Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/lbTxtxL0HJA9Tn87AFtKnAZvU34.roa
File:                     lbTxtxL0HJA9Tn87AFtKnAZvU34.roa (raw, json)
Hash identifier:          BKPQErgbDa0pQi2bKcE4aQYu97aOyIDhix+BQ/Y9taA=
Subject key identifier:   95:B4:F1:B7:12:F4:1C:90:3D:4E:7F:3B:00:5B:4A:9C:06:6F:53:7E
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187B85661A473E37BE831EC301BF972835B
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/lbTxtxL0HJA9Tn87AFtKnAZvU34.roa
Signing time:             Tue 25 Apr 2023 12:14:41 +0000
ROA not before:           Tue 25 Apr 2023 12:14:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:b8:56:61:a4:73:e3:7b:e8:31:ec:30:1b:f9:72:83:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 25 12:14:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=95b4f1b712f41c903d4e7f3b005b4a9c066f537e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:d7:66:13:fa:bd:22:24:7a:bf:3b:62:d9:e1:
                    f3:81:30:2f:97:c6:60:75:e0:4f:e3:24:59:f1:42:
                    ae:01:b1:51:97:8e:35:7b:74:c2:84:d1:4f:2a:47:
                    c4:c8:94:43:e5:19:ef:1c:0a:b6:9d:3a:6b:c7:15:
                    b9:ad:1e:1b:94:de:5a:2b:17:31:1e:c3:41:3c:d9:
                    ab:a0:bb:ad:3f:4d:c5:01:68:22:e8:81:1b:a9:1f:
                    cb:27:a6:2f:9c:77:c4:e6:40:03:9a:3f:2d:8e:55:
                    88:d0:3e:06:80:70:9c:29:47:71:6f:47:58:c8:ca:
                    db:99:97:4f:98:58:b1:bc:c0:51:2f:e0:8a:4c:55:
                    4d:52:43:c0:6a:70:79:3e:e1:b9:e1:1d:02:6b:57:
                    27:8d:f8:4b:ce:07:08:9d:60:66:dc:bf:aa:3f:9a:
                    fc:66:50:0f:4d:cc:68:32:bf:26:82:d9:5c:92:ee:
                    a9:70:7b:cb:2c:71:b4:cd:f1:7a:18:18:e7:a6:e1:
                    86:82:a6:cd:58:fc:ec:65:cd:f1:33:e1:e7:6f:30:
                    5d:04:5e:00:0e:92:55:05:88:ba:39:4d:f5:47:aa:
                    c4:8b:9e:4f:23:00:a5:cb:e6:1d:df:c4:d1:66:29:
                    de:34:b0:80:72:12:6e:c7:93:cf:98:51:83:03:b0:
                    d7:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:B4:F1:B7:12:F4:1C:90:3D:4E:7F:3B:00:5B:4A:9C:06:6F:53:7E
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/lbTxtxL0HJA9Tn87AFtKnAZvU34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         05:5e:84:e1:ed:09:6b:25:54:a8:d0:24:a5:79:0a:1c:71:8f:
         90:33:0c:f2:6d:4e:c8:1a:d7:80:19:0f:78:df:eb:b0:83:95:
         b4:d4:5c:0b:a5:3d:db:a1:6a:86:b0:57:13:c0:4d:d6:28:1b:
         f7:a8:c4:b1:ca:46:bd:f7:80:2c:fc:d0:62:5e:6c:bb:17:cd:
         41:1d:23:ce:ea:81:35:db:ef:52:58:d8:b0:84:98:12:ce:17:
         b3:19:65:b7:7b:73:8e:68:d1:7d:13:a3:07:6c:dd:63:d7:14:
         4d:2d:fe:2d:b5:07:54:02:51:94:e6:1b:ec:2a:f6:0e:88:e6:
         7b:ca:60:4b:50:e4:68:46:30:e3:56:40:67:70:88:c4:cc:8a:
         b9:5c:08:5b:75:23:d6:c2:73:fa:08:a8:97:41:26:48:cf:c1:
         d6:c6:78:67:8c:78:86:71:af:84:ac:a3:b0:91:4c:b3:0f:f1:
         dd:ee:01:58:a5:fa:aa:64:b5:2e:d8:d8:18:71:bd:7b:ea:ae:
         30:75:5e:3c:c9:73:b0:c1:f8:b6:88:10:f7:6c:08:56:fa:70:
         fa:27:8e:1f:a9:f3:bc:65:8c:c4:6a:1e:42:9b:22:64:16:63:
         d4:e7:50:76:08:c6:56:89:c0:b0:b7:27:51:2d:16:5e:fc:db:
         9d:fc:f6:2d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYe4VmGkc+N76DHsMBv5coNbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDI1MTIxNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWI0ZjFiNzEyZjQxYzkwM2Q0ZTdmM2IwMDViNGE5YzA2NmY1MzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgddmE/q9IiR6vzti2eHzgTAvl8Zg
deBP4yRZ8UKuAbFRl441e3TChNFPKkfEyJRD5RnvHAq2nTprxxW5rR4blN5aKxcx
HsNBPNmroLutP03FAWgi6IEbqR/LJ6YvnHfE5kADmj8tjlWI0D4GgHCcKUdxb0dY
yMrbmZdPmFixvMBRL+CKTFVNUkPAanB5PuG54R0Ca1cnjfhLzgcInWBm3L+qP5r8
ZlAPTcxoMr8mgtlcku6pcHvLLHG0zfF6GBjnpuGGgqbNWPzsZc3xM+HnbzBdBF4A
DpJVBYi6OU31R6rEi55PIwCly+Yd38TRZineNLCAchJux5PPmFGDA7DXSQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJW08bcS9ByQPU5/OwBbSpwGb1N+MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbGJUeHR4TDBISkE5VG44N0FGdEtuQVp2VTM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAVehOHtCWslVKjQJKV5
Chxxj5AzDPJtTsga14AZD3jf67CDlbTUXAulPduhaoawVxPATdYoG/eoxLHKRr33
gCz80GJebLsXzUEdI87qgTXb71JY2LCEmBLOF7MZZbd7c45o0X0Towds3WPXFE0t
/i21B1QCUZTmG+wq9g6I5nvKYEtQ5GhGMONWQGdwiMTMirlcCFt1I9bCc/oIqJdB
JkjPwdbGeGeMeIZxr4Sso7CRTLMP8d3uAVil+qpktS7Y2BhxvXvqrjB1XjzJc7DB
+LaIEPdsCFb6cPonjh+p87xljMRqHkKbImQWY9TnUHYIxlaJwLC3J1EtFl782538
9i0=
-----END CERTIFICATE-----