Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ns8c46loi43QB3B9gWWa-TgBGbU.roa
File:                     ns8c46loi43QB3B9gWWa-TgBGbU.roa (raw, json)
Hash identifier:          WPVAmwmozQtOBscN52XRH0AM70FZEJmSG8dIxEXbG18=
Subject key identifier:   9E:CF:1C:E3:A9:68:8B:8D:D0:07:70:7D:81:65:9A:F9:38:01:19:B5
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187D7A1E5DD4761D2C5B97539DEB5C5D899
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ns8c46loi43QB3B9gWWa-TgBGbU.roa
Signing time:             Mon 01 May 2023 14:05:24 +0000
ROA not before:           Mon 01 May 2023 14:05:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:187:d7a0:fb7b/128 maxlen: 128
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:d7:a1:e5:dd:47:61:d2:c5:b9:75:39:de:b5:c5:d8:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  1 14:05:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9ecf1ce3a9688b8dd007707d81659af9380119b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:e2:3f:75:d3:a6:ae:66:4a:6c:5a:c2:c5:f5:
                    46:5f:89:3c:40:e9:91:ca:e1:c7:35:ff:6e:c7:13:
                    a6:aa:26:f3:10:6a:ba:36:b5:35:e8:c4:34:cc:09:
                    1f:de:f4:2b:94:77:2c:a9:df:77:b3:ca:a8:31:c6:
                    e9:8d:b5:47:7e:ed:cc:8b:74:ae:ed:17:86:91:3a:
                    1f:12:da:d4:34:58:c6:6a:54:10:b7:bc:66:d7:cb:
                    e6:50:f5:9e:07:75:aa:92:30:15:31:65:6e:41:81:
                    d0:7c:f5:3c:e2:1a:a5:a7:cf:5b:e9:c0:0a:39:82:
                    98:d4:88:1c:81:2e:bc:31:45:c8:ce:22:b5:bc:3b:
                    50:f5:2a:ed:4c:83:f1:2c:a0:2b:36:87:05:d5:92:
                    0d:dd:23:65:da:18:a3:6d:52:57:00:8d:f7:61:6a:
                    45:b9:d1:fa:44:cc:fe:d4:c4:98:5e:7d:b1:38:6c:
                    c6:cb:d2:b5:ea:64:91:f4:c4:c9:c5:47:a9:5e:6b:
                    e9:b4:7a:b3:df:d7:d1:49:19:e0:05:a3:97:91:e8:
                    96:5c:25:8c:dc:8d:b6:e4:40:a7:bd:a4:8a:8c:d7:
                    4a:2b:ca:54:6c:2f:69:87:98:0a:67:02:07:a2:d6:
                    0a:e8:da:dc:4e:d8:8a:ed:87:60:f5:0b:dd:f3:32:
                    61:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:CF:1C:E3:A9:68:8B:8D:D0:07:70:7D:81:65:9A:F9:38:01:19:B5
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ns8c46loi43QB3B9gWWa-TgBGbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:88:a8:22:f4:a7:1c:86:2b:48:44:a5:fe:4e:a0:f9:3d:76:
         ad:9c:67:a6:20:49:b7:a7:89:18:c2:a7:31:33:80:86:6a:5d:
         b9:64:ef:d4:fa:ef:36:9e:ec:19:40:31:ce:7a:2d:cf:ed:db:
         ef:60:42:55:6b:63:d6:de:aa:91:ad:97:17:34:5f:e5:f5:ff:
         88:f9:76:8d:37:c1:a4:fa:a7:d3:7c:f8:11:2c:4e:e0:e5:81:
         86:a2:f5:7e:57:d2:7c:01:fa:7c:9e:44:24:b9:1b:14:aa:54:
         f8:44:b7:6b:ee:f8:9f:0f:5a:0f:0a:e2:d5:a9:a1:75:35:f0:
         da:12:4f:e0:db:e4:73:b2:a9:67:46:b7:01:5f:b8:cc:58:bd:
         f4:cc:06:4d:39:12:52:e0:da:0a:4c:ae:c1:92:c0:02:fb:f2:
         84:d7:2c:e4:05:d5:b9:bb:c5:ff:23:2e:b0:b4:1c:6b:99:64:
         a3:09:77:94:0b:55:aa:c5:4d:7e:ac:d6:bc:70:07:1d:52:96:
         98:6c:46:9b:c9:52:91:28:af:4b:2b:49:c2:61:50:94:6d:8d:
         f2:50:03:93:17:40:e0:b6:aa:a1:55:1c:51:72:22:d9:07:d9:
         09:6c:b4:df:69:f1:57:e6:5b:a1:fe:6e:b9:ff:40:52:86:82:
         c7:71:3f:1b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfXoeXdR2HSxbl1Od61xdiZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTAxMTQwNTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWNmMWNlM2E5Njg4YjhkZDAwNzcwN2Q4MTY1OWFmOTM4MDExOWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+I/ddOmrmZKbFrCxfVGX4k8QOmR
yuHHNf9uxxOmqibzEGq6NrU16MQ0zAkf3vQrlHcsqd93s8qoMcbpjbVHfu3Mi3Su
7ReGkTofEtrUNFjGalQQt7xm18vmUPWeB3WqkjAVMWVuQYHQfPU84hqlp89b6cAK
OYKY1IgcgS68MUXIziK1vDtQ9SrtTIPxLKArNocF1ZIN3SNl2hijbVJXAI33YWpF
udH6RMz+1MSYXn2xOGzGy9K16mSR9MTJxUepXmvptHqz39fRSRngBaOXkeiWXCWM
3I225ECnvaSKjNdKK8pUbC9ph5gKZwIHotYK6NrcTtiK7Ydg9Qvd8zJhPQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJ7PHOOpaIuN0AdwfYFlmvk4ARm1MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbnM4YzQ2bG9pNDNRQjNCOWdXV2EtVGdCR2JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABiIqCL0pxyGK0hEpf5O
oPk9dq2cZ6YgSbeniRjCpzEzgIZqXblk79T67zae7BlAMc56Lc/t2+9gQlVrY9be
qpGtlxc0X+X1/4j5do03waT6p9N8+BEsTuDlgYai9X5X0nwB+nyeRCS5GxSqVPhE
t2vu+J8PWg8K4tWpoXU18NoST+Db5HOyqWdGtwFfuMxYvfTMBk05ElLg2gpMrsGS
wAL78oTXLOQF1bm7xf8jLrC0HGuZZKMJd5QLVarFTX6s1rxwBx1SlphsRpvJUpEo
r0srScJhUJRtjfJQA5MXQOC2qqFVHFFyItkH2QlstN9p8VfmW6H+brn/QFKGgsdx
Pxs=
-----END CERTIFICATE-----