Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/mtIEySvjqjBcr1pMDoRkaSR_CPg.roa
File:                     mtIEySvjqjBcr1pMDoRkaSR_CPg.roa (raw, json)
Hash identifier:          VilNHWt84U40jqnoutLNeb6Fc/G9smG4LlEE0RYotws=
Subject key identifier:   9A:D2:04:C9:2B:E3:AA:30:5C:AF:5A:4C:0E:84:64:69:24:7F:08:F8
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018807EDDEDC79FBAFEE8C4EB881B77812B6
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/mtIEySvjqjBcr1pMDoRkaSR_CPg.roa
Signing time:             Wed 10 May 2023 23:10:09 +0000
ROA not before:           Wed 10 May 2023 23:10:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:07:ed:de:dc:79:fb:af:ee:8c:4e:b8:81:b7:78:12:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 10 23:10:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9ad204c92be3aa305caf5a4c0e846469247f08f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:f1:f8:46:fe:7f:78:8e:d0:53:b7:29:ac:cf:
                    37:a3:4a:98:48:f0:41:d4:87:6f:ea:e7:51:6e:17:
                    14:3f:53:bb:e4:7d:51:a1:2a:3d:c8:92:bd:78:17:
                    c9:55:67:e9:f8:f5:99:66:35:d5:c3:33:17:63:08:
                    ff:52:5d:d7:62:2d:53:36:08:c1:cb:d9:1f:d3:a2:
                    c5:8b:94:a8:dc:25:ba:8e:41:eb:7c:36:67:4d:04:
                    9f:e7:8d:3c:da:31:1c:07:83:86:cc:a1:59:8a:d4:
                    d5:67:07:d8:06:e5:88:2b:cf:7a:6d:52:6e:fa:a5:
                    86:14:b7:ef:3b:d7:83:f5:fb:23:20:a2:75:91:a4:
                    a3:ec:a0:c3:5e:ea:8b:a8:30:d5:ff:7f:69:c2:ba:
                    b5:5a:dc:fa:62:13:61:76:1d:cf:df:2a:99:1f:65:
                    59:d7:26:45:95:d3:85:a2:f4:2d:b2:54:96:4b:ae:
                    3e:ed:59:d8:41:9a:9c:59:1d:49:2d:c0:2a:a4:06:
                    ec:73:20:21:db:ba:5e:28:e2:d7:ca:66:a4:66:ba:
                    22:ed:be:19:10:ce:f2:06:2d:cc:ae:28:bd:a1:2b:
                    30:97:30:5d:2e:7f:52:21:32:fb:37:ef:cc:e7:76:
                    22:28:a9:66:43:0e:2d:38:f8:b7:82:4f:cc:6a:8a:
                    63:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:D2:04:C9:2B:E3:AA:30:5C:AF:5A:4C:0E:84:64:69:24:7F:08:F8
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/mtIEySvjqjBcr1pMDoRkaSR_CPg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:aa:d4:0f:4c:71:d9:55:ea:72:d2:0a:de:26:31:60:01:ef:
         cd:97:c8:8e:a7:2e:b2:bd:60:d4:47:2c:84:23:37:f8:ee:fb:
         91:7a:83:35:71:b8:85:74:1b:00:32:3c:55:a7:0f:01:eb:bc:
         e7:e3:2a:2c:a7:f9:77:46:ce:90:d6:c8:9c:6f:a1:1c:5b:6c:
         13:17:65:25:84:0d:fd:44:7b:a1:ca:c5:8c:f0:84:54:12:4c:
         33:c5:5d:8b:b1:da:16:93:32:14:5b:58:49:b5:06:30:96:3b:
         39:55:62:af:b8:81:f9:b0:d0:ca:6b:ed:32:7f:69:d6:ea:bf:
         e3:63:45:09:50:43:f2:31:1b:16:fa:19:4c:6f:41:7d:30:35:
         0a:3d:c9:c1:71:31:12:eb:9c:d0:95:12:20:7a:aa:a1:2b:0e:
         47:5e:30:56:fa:47:d7:5b:20:c9:fd:e0:d9:e5:d6:a0:5e:e0:
         f1:74:78:6a:90:16:50:b6:3e:c9:20:d0:76:52:29:b3:5b:c6:
         1e:3d:4e:14:49:dc:8b:cd:c3:92:0a:b3:f9:b6:d2:73:d3:86:
         18:16:44:01:9c:ab:20:c7:be:01:60:cb:63:45:7c:b8:45:98:
         ff:5f:93:1d:9a:37:47:7a:2e:6b:47:34:9b:8c:5b:72:a4:df:
         40:a8:0b:72
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgH7d7cefuv7oxOuIG3eBK2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTEwMjMxMDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWQyMDRjOTJiZTNhYTMwNWNhZjVhNGMwZTg0NjQ2OTI0N2YwOGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/H4Rv5/eI7QU7cprM83o0qYSPBB
1Idv6udRbhcUP1O75H1RoSo9yJK9eBfJVWfp+PWZZjXVwzMXYwj/Ul3XYi1TNgjB
y9kf06LFi5So3CW6jkHrfDZnTQSf54082jEcB4OGzKFZitTVZwfYBuWIK896bVJu
+qWGFLfvO9eD9fsjIKJ1kaSj7KDDXuqLqDDV/39pwrq1Wtz6YhNhdh3P3yqZH2VZ
1yZFldOFovQtslSWS64+7VnYQZqcWR1JLcAqpAbscyAh27peKOLXymakZroi7b4Z
EM7yBi3Mrii9oSswlzBdLn9SITL7N+/M53YiKKlmQw4tOPi3gk/MaopjQwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJrSBMkr46owXK9aTA6EZGkkfwj4MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbXRJRXlTdmpxakJjcjFwTURvUmthU1JfQ1BnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADKq1A9McdlV6nLSCt4m
MWAB782XyI6nLrK9YNRHLIQjN/ju+5F6gzVxuIV0GwAyPFWnDwHrvOfjKiyn+XdG
zpDWyJxvoRxbbBMXZSWEDf1Ee6HKxYzwhFQSTDPFXYux2haTMhRbWEm1BjCWOzlV
Yq+4gfmw0Mpr7TJ/adbqv+NjRQlQQ/IxGxb6GUxvQX0wNQo9ycFxMRLrnNCVEiB6
qqErDkdeMFb6R9dbIMn94Nnl1qBe4PF0eGqQFlC2Pskg0HZSKbNbxh49ThRJ3IvN
w5IKs/m20nPThhgWRAGcqyDHvgFgy2NFfLhFmP9fkx2aN0d6LmtHNJuMW3Kk30Co
C3I=
-----END CERTIFICATE-----