08:42 +0000
ROA not before:           Sun 09 Apr 2023 01:08:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:63:8e:e6:9c:37:da:60:0e:a2:64:06:18:b5:4f:69:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  9 01:08:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9168107713d6c97cc644d36155fde5b37cae525b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:7e:e8:20:82:f5:bb:3b:09:92:de:a3:bd:fe:
                    76:90:22:b2:a4:eb:f3:fc:d3:51:46:bf:a5:50:e9:
                    98:77:54:24:55:21:15:b6:9b:b1:26:59:09:86:84:
                    bd:d7:05:43:59:26:58:0d:ac:87:7d:89:2c:9b:f9:
                    75:59:80:ae:10:33:67:28:a8:77:44:78:a3:df:a0:
                    40:4b:1f:f9:6d:28:40:6f:c7:84:84:5a:66:39:0c:
                    a6:ec:6a:3e:25:6f:42:7e:ca:72:a8:2a:22:a6:b7:
                    b7:d0:1a:21:9a:eb:79:cf:fc:43:25:90:78:d7:7b:
                    a6:99:6e:b9:92:34:b8:da:7b:8a:73:49:82:88:67:
                    b7:75:03:4e:59:d5:00:d2:99:95:02:b0:e4:94:68:
                    95:ad:e0:03:bd:1f:a5:8d:3f:cb:ad:1b:05:3e:4e:
                    10:d5:b1:3a:4b:c4:ec:25:7a:a1:2b:1b:f2:24:2d:
                    18:2f:2a:4f:b2:bd:86:44:4f:71:b2:c0:07:90:6e:
                    91:ee:0b:45:fd:16:77:57:ec:25:39:1d:1b:a1:f3:
                    64:09:28:44:36:34:15:a9:49:f0:29:a3:4a:2e:7a:
                    07:9e:33:c5:21:25:36:1b:46:2c:e7:f8:a1:8d:ac:
                    93:78:5c:4c:37:1f:e0:39:d6:43:56:b2:5b:17:6c:
                    5a:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:68:10:77:13:D6:C9:7C:C6:44:D3:61:55:FD:E5:B3:7C:AE:52:5B
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/kWgQdxPWyXzGRNNhVf3ls3yuUls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:49:79:e7:d0:6c:d5:87:f8:4d:83:42:78:90:a0:b6:4f:38:
         96:28:b9:18:91:3b:0a:56:c3:5b:b1:c3:e8:2a:81:a4:14:7b:
         89:69:53:07:a7:ae:ca:79:0f:12:d0:ee:ac:8f:a9:b7:1b:4c:
         91:f9:7e:b1:81:27:b6:5a:55:f3:50:7d:7e:49:7e:ce:1f:e7:
         86:9f:17:77:19:ca:00:73:86:87:30:b0:aa:59:9a:52:d3:52:
         60:7c:ef:25:81:3d:b0:1f:89:9c:51:5d:e8:85:80:d9:e9:70:
         aa:8f:1a:65:e2:16:09:aa:8e:88:b4:42:40:b0:88:aa:db:65:
         71:e3:48:cb:6a:68:c6:72:46:3a:69:59:6f:83:d0:48:06:3c:
         7c:1e:80:3e:99:b1:90:38:21:16:fd:7c:30:f0:46:89:e3:43:
         0b:cb:0d:b2:13:d0:28:24:b2:fc:29:f4:b8:00:ea:4c:8e:af:
         41:9c:b3:11:f9:e5:e4:73:34:61:bc:c6:47:e3:14:71:4a:b7:
         58:70:8d:8f:1a:e1:11:f8:69:04:8b:2e:d0:63:bd:f8:10:9a:
         b0:09:e5:92:38:29:a7:60:cb:d1:11:39:c6:31:d8:80:60:f0:
         b6:76:06:9b:9f:f8:27:17:c5:11:70:3f:4c:05:1a:90:13:29:
         a8:9b:43:a4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdjjuacN9pgDqJkBhi1T2k1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDA5MDEwODQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTY4MTA3NzEzZDZjOTdjYzY0NGQzNjE1NWZkZTViMzdjYWU1MjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnH7oIIL1uzsJkt6jvf52kCKypOvz
/NNRRr+lUOmYd1QkVSEVtpuxJlkJhoS91wVDWSZYDayHfYksm/l1WYCuEDNnKKh3
RHij36BASx/5bShAb8eEhFpmOQym7Go+JW9CfspyqCoipre30Bohmut5z/xDJZB4
13ummW65kjS42nuKc0mCiGe3dQNOWdUA0pmVArDklGiVreADvR+ljT/LrRsFPk4Q
1bE6S8TsJXqhKxvyJC0YLypPsr2GRE9xssAHkG6R7gtF/RZ3V+wlOR0bofNkCShE
NjQVqUnwKaNKLnoHnjPFISU2G0Ys5/ihjayTeFxMNx/gOdZDVrJbF2xafwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJFoEHcT1sl8xkTTYVX95bN8rlJbMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEva1dnUWR4UFd5WHpHUk5OaFZmM2xzM3l1VWxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACBJeefQbNWH+E2DQniQ
oLZPOJYouRiROwpWw1uxw+gqgaQUe4lpUwenrsp5DxLQ7qyPqbcbTJH5frGBJ7Za
VfNQfX5Jfs4f54afF3cZygBzhocwsKpZmlLTUmB87yWBPbAfiZxRXeiFgNnpcKqP
GmXiFgmqjoi0QkCwiKrbZXHjSMtqaMZyRjppWW+D0EgGPHwegD6ZsZA4IRb9fDDw
RonjQwvLDbIT0Cgksvwp9LgA6kyOr0GcsxH55eRzNGG8xkfjFHFKt1hwjY8a4RH4
aQSLLtBjvfgQmrAJ5ZI4Kadgy9EROcYx2IBg8LZ2Bpuf+CcXxRFwP0wFGpATKaib
Q6Q=
-----END CERTIFICATE-----