Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/o1Dw2BldNS5LwBJoZIqu1JPvAfU.roa
File:                     o1Dw2BldNS5LwBJoZIqu1JPvAfU.roa (raw, json)
Hash identifier:          /sYTuuiDHmJXaNWChvPuTKaLZoq2+TkCrixv87wd8JU=
Subject key identifier:   A3:50:F0:D8:19:5D:35:2E:4B:C0:12:68:64:8A:AE:D4:93:EF:01:F5
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187B17054433D16E380E708FF9010EEFFA2
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/o1Dw2BldNS5LwBJoZIqu1JPvAfU.roa
Signing time:             Mon 24 Apr 2023 04:05:41 +0000
ROA not before:           Mon 24 Apr 2023 04:05:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b16f:6938/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:b1:70:54:43:3d:16:e3:80:e7:08:ff:90:10:ee:ff:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 24 04:05:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a350f0d8195d352e4bc01268648aaed493ef01f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:f2:78:43:f0:23:92:5b:a8:f5:3c:fc:a4:2c:
                    f3:52:0b:75:98:99:76:df:7b:2c:15:d6:f9:f9:c1:
                    ad:4b:46:90:64:d5:17:88:cc:a0:dc:cf:ef:00:b6:
                    61:4d:fb:cd:c2:4d:f1:98:97:a0:e1:1b:aa:c8:a5:
                    80:cb:f9:c1:bc:70:98:15:99:2a:2a:50:2f:7c:c5:
                    22:68:28:01:cb:01:91:26:d7:c0:48:69:b4:03:c9:
                    6e:bb:4e:2d:f3:6d:c6:e9:5d:5c:2f:7b:3d:13:d8:
                    02:61:79:97:c3:fd:e5:0a:06:fa:50:a6:37:f7:e1:
                    c9:a3:a4:5c:fd:00:d4:31:1f:98:de:e9:bc:78:74:
                    29:23:56:17:2b:80:26:f3:3c:34:6e:d0:a2:c3:9b:
                    fb:66:88:3b:09:73:5e:58:21:01:c8:92:f7:2d:4d:
                    fe:da:63:e9:13:50:cd:6a:0c:04:ad:2b:c8:f7:05:
                    de:0e:a0:9c:97:c4:d1:74:33:5a:9a:bb:97:df:24:
                    29:26:f7:9f:76:16:58:40:f6:b6:bb:84:a7:b8:04:
                    e1:1f:1d:cc:79:3e:7e:37:54:06:e9:cc:ce:3c:4e:
                    73:75:a3:ee:cf:bf:8e:82:73:48:4e:56:32:e3:46:
                    83:ea:30:28:67:6b:62:14:dd:8d:21:90:97:3e:3a:
                    8a:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:50:F0:D8:19:5D:35:2E:4B:C0:12:68:64:8A:AE:D4:93:EF:01:F5
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/o1Dw2BldNS5LwBJoZIqu1JPvAfU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:17:94:f3:c4:93:bc:ce:d0:ae:84:d1:b3:6e:9a:bc:06:22:
         b4:95:eb:d3:cf:09:cf:ce:8b:a2:2d:e6:e4:7a:b5:e5:51:27:
         15:1f:fe:17:30:27:ef:fd:73:28:a8:e4:25:44:11:e2:5c:65:
         e7:e7:59:8b:8e:68:f8:ff:0e:c1:de:e5:91:f1:fc:cf:c9:0e:
         bc:46:8c:55:e8:af:67:3a:bd:30:c6:49:20:f2:70:b9:62:33:
         f6:36:66:11:cc:88:b9:48:91:ef:14:f7:95:c8:b4:07:38:10:
         bb:88:cc:09:a7:a9:e2:9a:c0:e1:99:1f:ce:85:18:b2:f2:d6:
         59:41:d8:e4:e3:3f:04:5b:42:69:c0:ff:28:f6:02:4b:e7:1b:
         2c:ec:db:c8:b2:8f:76:80:ef:df:eb:d6:28:40:90:22:c6:2c:
         7f:11:86:9a:cb:a4:c0:23:41:e7:a0:64:4c:18:a1:8b:ad:68:
         81:e7:5f:01:1a:67:13:de:59:30:9f:0b:cd:2b:32:85:f5:81:
         e5:f1:6c:42:a3:bb:d9:cc:52:fb:e3:f8:41:1c:ae:d3:1b:2e:
         e6:98:db:04:f3:1b:92:d6:cc:4c:16:9a:5d:d2:15:bc:41:92:
         aa:bb:5c:67:a1:01:c0:e7:ec:e9:1c:1e:b9:09:a4:16:27:6c:
         a7:7c:0c:a6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYexcFRDPRbjgOcI/5AQ7v+iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDI0MDQwNTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzUwZjBkODE5NWQzNTJlNGJjMDEyNjg2NDhhYWVkNDkzZWYwMWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiPJ4Q/Ajkluo9Tz8pCzzUgt1mJl2
33ssFdb5+cGtS0aQZNUXiMyg3M/vALZhTfvNwk3xmJeg4RuqyKWAy/nBvHCYFZkq
KlAvfMUiaCgBywGRJtfASGm0A8luu04t823G6V1cL3s9E9gCYXmXw/3lCgb6UKY3
9+HJo6Rc/QDUMR+Y3um8eHQpI1YXK4Am8zw0btCiw5v7Zog7CXNeWCEByJL3LU3+
2mPpE1DNagwErSvI9wXeDqCcl8TRdDNamruX3yQpJvefdhZYQPa2u4SnuAThHx3M
eT5+N1QG6czOPE5zdaPuz7+OgnNITlYy40aD6jAoZ2tiFN2NIZCXPjqKGQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKNQ8NgZXTUuS8ASaGSKrtST7wH1MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbzFEdzJCbGROUzVMd0JKb1pJcXUxSlB2QWZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAC0XlPPEk7zO0K6E0bNu
mrwGIrSV69PPCc/Oi6It5uR6teVRJxUf/hcwJ+/9cyio5CVEEeJcZefnWYuOaPj/
DsHe5ZHx/M/JDrxGjFXor2c6vTDGSSDycLliM/Y2ZhHMiLlIke8U95XItAc4ELuI
zAmnqeKawOGZH86FGLLy1llB2OTjPwRbQmnA/yj2AkvnGyzs28iyj3aA79/r1ihA
kCLGLH8RhprLpMAjQeegZEwYoYutaIHnXwEaZxPeWTCfC80rMoX1geXxbEKju9nM
Uvvj+EEcrtMbLuaY2wTzG5LWzEwWml3SFbxBkqq7XGehAcDn7OkcHrkJpBYnbKd8
DKY=
-----END CERTIFICATE-----