Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/mQ4DKx6eUcWoslMKEBFUv3P-Vak.roa
File:                     mQ4DKx6eUcWoslMKEBFUv3P-Vak.roa (raw, json)
Hash identifier:          X5MeX/KmVWX1qwBdgiOxrzKte7inlvW/yVOJXQQNEi8=
Subject key identifier:   99:0E:03:2B:1E:9E:51:C5:A8:B2:53:0A:10:11:54:BF:73:FE:55:A9
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018833482047028652B2468AB511B7908D05
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/mQ4DKx6eUcWoslMKEBFUv3P-Vak.roa
Signing time:             Fri 19 May 2023 09:12:24 +0000
ROA not before:           Fri 19 May 2023 09:12:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:33:48:20:47:02:86:52:b2:46:8a:b5:11:b7:90:8d:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 19 09:12:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=990e032b1e9e51c5a8b2530a101154bf73fe55a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ba:b8:fd:84:0c:95:68:97:e3:ca:06:55:7b:
                    86:71:46:32:2c:ab:4f:86:54:e5:6f:95:48:42:a6:
                    4d:8b:5a:98:31:bc:13:61:ce:a6:5c:d1:f6:e8:58:
                    f7:2b:3d:26:a3:1a:af:ed:1c:a8:33:f4:db:be:a7:
                    cb:c9:fa:c6:30:6f:bd:ae:df:7e:93:7f:91:b1:30:
                    74:72:50:d2:92:8e:1e:78:3f:29:8a:71:4e:07:6e:
                    dd:7a:02:b2:5a:bb:78:55:27:aa:05:cc:85:83:70:
                    60:17:d3:eb:7e:5b:49:e7:f6:23:51:45:0c:0a:aa:
                    94:5a:28:fe:39:5b:05:48:ec:58:76:41:4e:b8:a7:
                    89:e1:10:e1:59:ea:ec:6c:e1:fe:9d:01:40:78:e4:
                    23:d9:ef:ef:c1:25:3c:42:9b:bd:bc:53:15:d9:96:
                    25:33:ad:24:58:d1:68:d7:b5:fa:4f:22:26:53:47:
                    71:93:75:42:1b:49:5a:98:2b:00:3d:77:86:80:d3:
                    e7:04:09:d5:1f:19:e6:9e:2f:fe:6b:83:9b:62:33:
                    28:39:b3:fa:89:26:57:85:79:0b:b6:3f:9c:4f:b1:
                    bc:3a:ab:25:81:b7:1f:87:47:cd:93:03:5a:39:01:
                    eb:cb:d7:06:4a:00:90:47:05:d2:49:10:fd:d6:d5:
                    cb:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:0E:03:2B:1E:9E:51:C5:A8:B2:53:0A:10:11:54:BF:73:FE:55:A9
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/mQ4DKx6eUcWoslMKEBFUv3P-Vak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         81:16:a1:c1:4f:34:35:ed:cd:a1:e8:dc:7b:01:60:85:5a:7e:
         9e:de:2c:3c:ca:c6:54:d5:89:33:9c:f3:92:b8:eb:1d:08:79:
         c8:39:36:85:fd:4d:92:33:6e:fd:71:d4:f3:a2:a6:8b:f0:81:
         7b:a9:a9:44:de:24:ac:06:2a:ae:94:49:00:28:a2:d4:fe:84:
         2e:97:9f:74:47:8d:f9:11:34:b9:0b:0e:23:a5:e0:02:0e:bb:
         f9:bd:a1:00:40:bd:81:5d:3d:d7:9c:f4:db:4e:1c:fa:12:9b:
         93:1e:d1:4f:12:fb:68:8d:6f:52:7e:85:86:2f:17:6c:94:81:
         54:a8:a3:71:5b:da:99:cf:1e:1d:5e:67:ad:a4:dd:47:dc:66:
         c5:e9:29:00:6f:79:1e:94:62:e1:7e:9d:0d:ec:09:13:25:9c:
         3f:64:e1:c2:ef:8b:14:42:9f:fd:7b:68:48:e0:9c:ba:f7:a7:
         6b:08:06:26:3d:c8:7e:0f:a0:f8:f1:fa:d3:86:9e:16:f2:e3:
         db:29:00:cb:09:ce:bc:61:83:49:4e:f5:39:3c:62:6e:34:c3:
         87:e3:c8:f9:17:3a:b9:94:92:9f:94:61:3d:c4:18:67:d8:fd:
         24:28:be:c3:0c:da:9e:5c:f0:86:5d:5d:3d:d1:36:fc:32:6a:
         bb:57:ea:1a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgzSCBHAoZSskaKtRG3kI0FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTE5MDkxMjI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTBlMDMyYjFlOWU1MWM1YThiMjUzMGExMDExNTRiZjczZmU1NWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmrq4/YQMlWiX48oGVXuGcUYyLKtP
hlTlb5VIQqZNi1qYMbwTYc6mXNH26Fj3Kz0moxqv7RyoM/TbvqfLyfrGMG+9rt9+
k3+RsTB0clDSko4eeD8pinFOB27degKyWrt4VSeqBcyFg3BgF9PrfltJ5/YjUUUM
CqqUWij+OVsFSOxYdkFOuKeJ4RDhWersbOH+nQFAeOQj2e/vwSU8Qpu9vFMV2ZYl
M60kWNFo17X6TyImU0dxk3VCG0lamCsAPXeGgNPnBAnVHxnmni/+a4ObYjMoObP6
iSZXhXkLtj+cT7G8Oqslgbcfh0fNkwNaOQHry9cGSgCQRwXSSRD91tXLcwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJkOAysenlHFqLJTChARVL9z/lWpMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbVE0REt4NmVVY1dvc2xNS0VCRlV2M1AtVmFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIEWocFPNDXtzaHo3HsB
YIVafp7eLDzKxlTViTOc85K46x0Iecg5NoX9TZIzbv1x1POipovwgXupqUTeJKwG
Kq6USQAootT+hC6Xn3RHjfkRNLkLDiOl4AIOu/m9oQBAvYFdPdec9NtOHPoSm5Me
0U8S+2iNb1J+hYYvF2yUgVSoo3Fb2pnPHh1eZ62k3UfcZsXpKQBveR6UYuF+nQ3s
CRMlnD9k4cLvixRCn/17aEjgnLr3p2sIBiY9yH4PoPjx+tOGnhby49spAMsJzrxh
g0lO9Tk8Ym40w4fjyPkXOrmUkp+UYT3EGGfY/SQovsMM2p5c8IZdXT3RNvwyartX
6ho=
-----END CERTIFICATE-----