Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/lpZvkYloPjnksITl1jFTkCaaGg4.roa
File:                     lpZvkYloPjnksITl1jFTkCaaGg4.roa (raw, json)
Hash identifier:          BW7wrw6FEZZ3JqzakZW9/SMxCTUdELal64Kz4I+HtJs=
Subject key identifier:   96:96:6F:91:89:68:3E:39:E4:B0:84:E5:D6:31:53:90:26:9A:1A:0E
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187F12A79F80F125112A81F4D3C72D16EA1
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/lpZvkYloPjnksITl1jFTkCaaGg4.roa
Signing time:             Sat 06 May 2023 13:05:05 +0000
ROA not before:           Sat 06 May 2023 13:05:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:187:f129:9c72/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:f1:2a:79:f8:0f:12:51:12:a8:1f:4d:3c:72:d1:6e:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  6 13:05:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=96966f9189683e39e4b084e5d6315390269a1a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ae:93:a8:5d:b3:67:04:1e:52:b4:97:12:bf:
                    08:2a:d2:1a:d7:e9:a8:71:ae:f0:26:a5:ca:1a:3f:
                    47:43:12:3b:29:4a:e4:6b:58:34:fd:e2:90:01:7b:
                    a4:38:b3:a8:74:09:19:bb:2a:0e:f8:62:e0:dd:ab:
                    5d:79:1f:cb:ad:95:ce:fc:f8:88:ae:6e:2d:99:f3:
                    11:f4:51:cb:d7:2b:be:bc:42:4d:3e:a6:0c:41:ca:
                    31:4b:81:af:68:30:69:93:83:23:1f:1f:22:f6:8a:
                    c7:9b:ba:ce:65:82:88:8e:a3:30:f8:06:dd:c5:3e:
                    b4:06:21:2e:99:94:7f:dd:20:33:0a:91:04:8e:80:
                    0b:d5:2c:c3:6f:5f:bc:76:e8:00:f1:53:00:14:cd:
                    14:25:2c:e9:70:18:03:b8:ef:94:06:79:84:75:b3:
                    8e:6c:39:81:76:b2:e8:18:a8:7e:4f:fa:ed:d0:84:
                    db:ca:65:ea:c3:82:69:37:94:db:79:bd:df:9f:ae:
                    ce:7b:2b:5f:dc:de:e7:5e:c5:03:fb:27:9d:73:07:
                    7c:1e:96:51:8c:3d:3c:9c:fd:a4:e2:cb:04:69:10:
                    fe:33:22:a7:84:5f:77:d3:4d:fc:fa:29:89:e4:bc:
                    bc:bd:da:d7:0d:1e:b4:e0:99:7f:a1:86:1f:f4:c4:
                    d2:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:96:6F:91:89:68:3E:39:E4:B0:84:E5:D6:31:53:90:26:9A:1A:0E
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/lpZvkYloPjnksITl1jFTkCaaGg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:3a:29:36:ea:70:b1:e2:4b:bb:e1:63:5d:dd:c7:fd:74:23:
         15:b7:9c:c0:bb:3c:70:44:29:b5:19:d2:62:0c:02:a2:1d:8c:
         98:06:89:11:fc:0e:93:6f:ed:91:3c:37:60:1c:49:95:46:ec:
         0c:96:5f:c5:04:19:7e:8c:b1:c3:24:74:ed:35:26:70:cd:98:
         7b:84:51:cf:12:ef:c7:d5:2a:5f:43:25:88:2e:e2:a7:f2:9d:
         1c:1a:3e:df:0a:e0:ec:1d:3f:ce:c5:51:31:54:53:91:f5:ce:
         d2:6a:7b:f9:ed:93:44:cd:37:74:18:ad:02:00:59:13:a1:26:
         b1:56:88:44:1a:03:d7:6e:fd:d7:c0:18:7a:3b:cc:29:61:ea:
         43:10:3e:29:e5:69:7b:d1:59:3c:e6:e4:86:37:61:41:29:da:
         bb:f2:c4:39:b3:2c:9f:01:38:17:d6:94:d4:4a:b2:26:9a:ed:
         56:db:32:a2:ac:fd:56:6a:b2:86:e0:82:7b:b1:26:03:a9:0d:
         c5:b8:d2:cd:08:1f:cc:d0:f8:d8:d0:d2:df:5f:32:bf:b1:b1:
         f4:21:51:5d:51:34:cf:4d:8e:b0:6e:df:10:b3:cc:b5:22:b9:
         05:1f:e3:a5:e9:19:35:2e:92:9d:aa:c9:25:87:e8:de:c9:9a:
         0e:80:55:08
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfxKnn4DxJREqgfTTxy0W6hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA2MTMwNTA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Njk2NmY5MTg5NjgzZTM5ZTRiMDg0ZTVkNjMxNTM5MDI2OWExYTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm66TqF2zZwQeUrSXEr8IKtIa1+mo
ca7wJqXKGj9HQxI7KUrka1g0/eKQAXukOLOodAkZuyoO+GLg3atdeR/LrZXO/PiI
rm4tmfMR9FHL1yu+vEJNPqYMQcoxS4GvaDBpk4MjHx8i9orHm7rOZYKIjqMw+Abd
xT60BiEumZR/3SAzCpEEjoAL1SzDb1+8dugA8VMAFM0UJSzpcBgDuO+UBnmEdbOO
bDmBdrLoGKh+T/rt0ITbymXqw4JpN5Tbeb3fn67Oeytf3N7nXsUD+yedcwd8HpZR
jD08nP2k4ssEaRD+MyKnhF930038+imJ5Ly8vdrXDR604Jl/oYYf9MTSeQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJaWb5GJaD455LCE5dYxU5AmmhoOMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbHBadmtZbG9Qam5rc0lUbDFqRlRrQ2FhR2c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABU6KTbqcLHiS7vhY13d
x/10IxW3nMC7PHBEKbUZ0mIMAqIdjJgGiRH8DpNv7ZE8N2AcSZVG7AyWX8UEGX6M
scMkdO01JnDNmHuEUc8S78fVKl9DJYgu4qfynRwaPt8K4OwdP87FUTFUU5H1ztJq
e/ntk0TNN3QYrQIAWROhJrFWiEQaA9du/dfAGHo7zClh6kMQPinlaXvRWTzm5IY3
YUEp2rvyxDmzLJ8BOBfWlNRKsiaa7VbbMqKs/VZqsobggnuxJgOpDcW40s0IH8zQ
+NjQ0t9fMr+xsfQhUV1RNM9NjrBu3xCzzLUiuQUf46XpGTUukp2qySWH6N7Jmg6A
VQg=
-----END CERTIFICATE-----