Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/o8C8FP9pi98160fvvkGPM51uF0E.roa
File:                     o8C8FP9pi98160fvvkGPM51uF0E.roa (raw, json)
Hash identifier:          m7ANJekLusE62SimLhSxdn1TaYvEN8JUdUFhANWGdNE=
Subject key identifier:   A3:C0:BC:14:FF:69:8B:DF:35:EB:47:EF:BE:41:8F:33:9D:6E:17:41
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01870A190F9A8EA74AFBDFF8FF159F71A4D9
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/o8C8FP9pi98160fvvkGPM51uF0E.roa
Signing time:             Wed 22 Mar 2023 16:13:46 +0000
ROA not before:           Wed 22 Mar 2023 16:13:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:0a:19:0f:9a:8e:a7:4a:fb:df:f8:ff:15:9f:71:a4:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 22 16:13:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a3c0bc14ff698bdf35eb47efbe418f339d6e1741
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:79:cf:43:01:9b:9a:c6:ac:56:fa:e3:db:94:
                    1e:e1:a2:b8:ae:35:11:5f:aa:35:92:41:53:74:a8:
                    31:88:17:ee:cb:2b:0b:74:68:05:8d:92:7b:1a:3a:
                    fd:d7:02:40:6d:b5:bb:1b:4e:74:99:3a:17:88:b1:
                    60:a4:90:a7:6d:93:38:6d:bb:b7:fc:ef:e5:42:3a:
                    87:5b:f1:37:0a:cc:bf:28:fc:ac:30:3b:91:d3:3d:
                    ff:bc:db:db:a1:4c:f4:14:8f:38:21:af:51:d2:4e:
                    ec:8b:18:03:a4:9a:db:aa:40:81:9d:e4:46:13:21:
                    8b:0b:a1:95:db:f8:24:ca:46:c2:14:b6:e4:26:0e:
                    24:be:dd:a5:86:b7:89:5f:19:00:e1:6f:66:5a:ab:
                    da:60:da:e9:fe:12:aa:21:e8:7f:71:53:3f:3d:0a:
                    f3:9e:08:e8:9b:ff:22:9e:7a:2c:a4:34:b4:1b:dd:
                    60:bb:a5:cf:22:27:a2:54:59:ef:25:da:a8:25:43:
                    ba:96:98:b2:08:04:13:0e:c5:9a:33:4d:f1:32:e5:
                    39:37:35:9a:da:14:69:1f:b2:84:bb:1a:e2:ea:0b:
                    ee:51:83:2d:58:96:d7:c3:b5:ea:15:4c:79:85:f2:
                    4c:69:da:29:fd:3f:62:c2:a5:a9:3e:50:15:8f:79:
                    75:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:C0:BC:14:FF:69:8B:DF:35:EB:47:EF:BE:41:8F:33:9D:6E:17:41
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/o8C8FP9pi98160fvvkGPM51uF0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         11:19:49:d6:7f:67:86:9f:b3:91:0e:35:85:bf:d8:16:25:dd:
         e7:ef:cf:cc:dc:46:3e:85:4e:cf:7d:0d:b4:cf:72:27:e2:04:
         2c:d9:a9:bc:98:7c:33:54:f0:1e:68:e9:9e:87:a3:9e:c2:8d:
         0a:dc:41:ba:b2:8f:2b:ed:57:46:70:7c:b0:b3:56:41:49:d5:
         97:3c:1f:43:e3:b1:b0:eb:a0:d4:1f:97:bf:2b:26:8d:02:0b:
         8d:05:62:7a:6e:a7:b2:2e:75:fd:a7:64:9c:e0:b1:c2:2b:8d:
         8a:f2:03:f6:1d:c2:76:c9:57:6e:45:63:fa:bb:57:44:2c:08:
         98:58:a7:83:f0:e2:5c:e3:1b:1a:fd:36:2a:7f:28:cc:86:19:
         fe:bf:6c:b7:a8:3b:3a:96:31:51:13:0a:ee:ab:cd:02:2f:a0:
         06:6c:d2:c5:8a:e0:4a:64:83:d8:70:e1:bd:e9:0c:d5:24:1e:
         07:84:ba:c1:49:f2:d6:62:59:67:bb:7d:69:c8:7a:8a:f9:ee:
         be:2f:49:1b:50:6b:93:37:a7:d1:e8:dd:ef:de:9f:63:c0:bc:
         9b:fa:f2:69:e9:f5:c2:9f:75:25:3a:b1:d8:06:69:2a:17:28:
         0a:36:33:c0:06:8d:ff:fd:e1:85:3c:f3:14:6a:55:3a:9d:99:
         12:9b:44:01
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcKGQ+ajqdK+9/4/xWfcaTZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzIyMTYxMzQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2MwYmMxNGZmNjk4YmRmMzVlYjQ3ZWZiZTQxOGYzMzlkNmUxNzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlHnPQwGbmsasVvrj25Qe4aK4rjUR
X6o1kkFTdKgxiBfuyysLdGgFjZJ7Gjr91wJAbbW7G050mToXiLFgpJCnbZM4bbu3
/O/lQjqHW/E3Csy/KPysMDuR0z3/vNvboUz0FI84Ia9R0k7sixgDpJrbqkCBneRG
EyGLC6GV2/gkykbCFLbkJg4kvt2lhreJXxkA4W9mWqvaYNrp/hKqIeh/cVM/PQrz
ngjom/8innospDS0G91gu6XPIieiVFnvJdqoJUO6lpiyCAQTDsWaM03xMuU5NzWa
2hRpH7KEuxri6gvuUYMtWJbXw7XqFUx5hfJMadop/T9iwqWpPlAVj3l1pwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKPAvBT/aYvfNetH775BjzOdbhdBMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbzhDOEZQOXBpOTgxNjBmdnZrR1BNNTF1RjBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABEZSdZ/Z4afs5EONYW/
2BYl3efvz8zcRj6FTs99DbTPcifiBCzZqbyYfDNU8B5o6Z6Ho57CjQrcQbqyjyvt
V0ZwfLCzVkFJ1Zc8H0PjsbDroNQfl78rJo0CC40FYnpup7Iudf2nZJzgscIrjYry
A/YdwnbJV25FY/q7V0QsCJhYp4Pw4lzjGxr9Nip/KMyGGf6/bLeoOzqWMVETCu6r
zQIvoAZs0sWK4Epkg9hw4b3pDNUkHgeEusFJ8tZiWWe7fWnIeor57r4vSRtQa5M3
p9Ho3e/en2PAvJv68mnp9cKfdSU6sdgGaSoXKAo2M8AGjf/94YU88xRqVTqdmRKb
RAE=
-----END CERTIFICATE-----