Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/mFrejpfCFW93_uY5qrQaLykWh0g.roa
File:                     mFrejpfCFW93_uY5qrQaLykWh0g.roa (raw, json)
Hash identifier:          JnLhycGJqakRUrR0ms1Ls19R+6khNbKAJUS7QY8I92U=
Subject key identifier:   98:5A:DE:8E:97:C2:15:6F:77:FE:E6:39:AA:B4:1A:2F:29:16:87:48
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01875F0F2C0A4734B11257CDE31EB9C3BE9F
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/mFrejpfCFW93_uY5qrQaLykWh0g.roa
Signing time:             Sat 08 Apr 2023 04:10:42 +0000
ROA not before:           Sat 08 Apr 2023 04:10:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:5f:0f:2c:0a:47:34:b1:12:57:cd:e3:1e:b9:c3:be:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  8 04:10:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=985ade8e97c2156f77fee639aab41a2f29168748
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:06:2e:03:5b:77:08:a3:4c:1f:4a:b5:b1:7f:
                    59:b0:2a:63:d2:4a:fd:1c:23:ac:52:36:17:02:09:
                    69:05:ea:92:a9:d8:12:43:ac:28:73:c8:df:e9:f7:
                    35:0b:61:4d:21:a2:c6:42:99:1d:54:ff:45:48:9c:
                    62:d6:32:b3:74:b8:15:09:9c:2e:52:91:a4:50:b2:
                    2b:f3:08:d4:18:1c:f9:3a:9c:8d:bf:4c:d0:83:96:
                    5f:f9:13:f9:c9:e7:6c:79:35:b8:d0:56:99:4d:7e:
                    c6:bd:6c:5a:a0:55:8a:77:59:97:25:21:0b:b0:23:
                    b2:85:83:de:98:5c:73:4a:9a:cb:54:d8:c1:54:3e:
                    91:e8:b8:8b:23:6c:2e:85:72:16:4e:c5:a8:78:ce:
                    57:e8:c6:85:b3:f7:37:00:2a:4c:95:82:1b:13:03:
                    97:07:44:3c:04:4c:33:43:43:4c:89:c1:94:28:b8:
                    94:0d:21:3e:81:d5:30:48:fa:e1:97:57:b0:a2:c3:
                    f6:65:1e:d6:1a:b4:4e:ee:9a:fb:6a:77:a7:86:e1:
                    fd:76:0f:ac:66:0b:c3:99:a8:74:f8:da:1e:fc:73:
                    04:c9:0e:7f:45:7b:e3:74:0c:1a:ab:58:7e:b3:da:
                    81:68:a3:23:94:9a:57:dc:4a:12:6f:26:ea:bc:13:
                    ef:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:5A:DE:8E:97:C2:15:6F:77:FE:E6:39:AA:B4:1A:2F:29:16:87:48
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/mFrejpfCFW93_uY5qrQaLykWh0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:55:2f:4a:3c:cc:0a:b3:c0:3c:9f:12:0f:a7:b7:69:ec:b4:
         54:7d:43:33:fb:3f:3d:70:86:f0:15:89:2c:6d:66:42:f7:b9:
         09:46:7b:de:88:c2:72:8e:ba:84:86:ff:fd:d1:ef:b7:3f:37:
         77:6f:98:59:1e:5a:ca:fd:80:46:39:84:20:84:6f:34:d8:92:
         08:e4:d7:c9:c1:56:7b:90:1d:3e:26:63:d8:f1:a5:16:fa:eb:
         d8:fa:3b:a5:22:79:1a:53:d4:eb:a8:c7:f5:4c:35:58:64:48:
         2a:82:d6:51:a7:95:ff:f2:ce:6b:d1:dc:50:43:a8:0a:c4:95:
         0b:27:3c:48:eb:81:e3:42:d1:d7:fa:da:68:36:2b:01:f3:61:
         84:21:7f:ab:e2:b5:9f:54:78:93:98:26:31:9c:3c:ab:08:d9:
         f0:73:80:6c:40:01:9f:02:0b:84:49:1e:27:7f:64:4a:fa:9e:
         51:da:ab:e3:dc:25:39:d8:ba:53:6d:38:52:bd:a8:9c:86:5f:
         57:1c:f2:e0:cd:1f:92:0c:53:94:26:05:ca:26:c8:01:55:37:
         06:d0:22:c8:fc:e4:b3:7c:4b:7b:dc:69:8c:af:7c:83:75:67:
         04:4d:95:97:4d:38:2a:e0:3a:c0:61:24:c0:c8:78:48:75:45:
         3f:9b:10:76
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdfDywKRzSxElfN4x65w76fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDA4MDQxMDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODVhZGU4ZTk3YzIxNTZmNzdmZWU2MzlhYWI0MWEyZjI5MTY4NzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmAYuA1t3CKNMH0q1sX9ZsCpj0kr9
HCOsUjYXAglpBeqSqdgSQ6woc8jf6fc1C2FNIaLGQpkdVP9FSJxi1jKzdLgVCZwu
UpGkULIr8wjUGBz5OpyNv0zQg5Zf+RP5yedseTW40FaZTX7GvWxaoFWKd1mXJSEL
sCOyhYPemFxzSprLVNjBVD6R6LiLI2wuhXIWTsWoeM5X6MaFs/c3ACpMlYIbEwOX
B0Q8BEwzQ0NMicGUKLiUDSE+gdUwSPrhl1ewosP2ZR7WGrRO7pr7anenhuH9dg+s
ZgvDmah0+Noe/HMEyQ5/RXvjdAwaq1h+s9qBaKMjlJpX3EoSbybqvBPvBQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJha3o6XwhVvd/7mOaq0Gi8pFodIMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbUZyZWpwZkNGVzkzX3VZNXFyUWFMeWtXaDBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAC1VL0o8zAqzwDyfEg+n
t2nstFR9QzP7Pz1whvAViSxtZkL3uQlGe96IwnKOuoSG//3R77c/N3dvmFkeWsr9
gEY5hCCEbzTYkgjk18nBVnuQHT4mY9jxpRb669j6O6UieRpT1Ouox/VMNVhkSCqC
1lGnlf/yzmvR3FBDqArElQsnPEjrgeNC0df62mg2KwHzYYQhf6vitZ9UeJOYJjGc
PKsI2fBzgGxAAZ8CC4RJHid/ZEr6nlHaq+PcJTnYulNtOFK9qJyGX1cc8uDNH5IM
U5QmBcomyAFVNwbQIsj85LN8S3vcaYyvfIN1ZwRNlZdNOCrgOsBhJMDIeEh1RT+b
EHY=
-----END CERTIFICATE-----