Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/o0pK7kM0Ox_p37EOG7O-CPC2gnA.roa
File:                     o0pK7kM0Ox_p37EOG7O-CPC2gnA.roa (raw, json)
Hash identifier:          L7YPRRlP28K9t3homD+cuM4sCu56VL2uWFBhK+FOs3I=
Subject key identifier:   A3:4A:4A:EE:43:34:3B:1F:E9:DF:B1:0E:1B:B3:BE:08:F0:B6:82:70
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187439BC3DE7DD41AD39750DCB306A77B47
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/o0pK7kM0Ox_p37EOG7O-CPC2gnA.roa
Signing time:             Sun 02 Apr 2023 20:14:54 +0000
ROA not before:           Sun 02 Apr 2023 20:14:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:43:9b:c3:de:7d:d4:1a:d3:97:50:dc:b3:06:a7:7b:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  2 20:14:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a34a4aee43343b1fe9dfb10e1bb3be08f0b68270
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:25:2b:0d:1e:76:32:09:7e:88:50:44:68:63:
                    e8:84:38:bd:1f:f6:31:1c:07:ec:11:c1:e3:2b:3f:
                    9c:c9:ba:90:e3:a0:c1:80:b2:d6:42:bf:59:c4:a6:
                    32:b0:3d:1e:7a:d9:3d:bc:49:09:59:22:1e:41:65:
                    22:2f:ad:e4:d5:fe:a8:36:94:78:6c:21:06:26:14:
                    82:54:22:c7:10:e5:ff:db:4c:4a:07:df:4e:6f:c3:
                    0c:bf:55:92:76:fd:ff:16:b4:cd:4d:5a:0c:70:98:
                    0d:de:49:73:4c:59:a1:e4:fc:ce:c7:94:bb:2f:e8:
                    5c:12:64:db:91:76:bc:38:e9:85:ca:9d:12:e4:a4:
                    b9:65:ca:23:a5:2c:98:07:81:60:1b:ae:54:64:94:
                    54:37:8f:be:6e:0a:ff:f9:ae:10:1e:b8:bd:f5:10:
                    b7:42:22:ca:56:78:02:2a:81:f2:6b:f7:e0:a9:ec:
                    e7:df:ae:76:75:8f:eb:66:cc:d3:4b:a6:88:08:0a:
                    02:00:66:ed:c9:2f:82:f1:7e:76:a6:31:9e:b7:21:
                    79:31:2e:dc:2d:30:d6:fa:42:59:d8:3b:41:a8:07:
                    f8:21:32:c7:b6:54:bc:c9:7e:bf:ae:6f:ab:5b:be:
                    99:65:9f:d8:ed:b3:34:1b:70:9c:9d:ce:8e:3b:ba:
                    fc:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:4A:4A:EE:43:34:3B:1F:E9:DF:B1:0E:1B:B3:BE:08:F0:B6:82:70
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/o0pK7kM0Ox_p37EOG7O-CPC2gnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         6b:e2:42:e4:bd:a2:84:c1:7f:49:27:79:3a:e8:ab:24:86:e6:
         5b:05:f6:1f:57:5e:41:bb:7f:40:dc:2b:41:fd:7d:eb:c7:a3:
         8f:a0:c2:b2:67:4b:e5:6a:14:81:72:fe:b0:14:83:83:42:5d:
         a0:6e:bd:ec:16:0e:f3:ed:3e:76:4e:34:10:f5:3f:92:a5:03:
         12:ba:83:e0:0c:9f:39:13:d0:de:e4:13:c7:4f:b2:54:88:ab:
         2c:b3:29:93:03:92:72:7a:f9:41:eb:68:d8:31:e1:d1:16:87:
         02:cd:93:57:82:06:b4:27:ad:b7:cf:a2:14:dc:79:6b:f7:63:
         c3:d7:d0:df:01:cc:8d:c3:af:e0:58:8a:c2:72:c7:41:d5:da:
         17:dc:ff:fc:80:0c:d4:91:1c:03:4f:d9:b1:ba:b0:3e:93:f7:
         eb:3e:40:e1:bc:79:cf:93:4d:07:00:48:98:ce:f8:2c:8b:29:
         43:f3:2c:78:77:00:77:93:a4:be:65:d7:fb:0c:2b:36:60:e9:
         e7:03:ac:7b:51:75:56:16:e8:58:26:9f:51:d3:99:31:43:88:
         b7:2c:96:5e:62:9e:ef:61:a9:b7:b6:64:5f:4a:74:6e:e0:65:
         c1:65:80:0e:06:dc:d3:39:12:55:4c:d0:db:cc:7a:7b:ea:aa:
         ab:84:7f:44
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdDm8PefdQa05dQ3LMGp3tHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDAyMjAxNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzRhNGFlZTQzMzQzYjFmZTlkZmIxMGUxYmIzYmUwOGYwYjY4MjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqyUrDR52Mgl+iFBEaGPohDi9H/Yx
HAfsEcHjKz+cybqQ46DBgLLWQr9ZxKYysD0eetk9vEkJWSIeQWUiL63k1f6oNpR4
bCEGJhSCVCLHEOX/20xKB99Ob8MMv1WSdv3/FrTNTVoMcJgN3klzTFmh5PzOx5S7
L+hcEmTbkXa8OOmFyp0S5KS5ZcojpSyYB4FgG65UZJRUN4++bgr/+a4QHri99RC3
QiLKVngCKoHya/fgqezn3652dY/rZszTS6aICAoCAGbtyS+C8X52pjGetyF5MS7c
LTDW+kJZ2DtBqAf4ITLHtlS8yX6/rm+rW76ZZZ/Y7bM0G3Ccnc6OO7r8VQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKNKSu5DNDsf6d+xDhuzvgjwtoJwMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbzBwSzdrTTBPeF9wMzdFT0c3Ty1DUEMyZ25BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGviQuS9ooTBf0kneTro
qySG5lsF9h9XXkG7f0DcK0H9fevHo4+gwrJnS+VqFIFy/rAUg4NCXaBuvewWDvPt
PnZONBD1P5KlAxK6g+AMnzkT0N7kE8dPslSIqyyzKZMDknJ6+UHraNgx4dEWhwLN
k1eCBrQnrbfPohTceWv3Y8PX0N8BzI3Dr+BYisJyx0HV2hfc//yADNSRHANP2bG6
sD6T9+s+QOG8ec+TTQcASJjO+CyLKUPzLHh3AHeTpL5l1/sMKzZg6ecDrHtRdVYW
6Fgmn1HTmTFDiLcsll5inu9hqbe2ZF9KdG7gZcFlgA4G3NM5ElVM0NvMenvqqquE
f0Q=
-----END CERTIFICATE-----