Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/kb31h8sC78ivK2mF_TcNw50Yhso.roa
File:                     kb31h8sC78ivK2mF_TcNw50Yhso.roa (raw, json)
Hash identifier:          CQugjqG0iHX2nk2PErBIBG9s/Fyyx/V2lIMdd2jkWtc=
Subject key identifier:   91:BD:F5:87:CB:02:EF:C8:AF:2B:69:85:FD:37:0D:C3:9D:18:86:CA
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01874C31F276365A3EA99782867A6425EF8C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/kb31h8sC78ivK2mF_TcNw50Yhso.roa
Signing time:             Tue 04 Apr 2023 12:15:54 +0000
ROA not before:           Tue 04 Apr 2023 12:15:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:4c:31:f2:76:36:5a:3e:a9:97:82:86:7a:64:25:ef:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  4 12:15:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=91bdf587cb02efc8af2b6985fd370dc39d1886ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:29:4e:04:36:2f:c7:87:70:51:77:27:a3:40:
                    11:cf:ad:ea:a5:b2:87:97:8c:a7:da:9a:a4:28:01:
                    81:1e:a4:f1:d4:8e:00:cf:a8:07:d1:48:b3:80:9c:
                    69:d1:9f:7e:14:4d:ee:b1:77:ae:54:a6:c1:33:ca:
                    b9:9a:59:92:40:b7:f5:80:a4:9d:f4:ae:65:70:f2:
                    91:37:19:30:39:9d:37:36:51:e0:4e:f9:f3:76:4d:
                    75:0d:e6:f2:81:bd:78:d7:52:0a:34:b0:2d:1a:42:
                    f4:af:66:b1:2c:7e:54:15:a7:ce:a1:72:5d:a8:df:
                    fa:2d:f6:e1:4f:1c:46:be:99:b8:94:f1:74:bf:ba:
                    16:69:21:42:6d:43:42:ce:ca:44:ba:a4:2a:cd:79:
                    ed:8f:01:45:41:6e:c9:22:2c:51:42:7a:ab:41:1f:
                    3d:e0:2e:8a:13:a2:58:67:ae:27:53:c3:6d:30:f7:
                    1f:09:18:bb:a8:23:cb:c5:2f:ba:09:e6:3f:5c:4f:
                    cb:ec:28:36:0b:1c:e5:f4:2c:f1:45:6b:6b:5a:bf:
                    31:b4:75:7e:70:e8:a1:71:71:fb:76:ee:95:81:55:
                    65:92:fc:ff:c6:44:db:4b:45:af:1d:4f:b2:37:03:
                    d3:70:5f:69:30:cd:d3:0e:14:22:28:ab:50:0e:2c:
                    27:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:BD:F5:87:CB:02:EF:C8:AF:2B:69:85:FD:37:0D:C3:9D:18:86:CA
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/kb31h8sC78ivK2mF_TcNw50Yhso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         9c:95:77:66:8c:9c:3a:56:e4:3e:5f:e2:70:8e:a5:aa:c3:fe:
         ed:07:a8:71:20:49:97:75:f7:6e:a4:c7:51:f8:9d:a1:60:08:
         08:50:35:03:5e:fd:1d:95:3d:8c:25:e3:8e:0d:5f:55:85:c6:
         68:db:65:06:9a:ba:53:bd:44:fa:be:e5:08:03:2a:64:1b:ed:
         3e:ad:69:14:7d:60:9c:ec:84:d7:04:31:29:96:c0:b7:9b:33:
         e2:98:bb:e0:ce:1b:49:1f:85:4f:e1:0b:8d:7c:f4:11:1f:3f:
         96:ab:1f:3b:e7:d3:5c:a9:e1:1d:28:9c:89:c8:de:81:07:17:
         3b:d0:0e:74:88:a8:74:7e:18:0b:fb:f5:e4:a9:75:c1:ba:9f:
         24:6d:ba:af:55:91:ae:ec:06:9a:02:0b:1d:de:89:6c:ad:e6:
         e6:55:06:4a:ee:4d:b9:a3:98:78:3a:5f:7f:6d:9b:fc:81:cc:
         96:b4:bb:c5:3a:02:f6:1f:c7:94:92:27:ae:23:d1:d6:06:fc:
         9a:a0:13:45:c4:43:05:6b:b0:66:87:5c:bc:67:85:e8:bd:a0:
         95:54:46:ff:08:9f:04:eb:7f:cf:c5:1b:c7:24:65:c3:42:58:
         74:19:b3:47:ac:86:92:cf:ec:c0:2b:d5:88:9e:34:ab:c9:33:
         29:ef:34:c0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdMMfJ2Nlo+qZeChnpkJe+MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDA0MTIxNTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWJkZjU4N2NiMDJlZmM4YWYyYjY5ODVmZDM3MGRjMzlkMTg4NmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkylOBDYvx4dwUXcno0ARz63qpbKH
l4yn2pqkKAGBHqTx1I4Az6gH0UizgJxp0Z9+FE3usXeuVKbBM8q5mlmSQLf1gKSd
9K5lcPKRNxkwOZ03NlHgTvnzdk11Debygb1411IKNLAtGkL0r2axLH5UFafOoXJd
qN/6LfbhTxxGvpm4lPF0v7oWaSFCbUNCzspEuqQqzXntjwFFQW7JIixRQnqrQR89
4C6KE6JYZ64nU8NtMPcfCRi7qCPLxS+6CeY/XE/L7Cg2Cxzl9CzxRWtrWr8xtHV+
cOihcXH7du6VgVVlkvz/xkTbS0WvHU+yNwPTcF9pMM3TDhQiKKtQDiwnnwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJG99YfLAu/Irytphf03DcOdGIbKMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEva2IzMWg4c0M3OGl2SzJtRl9UY053NTBZaHNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJyVd2aMnDpW5D5f4nCO
parD/u0HqHEgSZd1926kx1H4naFgCAhQNQNe/R2VPYwl444NX1WFxmjbZQaaulO9
RPq+5QgDKmQb7T6taRR9YJzshNcEMSmWwLebM+KYu+DOG0kfhU/hC4189BEfP5ar
Hzvn01yp4R0onInI3oEHFzvQDnSIqHR+GAv79eSpdcG6nyRtuq9Vka7sBpoCCx3e
iWyt5uZVBkruTbmjmHg6X39tm/yBzJa0u8U6AvYfx5SSJ64j0dYG/JqgE0XEQwVr
sGaHXLxnhei9oJVURv8InwTrf8/FG8ckZcNCWHQZs0eshpLP7MAr1YieNKvJMynv
NMA=
-----END CERTIFICATE-----