Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/nU6NYO5WwPHdyTQbYf29daLRlHk.roa
File:                     nU6NYO5WwPHdyTQbYf29daLRlHk.roa (raw, json)
Hash identifier:          m62I5FtDxb8ORtaWm2cq/u6j/35PqtW8Iz8OwV6/7qs=
Subject key identifier:   9D:4E:8D:60:EE:56:C0:F1:DD:C9:34:1B:61:FD:BD:75:A2:D1:94:79
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01871EE8820A6092BF5BBE971FAE7233A9D4
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/nU6NYO5WwPHdyTQbYf29daLRlHk.roa
Signing time:             Sun 26 Mar 2023 17:12:46 +0000
ROA not before:           Sun 26 Mar 2023 17:12:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:1e:e8:82:0a:60:92:bf:5b:be:97:1f:ae:72:33:a9:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 26 17:12:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9d4e8d60ee56c0f1ddc9341b61fdbd75a2d19479
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:c5:05:aa:9f:93:8a:c6:3d:ce:6e:59:4f:e6:
                    6d:0c:37:10:cc:c0:52:02:0e:e6:01:cb:2e:36:15:
                    65:d5:99:61:24:bb:86:da:04:ba:28:7b:84:34:0a:
                    0f:62:b8:8b:d2:18:41:3c:b6:1c:93:f6:ec:35:fd:
                    ef:ff:cb:16:14:c4:8f:a8:ca:65:15:5e:ca:2f:04:
                    5f:03:64:33:a8:b8:7d:c0:c3:26:a1:29:a4:f8:78:
                    e7:fd:98:51:f9:d6:41:b9:5d:10:0a:72:06:b9:50:
                    c9:2d:c8:05:af:28:ae:6d:d2:66:8f:2d:8e:7f:54:
                    33:84:c5:3c:8b:1c:d4:15:00:54:0f:35:90:6a:34:
                    23:84:a3:20:1a:62:dd:10:78:31:b8:80:cb:eb:ca:
                    e9:6b:8b:08:9c:e2:12:c0:af:8e:a1:60:2a:57:09:
                    08:3c:e2:e1:fe:74:e4:38:a2:e5:a4:67:a4:9f:67:
                    32:4a:76:f7:21:db:16:05:d5:25:fd:8e:43:4a:0c:
                    89:db:ee:8e:91:8e:9e:b0:41:b8:94:e4:f6:3e:7c:
                    54:89:b5:f3:1f:a2:30:8a:b9:7f:f4:b3:78:b7:37:
                    61:0d:50:40:58:6f:31:df:e5:50:76:fb:17:ff:88:
                    ed:a3:c9:76:c5:18:f3:5d:6e:09:e0:cb:5d:d1:b5:
                    d3:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:4E:8D:60:EE:56:C0:F1:DD:C9:34:1B:61:FD:BD:75:A2:D1:94:79
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/nU6NYO5WwPHdyTQbYf29daLRlHk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:9c:46:af:91:f0:d6:ce:d7:92:a4:65:79:00:da:96:45:23:
         e7:0e:18:02:50:f2:b3:92:3f:b3:ee:43:b7:43:8a:22:0c:f6:
         0a:02:e5:13:be:6d:4e:40:d0:ab:0e:60:45:0a:77:ff:ed:97:
         3d:42:db:5e:9f:b8:75:be:77:b0:b6:b0:f7:55:75:79:14:15:
         bd:f8:59:23:99:40:85:21:92:8c:e8:a7:c7:da:1c:a5:b4:72:
         b0:29:34:b0:a4:2c:7b:c3:38:43:44:20:0b:66:cd:e0:3d:24:
         fa:2e:23:91:4b:5d:8a:89:d6:f3:35:10:bc:6c:6b:c9:af:96:
         db:c8:ac:8e:08:52:bf:c3:84:d8:fd:08:41:61:a3:f1:be:c7:
         50:0c:e2:4d:2d:be:57:be:97:9b:98:37:c5:64:a8:05:1e:e6:
         42:cc:0b:24:2c:2e:f1:a3:55:ea:53:a0:2d:87:ee:3f:37:d7:
         36:ca:5c:66:c9:d4:90:75:2f:10:df:ce:e0:bc:af:dc:83:60:
         bb:50:80:12:51:61:26:08:15:46:ab:df:3a:29:e8:ea:8e:b0:
         2b:58:2d:9d:bd:f2:0b:6f:e2:d4:e3:48:08:97:95:2c:e7:e5:
         98:61:e0:c6:e5:c6:58:21:56:ce:9a:4d:cb:d1:42:82:23:67:
         d7:23:9e:55
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYce6IIKYJK/W76XH65yM6nUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI2MTcxMjQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDRlOGQ2MGVlNTZjMGYxZGRjOTM0MWI2MWZkYmQ3NWEyZDE5NDc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8cUFqp+TisY9zm5ZT+ZtDDcQzMBS
Ag7mAcsuNhVl1ZlhJLuG2gS6KHuENAoPYriL0hhBPLYck/bsNf3v/8sWFMSPqMpl
FV7KLwRfA2QzqLh9wMMmoSmk+Hjn/ZhR+dZBuV0QCnIGuVDJLcgFryiubdJmjy2O
f1QzhMU8ixzUFQBUDzWQajQjhKMgGmLdEHgxuIDL68rpa4sInOISwK+OoWAqVwkI
POLh/nTkOKLlpGekn2cySnb3IdsWBdUl/Y5DSgyJ2+6OkY6esEG4lOT2PnxUibXz
H6Iwirl/9LN4tzdhDVBAWG8x3+VQdvsX/4jto8l2xRjzXW4J4Mtd0bXTaQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJ1OjWDuVsDx3ck0G2H9vXWi0ZR5MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvblU2TllPNVd3UEhkeVRRYllmMjlkYUxSbEhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAqcRq+R8NbO15KkZXkA
2pZFI+cOGAJQ8rOSP7PuQ7dDiiIM9goC5RO+bU5A0KsOYEUKd//tlz1C216fuHW+
d7C2sPdVdXkUFb34WSOZQIUhkozop8faHKW0crApNLCkLHvDOENEIAtmzeA9JPou
I5FLXYqJ1vM1ELxsa8mvltvIrI4IUr/DhNj9CEFho/G+x1AM4k0tvle+l5uYN8Vk
qAUe5kLMCyQsLvGjVepToC2H7j831zbKXGbJ1JB1LxDfzuC8r9yDYLtQgBJRYSYI
FUar3zop6OqOsCtYLZ298gtv4tTjSAiXlSzn5Zhh4MblxlghVs6aTcvRQoIjZ9cj
nlU=
-----END CERTIFICATE-----