Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/mvImoglxouM-QxCqf1wXZ_AW6fQ.roa
File:                     mvImoglxouM-QxCqf1wXZ_AW6fQ.roa (raw, json)
Hash identifier:          bWup7a4uUl/cBQ+bG3a4tgmo16GWkVOjlgRy4kkt/2Q=
Subject key identifier:   9A:F2:26:A2:09:71:A2:E3:3E:43:10:AA:7F:5C:17:67:F0:16:E9:F4
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018797113B88B88794BAD12FB2E5E0693DC0
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/mvImoglxouM-QxCqf1wXZ_AW6fQ.roa
Signing time:             Wed 19 Apr 2023 01:11:41 +0000
ROA not before:           Wed 19 Apr 2023 01:11:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:97:11:3b:88:b8:87:94:ba:d1:2f:b2:e5:e0:69:3d:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 19 01:11:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9af226a20971a2e33e4310aa7f5c1767f016e9f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:1b:b5:ec:45:31:a4:21:14:3d:63:61:46:15:
                    49:08:3e:16:8f:21:79:4c:45:ba:19:56:86:c6:06:
                    09:0c:57:f7:c9:22:62:65:a2:ba:49:d5:b7:d6:ef:
                    48:2a:22:75:25:b9:13:78:b5:60:83:37:25:9b:e4:
                    8f:01:ee:17:83:fc:46:7e:aa:d2:72:a4:a9:8e:c1:
                    c2:41:ea:fc:a7:df:b0:49:3b:90:39:a0:1e:f6:b4:
                    17:3d:34:7d:ee:2e:3e:d1:5d:ca:b7:49:95:60:42:
                    83:e4:73:be:20:9d:fd:8b:a3:f4:98:da:55:52:40:
                    dc:98:69:f7:67:a8:50:3f:1a:44:af:a2:98:bc:9f:
                    10:fa:04:0a:34:43:3d:9e:f7:ac:99:fc:b0:de:7a:
                    73:97:18:11:73:83:6e:97:e4:7b:5b:a5:39:fd:f9:
                    2b:1e:ba:7c:ca:19:7d:68:c5:36:88:ea:a6:12:83:
                    7b:80:56:9f:93:58:bb:f7:65:6f:54:8e:6d:8d:59:
                    41:f9:76:9b:37:54:08:b8:06:2e:ed:42:07:f9:6a:
                    d5:89:69:19:cb:55:15:9a:97:77:88:e2:54:d3:fc:
                    da:81:09:39:92:8b:93:b0:89:f6:55:c4:fb:bb:04:
                    51:33:7e:38:27:38:51:61:00:ad:78:3d:68:e7:cc:
                    9b:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:F2:26:A2:09:71:A2:E3:3E:43:10:AA:7F:5C:17:67:F0:16:E9:F4
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/mvImoglxouM-QxCqf1wXZ_AW6fQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         48:42:f1:0b:c4:2d:a1:7b:99:97:75:2a:d5:e0:b7:8e:e3:69:
         29:65:a2:27:c4:06:7e:fd:ee:47:6e:60:66:84:0b:8a:ed:71:
         ff:c1:69:e4:7b:1b:7a:d6:68:64:b5:4f:95:f2:89:15:20:5b:
         4e:e5:ff:ab:08:a9:e0:74:40:4d:f5:e5:f8:36:f5:8c:a8:62:
         00:49:61:0c:ba:ae:54:bc:a0:82:47:ff:dc:de:a4:16:42:67:
         f3:b5:31:10:27:17:f3:8f:90:6d:70:27:60:fb:41:a6:84:85:
         86:0f:27:ec:51:dd:b8:43:61:db:29:b6:a9:cd:8e:10:05:09:
         af:76:85:7e:b2:70:7a:94:8e:fd:38:2c:0e:1e:52:40:d3:48:
         ae:49:f2:ce:bc:aa:5c:4f:36:a1:f6:16:fd:1a:01:61:d0:ff:
         3d:f2:be:ae:d2:13:ea:1d:86:5a:35:bf:e1:0d:c3:8f:c2:97:
         b0:93:41:fe:f1:f3:9a:b8:6b:3b:67:e7:80:7e:91:8f:21:40:
         22:96:1d:c8:9e:64:74:5c:e5:e0:04:c9:9b:b4:f8:95:2f:1c:
         66:9f:f3:69:05:bc:9f:19:a0:74:0e:7d:75:0f:bf:54:27:ad:
         3c:5f:12:aa:2c:0b:ec:3d:32:39:52:53:96:04:b5:24:94:39:
         5b:49:b6:db
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYeXETuIuIeUutEvsuXgaT3AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDE5MDExMTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWYyMjZhMjA5NzFhMmUzM2U0MzEwYWE3ZjVjMTc2N2YwMTZlOWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Bu17EUxpCEUPWNhRhVJCD4WjyF5
TEW6GVaGxgYJDFf3ySJiZaK6SdW31u9IKiJ1JbkTeLVggzclm+SPAe4Xg/xGfqrS
cqSpjsHCQer8p9+wSTuQOaAe9rQXPTR97i4+0V3Kt0mVYEKD5HO+IJ39i6P0mNpV
UkDcmGn3Z6hQPxpEr6KYvJ8Q+gQKNEM9nvesmfyw3npzlxgRc4Nul+R7W6U5/fkr
Hrp8yhl9aMU2iOqmEoN7gFafk1i792VvVI5tjVlB+XabN1QIuAYu7UIH+WrViWkZ
y1UVmpd3iOJU0/zagQk5kouTsIn2VcT7uwRRM344JzhRYQCteD1o58ybkwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJryJqIJcaLjPkMQqn9cF2fwFun0MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbXZJbW9nbHhvdU0tUXhDcWYxd1haX0FXNmZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEhC8QvELaF7mZd1KtXg
t47jaSlloifEBn797kduYGaEC4rtcf/BaeR7G3rWaGS1T5XyiRUgW07l/6sIqeB0
QE315fg29YyoYgBJYQy6rlS8oIJH/9zepBZCZ/O1MRAnF/OPkG1wJ2D7QaaEhYYP
J+xR3bhDYdsptqnNjhAFCa92hX6ycHqUjv04LA4eUkDTSK5J8s68qlxPNqH2Fv0a
AWHQ/z3yvq7SE+odhlo1v+ENw4/Cl7CTQf7x85q4aztn54B+kY8hQCKWHcieZHRc
5eAEyZu0+JUvHGaf82kFvJ8ZoHQOfXUPv1QnrTxfEqosC+w9MjlSU5YEtSSUOVtJ
tts=
-----END CERTIFICATE-----