Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/lD7DixalOlsaYHS6C4dOwo5I-K4.roa
File:                     lD7DixalOlsaYHS6C4dOwo5I-K4.roa (raw, json)
Hash identifier:          y1E+/xbEu20LaL8ZsAn0zjqvsFHTql0U4MPj6B9v7dE=
Subject key identifier:   94:3E:C3:8B:16:A5:3A:5B:1A:60:74:BA:0B:87:4E:C2:8E:48:F8:AE
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018831911F7752A30ADD6AE93CAD64D5924D
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/lD7DixalOlsaYHS6C4dOwo5I-K4.roa
Signing time:             Fri 19 May 2023 01:12:54 +0000
ROA not before:           Fri 19 May 2023 01:12:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:31:91:1f:77:52:a3:0a:dd:6a:e9:3c:ad:64:d5:92:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 19 01:12:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=943ec38b16a53a5b1a6074ba0b874ec28e48f8ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:3d:dd:e2:78:70:84:87:c0:0e:2b:13:45:7c:
                    e2:1e:38:4d:de:65:08:9e:2e:b4:4c:57:a3:c1:ce:
                    74:c0:78:53:b3:b2:1e:44:26:f1:c3:28:23:ac:5c:
                    c3:70:dc:45:80:74:22:87:6e:82:a7:18:28:70:df:
                    f3:40:ef:33:b4:80:d2:da:51:59:01:6b:ff:b1:cb:
                    48:fd:f3:ed:40:ae:49:33:ed:58:08:02:c4:fa:4d:
                    4c:b9:51:6f:62:e5:24:68:69:57:db:f6:a8:7b:62:
                    48:f8:f6:cd:d4:15:6e:4f:0e:4f:07:dd:f7:1c:fd:
                    c0:90:21:35:c4:05:68:66:27:41:f4:b2:69:60:23:
                    ef:4d:86:be:b1:7d:8e:fa:a6:4c:88:f7:e9:e1:ec:
                    65:12:71:ec:50:a2:45:e0:5b:8b:5f:9c:e5:65:0b:
                    7e:c1:70:d9:97:fc:d5:92:46:db:66:06:59:34:f2:
                    64:9d:f4:da:df:19:99:ae:e7:e2:58:6e:44:f9:26:
                    57:87:0f:ff:57:eb:0e:c7:d0:c9:c2:a5:e7:01:fd:
                    e1:f9:30:7d:c9:20:79:84:9b:77:3e:ed:95:83:04:
                    68:2a:08:37:de:37:ec:95:9f:e0:f8:a1:6c:92:28:
                    c4:06:7c:bb:05:6c:9c:92:28:17:07:7b:ac:5a:af:
                    56:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:3E:C3:8B:16:A5:3A:5B:1A:60:74:BA:0B:87:4E:C2:8E:48:F8:AE
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/lD7DixalOlsaYHS6C4dOwo5I-K4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         4e:da:47:12:70:a8:02:2d:3f:4c:ba:d2:67:e7:9e:64:4b:3f:
         95:a3:45:42:4e:46:89:46:76:9a:c9:c4:98:7b:35:a6:c4:64:
         20:1c:d0:ab:0e:77:cb:c7:36:fb:5c:3e:64:8d:ee:b9:5f:7a:
         6b:2d:68:c3:45:5c:ba:d4:25:e4:13:21:56:69:06:70:b7:d9:
         e7:9f:ec:e8:aa:ee:aa:5d:d7:69:fa:47:eb:b6:89:1a:66:3c:
         f9:55:55:3c:f4:d8:5e:09:76:ae:59:ca:42:7b:57:d7:6f:81:
         51:f0:ad:73:32:25:d5:af:21:6c:c4:57:a1:0e:6e:29:90:14:
         66:c0:c5:7b:c5:a5:9c:4d:3b:e9:56:cb:33:e3:5e:a8:ed:ec:
         ce:f9:60:a7:33:2f:4f:17:07:a2:33:d3:af:3e:d1:89:c2:dc:
         2e:44:e4:44:77:86:5c:7b:0d:6f:31:91:1c:64:de:e0:f2:52:
         d0:f8:bf:1f:cd:83:80:21:62:9f:cd:99:3d:d2:95:c6:de:62:
         d7:91:87:79:3b:cc:77:01:40:fa:34:3f:e7:80:0d:29:40:96:
         76:98:1b:e9:33:7d:36:20:66:17:bd:3a:9a:94:30:7a:fa:05:
         57:40:78:49:4a:f3:5d:fe:71:e9:a1:73:a7:5e:0e:29:89:40:
         c6:5b:66:19
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgxkR93UqMK3WrpPK1k1ZJNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTE5MDExMjU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDNlYzM4YjE2YTUzYTViMWE2MDc0YmEwYjg3NGVjMjhlNDhmOGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApD3d4nhwhIfADisTRXziHjhN3mUI
ni60TFejwc50wHhTs7IeRCbxwygjrFzDcNxFgHQih26CpxgocN/zQO8ztIDS2lFZ
AWv/sctI/fPtQK5JM+1YCALE+k1MuVFvYuUkaGlX2/aoe2JI+PbN1BVuTw5PB933
HP3AkCE1xAVoZidB9LJpYCPvTYa+sX2O+qZMiPfp4exlEnHsUKJF4FuLX5zlZQt+
wXDZl/zVkkbbZgZZNPJknfTa3xmZrufiWG5E+SZXhw//V+sOx9DJwqXnAf3h+TB9
ySB5hJt3Pu2VgwRoKgg33jfslZ/g+KFskijEBny7BWyckigXB3usWq9WgwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJQ+w4sWpTpbGmB0uguHTsKOSPiuMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbEQ3RGl4YWxPbHNhWUhTNkM0ZE93bzVJLUs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAE7aRxJwqAItP0y60mfn
nmRLP5WjRUJORolGdprJxJh7NabEZCAc0KsOd8vHNvtcPmSN7rlfemstaMNFXLrU
JeQTIVZpBnC32eef7Oiq7qpd12n6R+u2iRpmPPlVVTz02F4Jdq5ZykJ7V9dvgVHw
rXMyJdWvIWzEV6EObimQFGbAxXvFpZxNO+lWyzPjXqjt7M75YKczL08XB6Iz068+
0YnC3C5E5ER3hlx7DW8xkRxk3uDyUtD4vx/Ng4AhYp/NmT3SlcbeYteRh3k7zHcB
QPo0P+eADSlAlnaYG+kzfTYgZhe9OpqUMHr6BVdAeElK813+cemhc6deDimJQMZb
Zhk=
-----END CERTIFICATE-----