Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/o1AfAKojoP3ddZF-y1vyJD2Jas4.roa
File:                     o1AfAKojoP3ddZF-y1vyJD2Jas4.roa (raw, json)
Hash identifier:          gv3UBmbd+hIsIsX0JomooF7BFs99fkIxqiaC8R6LC4o=
Subject key identifier:   A3:50:1F:00:AA:23:A0:FD:DD:75:91:7E:CB:5B:F2:24:3D:89:6A:CE
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186F169C9A640F1A7BB52110841E66F1BF8
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/o1AfAKojoP3ddZF-y1vyJD2Jas4.roa
Signing time:             Fri 17 Mar 2023 21:11:27 +0000
ROA not before:           Fri 17 Mar 2023 21:11:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:f1:69:c9:a6:40:f1:a7:bb:52:11:08:41:e6:6f:1b:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 17 21:11:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a3501f00aa23a0fddd75917ecb5bf2243d896ace
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:c2:94:4e:cc:d1:8b:e9:30:76:d1:5d:16:92:
                    67:74:f1:7d:74:81:86:3c:3e:86:a2:f4:8e:f9:14:
                    bc:4f:bf:f3:c7:6a:89:7f:96:4c:9a:34:48:49:22:
                    19:7d:58:63:6d:55:58:0d:31:52:e4:36:39:f2:34:
                    ba:5b:b8:5b:d1:c9:a3:f3:8d:44:f3:f5:bb:57:77:
                    77:2e:c5:2d:ed:f9:48:f1:1e:a1:a7:5e:f3:87:c2:
                    bd:0a:dc:13:5f:d4:e1:f5:9a:44:01:f2:55:d7:51:
                    71:d1:e1:b5:34:d4:0e:b7:9f:ab:ed:d8:0a:45:62:
                    0f:06:a0:6b:14:e6:5f:a8:39:b0:1d:7b:f3:98:a7:
                    45:a5:e9:9c:8a:01:39:68:5a:7f:d6:6e:4b:42:44:
                    82:57:11:ac:d8:95:dd:7e:00:d3:64:1c:c7:f1:2e:
                    7a:ea:45:00:72:60:16:11:91:28:96:1c:d5:38:cd:
                    a7:ff:54:46:89:5b:03:ec:98:fa:ba:5b:4a:dc:65:
                    7b:c4:b1:95:51:cc:c5:56:4e:0f:fe:92:d3:2d:ce:
                    cb:7b:92:9a:48:e3:b8:01:db:05:1f:d6:3b:da:02:
                    90:e1:5f:f2:d7:10:f2:0d:31:69:01:65:10:f7:e1:
                    d0:fe:cc:f2:77:53:98:8b:13:bf:d1:a7:1b:1a:9f:
                    44:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:50:1F:00:AA:23:A0:FD:DD:75:91:7E:CB:5B:F2:24:3D:89:6A:CE
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/o1AfAKojoP3ddZF-y1vyJD2Jas4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:5d:1c:de:77:67:74:b4:5f:db:99:0c:40:63:86:77:89:16:
         ae:01:37:01:57:fd:64:6c:4e:fd:c5:9c:c3:31:a9:54:69:ad:
         65:0e:0a:0b:53:23:4d:a4:4d:02:6b:cd:73:22:f6:2c:68:c1:
         42:16:45:c3:40:85:3d:c6:3e:bc:6c:8f:ed:db:56:1b:1c:4a:
         09:08:a7:7c:ec:db:db:f8:c6:03:4a:6b:ef:23:4b:a6:82:e4:
         59:d8:d3:7a:8e:96:6c:b4:f6:1b:cf:a8:40:04:56:7b:72:1b:
         98:ba:e6:f2:d5:46:cd:22:cb:68:93:69:1c:7f:23:ea:47:ec:
         f6:8f:79:bd:df:af:da:f4:ef:6c:f5:14:fe:a0:d5:56:52:24:
         c3:48:64:55:e8:41:c0:c9:1a:a0:62:f5:c0:18:09:a3:0e:b9:
         29:00:49:7c:ce:af:f7:e4:ed:98:3b:eb:94:e3:04:b2:a0:e0:
         e7:b8:13:30:73:ee:78:b7:78:8a:11:90:d3:4b:4d:51:71:8c:
         d5:ae:30:76:ca:62:51:ad:f5:cd:b9:95:f2:95:13:fd:eb:a5:
         9d:77:d7:ac:db:10:c9:b0:be:d2:fc:5e:d3:15:9f:99:26:38:
         00:03:74:24:3d:1e:c1:23:19:da:dc:a3:b8:01:a1:53:8d:f5:
         26:d2:0f:88
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbxacmmQPGnu1IRCEHmbxv4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzE3MjExMTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzUwMWYwMGFhMjNhMGZkZGQ3NTkxN2VjYjViZjIyNDNkODk2YWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmcKUTszRi+kwdtFdFpJndPF9dIGG
PD6GovSO+RS8T7/zx2qJf5ZMmjRISSIZfVhjbVVYDTFS5DY58jS6W7hb0cmj841E
8/W7V3d3LsUt7flI8R6hp17zh8K9CtwTX9Th9ZpEAfJV11Fx0eG1NNQOt5+r7dgK
RWIPBqBrFOZfqDmwHXvzmKdFpemcigE5aFp/1m5LQkSCVxGs2JXdfgDTZBzH8S56
6kUAcmAWEZEolhzVOM2n/1RGiVsD7Jj6ultK3GV7xLGVUczFVk4P/pLTLc7Le5Ka
SOO4AdsFH9Y72gKQ4V/y1xDyDTFpAWUQ9+HQ/szyd1OYixO/0acbGp9E/wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKNQHwCqI6D93XWRfstb8iQ9iWrOMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbzFBZkFLb2pvUDNkZFpGLXkxdnlKRDJKYXM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACBdHN53Z3S0X9uZDEBj
hneJFq4BNwFX/WRsTv3FnMMxqVRprWUOCgtTI02kTQJrzXMi9ixowUIWRcNAhT3G
Prxsj+3bVhscSgkIp3zs29v4xgNKa+8jS6aC5FnY03qOlmy09hvPqEAEVntyG5i6
5vLVRs0iy2iTaRx/I+pH7PaPeb3fr9r072z1FP6g1VZSJMNIZFXoQcDJGqBi9cAY
CaMOuSkASXzOr/fk7Zg765TjBLKg4Oe4EzBz7ni3eIoRkNNLTVFxjNWuMHbKYlGt
9c25lfKVE/3rpZ1316zbEMmwvtL8XtMVn5kmOAADdCQ9HsEjGdrco7gBoVON9SbS
D4g=
-----END CERTIFICATE-----