Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ncDFu_I-x1quBhd5EwgecJu0iEQ.roa
File:                     ncDFu_I-x1quBhd5EwgecJu0iEQ.roa (raw, json)
Hash identifier:          JLSjVWzyvR1ouCblQQ/35OkUYQQstBdcklnmYIbg3KA=
Subject key identifier:   9D:C0:C5:BB:F2:3E:C7:5A:AE:06:17:79:13:08:1E:70:9B:B4:88:44
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01878D9E6886E1B1526FBD69F114A902FC88
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ncDFu_I-x1quBhd5EwgecJu0iEQ.roa
Signing time:             Mon 17 Apr 2023 05:09:41 +0000
ROA not before:           Mon 17 Apr 2023 05:09:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:8d:9e:68:86:e1:b1:52:6f:bd:69:f1:14:a9:02:fc:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 17 05:09:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9dc0c5bbf23ec75aae06177913081e709bb48844
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:1f:b0:00:09:f2:17:9b:c6:e9:76:29:6a:7e:
                    67:a6:c0:94:70:99:94:21:c1:f2:d1:28:f3:67:99:
                    d9:0c:89:25:07:96:78:ab:cc:d4:73:be:78:c2:fe:
                    93:e2:20:59:5f:83:e7:54:36:d0:e7:4d:92:3e:85:
                    51:6b:96:04:1a:a2:94:b7:9a:68:85:1f:fd:b5:c4:
                    8a:f8:e2:16:d3:b0:55:5a:32:41:76:72:5e:a6:21:
                    b4:a6:e5:d7:91:57:4d:11:a4:f5:42:e9:e7:b0:7a:
                    ba:c4:63:e9:92:86:d8:f0:cc:d3:3b:60:9c:64:57:
                    bb:2b:f8:79:11:78:a9:89:ab:f4:28:d3:75:98:c3:
                    ab:51:d2:af:89:05:8e:27:09:8f:86:b2:69:31:ea:
                    92:4e:44:a9:6c:07:33:74:07:7b:ce:41:f8:43:fb:
                    c3:15:3e:74:4b:20:06:50:d1:58:c6:81:8d:7b:07:
                    2f:59:18:d5:b8:92:42:28:a8:de:81:90:1b:9f:2c:
                    c8:13:a5:a5:03:ae:49:75:f5:61:5b:21:28:84:10:
                    cd:c0:5d:f0:57:86:c9:bb:e9:ba:e2:5c:a9:26:6b:
                    5e:c4:27:d5:81:09:ba:35:46:4e:ae:1e:e9:e4:9c:
                    c1:8d:7a:e6:06:61:43:f1:5b:db:7c:63:98:5a:52:
                    dd:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:C0:C5:BB:F2:3E:C7:5A:AE:06:17:79:13:08:1E:70:9B:B4:88:44
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ncDFu_I-x1quBhd5EwgecJu0iEQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2b:95:e1:e0:50:f6:3e:26:7a:3f:9c:67:72:13:73:ea:23:f3:
         94:7e:59:48:16:fc:93:31:a3:4d:f1:ac:fa:42:e2:8e:7b:6e:
         cf:e3:a4:82:ee:42:85:df:b7:1b:9c:1b:8f:b1:ae:e2:6f:53:
         cb:d8:7b:5d:6e:4c:1d:23:b3:0c:e4:f4:df:e8:b2:db:ea:09:
         58:09:1f:74:42:3e:72:84:3b:06:93:a9:a5:44:20:83:90:46:
         0c:a9:a8:b3:76:48:ca:98:13:a9:6f:4e:fd:6d:99:aa:a3:81:
         74:7e:e8:f6:8c:3f:fc:7e:ad:82:56:63:ef:b0:83:ed:49:ce:
         cd:2d:5d:67:7b:6b:51:0a:a3:17:11:c0:c8:6c:96:c4:3e:c2:
         c0:af:ca:53:9a:e0:e6:6d:42:2b:ed:77:01:de:29:78:31:d3:
         4b:93:49:d2:50:d1:34:86:8f:4f:dd:32:d1:bf:4c:62:6f:45:
         d6:d6:13:b0:88:62:59:70:63:28:5a:62:3c:96:80:b8:80:47:
         15:f8:ae:3d:bb:cf:ee:a8:23:8f:4f:8d:c2:a4:8c:fe:02:6f:
         69:aa:d8:f2:1e:5e:47:1a:15:6a:af:82:95:d2:c9:00:2a:cd:
         95:36:c1:99:86:5b:c9:db:55:b9:a4:a7:5a:7e:fd:84:b3:17:
         10:79:a9:96
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYeNnmiG4bFSb71p8RSpAvyIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDE3MDUwOTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGMwYzViYmYyM2VjNzVhYWUwNjE3NzkxMzA4MWU3MDliYjQ4ODQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmR+wAAnyF5vG6XYpan5npsCUcJmU
IcHy0SjzZ5nZDIklB5Z4q8zUc754wv6T4iBZX4PnVDbQ502SPoVRa5YEGqKUt5po
hR/9tcSK+OIW07BVWjJBdnJepiG0puXXkVdNEaT1QunnsHq6xGPpkobY8MzTO2Cc
ZFe7K/h5EXipiav0KNN1mMOrUdKviQWOJwmPhrJpMeqSTkSpbAczdAd7zkH4Q/vD
FT50SyAGUNFYxoGNewcvWRjVuJJCKKjegZAbnyzIE6WlA65JdfVhWyEohBDNwF3w
V4bJu+m64lypJmtexCfVgQm6NUZOrh7p5JzBjXrmBmFD8VvbfGOYWlLdhQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJ3AxbvyPsdargYXeRMIHnCbtIhEMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbmNERnVfSS14MXF1QmhkNUV3Z2VjSnUwaUVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACuV4eBQ9j4mej+cZ3IT
c+oj85R+WUgW/JMxo03xrPpC4o57bs/jpILuQoXftxucG4+xruJvU8vYe11uTB0j
swzk9N/ostvqCVgJH3RCPnKEOwaTqaVEIIOQRgypqLN2SMqYE6lvTv1tmaqjgXR+
6PaMP/x+rYJWY++wg+1Jzs0tXWd7a1EKoxcRwMhslsQ+wsCvylOa4OZtQivtdwHe
KXgx00uTSdJQ0TSGj0/dMtG/TGJvRdbWE7CIYllwYyhaYjyWgLiARxX4rj27z+6o
I49PjcKkjP4Cb2mq2PIeXkcaFWqvgpXSyQAqzZU2wZmGW8nbVbmkp1p+/YSzFxB5
qZY=
-----END CERTIFICATE-----