Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/lZCh_0lldeecZStvTz3H-KMoWd8.roa
File:                     lZCh_0lldeecZStvTz3H-KMoWd8.roa (raw, json)
Hash identifier:          V1SEt31XGPiKj2e/3/2Bq5kZ5PZkXMyx8+AAO/9eIhc=
Subject key identifier:   95:90:A1:FF:49:65:75:E7:9C:65:2B:6F:4F:3D:C7:F8:A3:28:59:DF
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01875DFC835CC5C159346449B01CC0A08DE3
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/lZCh_0lldeecZStvTz3H-KMoWd8.roa
Signing time:             Fri 07 Apr 2023 23:10:42 +0000
ROA not before:           Fri 07 Apr 2023 23:10:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:5d:fc:83:5c:c5:c1:59:34:64:49:b0:1c:c0:a0:8d:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  7 23:10:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9590a1ff496575e79c652b6f4f3dc7f8a32859df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:87:34:71:91:65:44:99:ba:e2:61:4b:42:f8:
                    fc:9c:43:34:0b:54:bd:63:38:9d:84:e3:b1:03:cb:
                    38:de:b4:43:62:c9:2d:08:b5:8d:fd:2e:9d:c6:1c:
                    40:54:6e:2f:8f:0d:f7:f8:10:69:db:1e:35:30:6d:
                    9e:b9:55:eb:68:41:55:65:34:9b:fa:45:44:55:8a:
                    16:e0:87:e3:6a:5a:7b:18:f9:c6:8c:3e:e0:ca:88:
                    39:43:67:dd:06:66:b7:2b:12:92:27:13:12:e5:29:
                    29:b5:21:91:4f:9d:53:4e:27:20:2a:52:25:a9:b8:
                    83:28:02:13:4c:77:f9:ad:31:e9:96:5f:c6:0e:cf:
                    30:ba:98:a4:0f:6f:31:7c:e5:fe:87:7c:17:d2:39:
                    99:e3:11:25:11:84:e3:15:ed:c2:18:f0:f4:d6:0a:
                    84:18:73:a1:b7:34:ac:d0:4c:6f:83:1b:63:66:22:
                    28:c2:c9:d1:0e:8d:ac:29:d0:4a:1a:66:58:33:15:
                    44:31:ae:5d:55:28:bf:31:65:6f:54:bc:69:0c:2f:
                    d0:bf:33:10:d0:57:fa:f8:a8:8b:cd:ef:d5:76:d3:
                    32:f7:c7:b9:b5:99:4b:9f:bd:bd:28:89:c3:e3:d8:
                    22:9e:89:b3:d6:f3:3d:c6:bd:b4:12:20:90:e5:b5:
                    01:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:90:A1:FF:49:65:75:E7:9C:65:2B:6F:4F:3D:C7:F8:A3:28:59:DF
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/lZCh_0lldeecZStvTz3H-KMoWd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         4f:fa:cf:ea:00:3f:c8:34:94:0e:b8:9d:26:fb:50:4e:04:4c:
         d8:db:27:58:b8:a5:5b:c1:d2:09:50:8f:ef:eb:a5:1b:f3:37:
         9c:5c:c6:8d:6c:1e:1a:47:44:ff:6b:fc:1f:e5:18:75:04:5c:
         41:f6:ed:e0:e4:6b:02:b1:32:fd:30:10:b1:fb:3a:5c:a4:cb:
         a6:aa:bb:14:a6:62:f3:3e:59:78:21:81:23:4f:c4:03:73:ef:
         d2:b5:c9:9c:18:4c:0a:dc:52:d2:2c:27:f9:4d:62:2a:2d:50:
         87:6a:bc:13:9f:41:f7:2a:9a:c5:b7:21:57:ee:f8:4e:02:e4:
         4d:ea:c1:64:43:9b:8b:bd:94:65:b9:7c:aa:0a:3c:f9:94:04:
         0c:6f:2f:42:6c:b3:6d:1a:55:99:e9:62:98:08:e7:e8:e0:78:
         df:44:07:40:a1:5f:7e:96:0d:e7:ae:f0:56:ff:44:51:58:07:
         ff:28:0d:3f:b4:2f:f0:de:77:35:83:14:56:ff:3c:17:a6:83:
         98:a9:7c:85:2e:3d:d8:ad:ab:53:65:e5:8c:c7:6b:af:f9:88:
         81:92:19:77:38:01:91:cf:a1:4a:63:34:7c:a7:4c:ef:e5:b0:
         cf:da:5e:f7:c9:3e:18:9b:b0:aa:7b:c7:13:11:53:0a:70:96:
         31:ea:8f:f5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdd/INcxcFZNGRJsBzAoI3jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDA3MjMxMDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTkwYTFmZjQ5NjU3NWU3OWM2NTJiNmY0ZjNkYzdmOGEzMjg1OWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlIc0cZFlRJm64mFLQvj8nEM0C1S9
YzidhOOxA8s43rRDYsktCLWN/S6dxhxAVG4vjw33+BBp2x41MG2euVXraEFVZTSb
+kVEVYoW4Ifjalp7GPnGjD7gyog5Q2fdBma3KxKSJxMS5SkptSGRT51TTicgKlIl
qbiDKAITTHf5rTHpll/GDs8wupikD28xfOX+h3wX0jmZ4xElEYTjFe3CGPD01gqE
GHOhtzSs0ExvgxtjZiIowsnRDo2sKdBKGmZYMxVEMa5dVSi/MWVvVLxpDC/QvzMQ
0Ff6+KiLze/VdtMy98e5tZlLn729KInD49ginomz1vM9xr20EiCQ5bUBBwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJWQof9JZXXnnGUrb089x/ijKFnfMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbFpDaF8wbGxkZWVjWlN0dlR6M0gtS01vV2Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAE/6z+oAP8g0lA64nSb7
UE4ETNjbJ1i4pVvB0glQj+/rpRvzN5xcxo1sHhpHRP9r/B/lGHUEXEH27eDkawKx
Mv0wELH7Olyky6aquxSmYvM+WXghgSNPxANz79K1yZwYTArcUtIsJ/lNYiotUIdq
vBOfQfcqmsW3IVfu+E4C5E3qwWRDm4u9lGW5fKoKPPmUBAxvL0Jss20aVZnpYpgI
5+jgeN9EB0ChX36WDeeu8Fb/RFFYB/8oDT+0L/DedzWDFFb/PBemg5ipfIUuPdit
q1Nl5YzHa6/5iIGSGXc4AZHPoUpjNHynTO/lsM/aXvfJPhibsKp7xxMRUwpwljHq
j/U=
-----END CERTIFICATE-----