Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/kgLdNW3_bsHZ5guup4u0oXfyWCM.roa
File:                     kgLdNW3_bsHZ5guup4u0oXfyWCM.roa (raw, json)
Hash identifier:          eBBr676+s/noZxeM3NerurACOvUfdrCtcHQv38/VjGE=
Subject key identifier:   92:02:DD:35:6D:FF:6E:C1:D9:E6:0B:AE:A7:8B:B4:A1:77:F2:58:23
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01877C3CF22E7C9D349B9F344B01DDCFF0C9
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/kgLdNW3_bsHZ5guup4u0oXfyWCM.roa
Signing time:             Thu 13 Apr 2023 20:09:41 +0000
ROA not before:           Thu 13 Apr 2023 20:09:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:7c:3c:f2:2e:7c:9d:34:9b:9f:34:4b:01:dd:cf:f0:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 13 20:09:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9202dd356dff6ec1d9e60baea78bb4a177f25823
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:f3:84:2b:4c:ba:74:dd:d1:ad:b6:d8:48:46:
                    19:da:0d:d8:36:65:4c:f1:d3:9e:b3:fb:2a:55:17:
                    e7:fe:89:c8:5b:7d:f7:ec:6e:09:56:8c:42:5c:91:
                    a7:a6:28:02:90:e0:7d:99:e2:42:25:83:99:03:73:
                    7f:77:08:ee:75:eb:46:c9:bd:a2:a4:8c:54:0f:9d:
                    51:7f:50:8c:e4:c6:bb:3a:c7:83:5a:19:6f:81:17:
                    f6:cb:03:0c:54:7b:15:0c:9d:8c:8f:51:0b:74:ba:
                    87:5c:96:62:53:b3:f1:49:58:d4:be:94:22:81:b8:
                    5a:8e:14:e1:56:ee:ba:d9:5f:63:a9:ca:2e:2c:94:
                    a4:9f:12:59:4f:2c:b6:b9:fc:50:f1:98:04:37:5f:
                    23:f5:c2:a7:22:8c:8f:8f:f3:9c:23:d4:a5:bc:bb:
                    77:1d:ea:da:ff:35:3b:d7:9b:a6:f5:77:e5:8d:c7:
                    76:77:17:7c:69:b5:72:a1:f5:56:4f:82:3d:50:40:
                    79:f0:d9:cb:73:8c:ce:0b:e6:2e:97:72:d4:68:78:
                    01:d8:50:da:1f:59:0a:21:a6:5e:91:68:d4:ca:36:
                    45:81:51:49:eb:2e:53:12:ad:08:d5:17:b1:0b:dd:
                    ef:81:22:67:bb:c8:47:06:69:c6:ad:db:fb:1a:2f:
                    90:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:02:DD:35:6D:FF:6E:C1:D9:E6:0B:AE:A7:8B:B4:A1:77:F2:58:23
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/kgLdNW3_bsHZ5guup4u0oXfyWCM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         0e:2c:bf:a5:37:14:db:5f:ad:53:f6:b4:bb:28:63:79:4b:23:
         ad:db:28:9f:4f:2f:c3:4c:1c:de:ae:a7:19:2e:16:86:bf:17:
         74:ff:7f:fa:39:da:63:8b:9c:c8:3c:77:7a:cb:f4:02:67:3f:
         72:86:37:e0:73:06:bd:d4:fd:31:91:de:aa:f4:f0:70:82:3d:
         97:cf:9a:ff:07:19:4a:96:b5:ae:ce:4f:a7:5f:0d:e9:76:a3:
         ee:31:26:1c:ab:a3:db:52:73:5f:1a:fc:65:e2:92:c4:35:54:
         dd:ac:a8:93:96:3e:06:29:6f:67:da:69:cd:ab:4f:35:2c:35:
         bb:bc:75:76:92:72:ac:1e:f6:42:5a:9a:0e:f0:1c:99:31:92:
         b4:3e:3e:6a:8e:b7:b0:c8:ac:35:8d:6e:ba:bd:77:61:2d:ff:
         e6:54:5b:70:8c:5f:b9:01:da:f2:3a:93:df:eb:fc:de:40:9e:
         56:65:0f:a0:5c:51:10:95:d4:b3:b1:d5:16:bc:aa:70:15:bd:
         4d:71:6c:9d:9c:25:6e:c5:7f:76:56:f0:5c:f2:97:30:c5:0e:
         7e:68:a6:2e:83:72:be:48:fd:68:62:1e:55:94:b6:90:a6:fb:
         1f:7f:a8:61:89:27:55:99:1f:aa:2a:15:b2:d1:44:9b:99:d2:
         48:fb:39:08
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYd8PPIufJ00m580SwHdz/DJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDEzMjAwOTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjAyZGQzNTZkZmY2ZWMxZDllNjBiYWVhNzhiYjRhMTc3ZjI1ODIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh/OEK0y6dN3RrbbYSEYZ2g3YNmVM
8dOes/sqVRfn/onIW3337G4JVoxCXJGnpigCkOB9meJCJYOZA3N/dwjudetGyb2i
pIxUD51Rf1CM5Ma7OseDWhlvgRf2ywMMVHsVDJ2Mj1ELdLqHXJZiU7PxSVjUvpQi
gbhajhThVu662V9jqcouLJSknxJZTyy2ufxQ8ZgEN18j9cKnIoyPj/OcI9SlvLt3
Hera/zU715um9Xfljcd2dxd8abVyofVWT4I9UEB58NnLc4zOC+Yul3LUaHgB2FDa
H1kKIaZekWjUyjZFgVFJ6y5TEq0I1RexC93vgSJnu8hHBmnGrdv7Gi+QjQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJIC3TVt/27B2eYLrqeLtKF38lgjMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEva2dMZE5XM19ic0haNWd1dXA0dTBvWGZ5V0NNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAA4sv6U3FNtfrVP2tLso
Y3lLI63bKJ9PL8NMHN6upxkuFoa/F3T/f/o52mOLnMg8d3rL9AJnP3KGN+BzBr3U
/TGR3qr08HCCPZfPmv8HGUqWta7OT6dfDel2o+4xJhyro9tSc18a/GXiksQ1VN2s
qJOWPgYpb2faac2rTzUsNbu8dXaScqwe9kJamg7wHJkxkrQ+PmqOt7DIrDWNbrq9
d2Et/+ZUW3CMX7kB2vI6k9/r/N5AnlZlD6BcURCV1LOx1Ra8qnAVvU1xbJ2cJW7F
f3ZW8FzylzDFDn5opi6Dcr5I/WhiHlWUtpCm+x9/qGGJJ1WZH6oqFbLRRJuZ0kj7
OQg=
-----END CERTIFICATE-----