Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/oDQftATXczXY39bWxFv5mds1kKY.roa
File:                     oDQftATXczXY39bWxFv5mds1kKY.roa (raw, json)
Hash identifier:          5I4fVFc7RN9M9vU6fPN608CglTlMLFVnpenLBIEl+XM=
Subject key identifier:   A0:34:1F:B4:04:D7:73:35:D8:DF:D6:D6:C4:5B:F9:99:DB:35:90:A6
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01872CDCA0F06ADA11D79C829F2C0313A526
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/oDQftATXczXY39bWxFv5mds1kKY.roa
Signing time:             Wed 29 Mar 2023 10:14:29 +0000
ROA not before:           Wed 29 Mar 2023 10:14:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:2c:dc:a0:f0:6a:da:11:d7:9c:82:9f:2c:03:13:a5:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 29 10:14:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a0341fb404d77335d8dfd6d6c45bf999db3590a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:c0:b9:f5:33:45:96:6d:ab:8e:7b:01:b1:0a:
                    33:4c:cd:4c:f7:fd:02:eb:b6:1a:c2:2d:99:c8:d4:
                    30:2f:4d:1c:8d:ef:b7:5f:93:b1:30:19:08:79:d3:
                    9f:e5:45:91:01:bf:db:69:0a:15:a1:1b:4b:4c:e8:
                    d4:b8:51:6f:cf:82:d5:35:46:22:56:b3:a1:25:d4:
                    09:e5:f9:33:35:8b:71:ad:39:97:76:37:39:6e:44:
                    ac:3c:31:5c:b2:d1:51:88:f2:b0:6a:bf:2f:50:96:
                    2d:ee:a6:7e:89:47:64:5b:f0:b1:f9:3e:a9:f4:23:
                    13:82:fb:1b:97:f4:88:4c:25:ea:2a:e4:00:ed:f5:
                    cd:84:70:fa:3f:e5:74:2d:99:af:c7:3f:d7:26:4e:
                    ac:d8:18:ca:43:f3:9d:3c:51:7f:55:8c:c6:14:4e:
                    a6:9a:4d:c4:e4:37:9e:3b:69:20:21:8e:30:95:8a:
                    56:bc:8f:0f:cc:91:ba:1c:bb:f0:d5:c1:d0:9f:97:
                    6b:25:6d:df:c2:18:89:85:97:a8:9e:43:33:1a:84:
                    5a:c2:27:c0:84:15:71:39:0f:f9:a9:0e:16:b5:57:
                    15:fa:54:e8:a8:2e:d0:7b:b5:4f:21:45:2c:5a:b7:
                    44:eb:d7:cc:88:fe:1b:d2:36:c6:9a:6a:1d:33:ae:
                    55:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:34:1F:B4:04:D7:73:35:D8:DF:D6:D6:C4:5B:F9:99:DB:35:90:A6
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/oDQftATXczXY39bWxFv5mds1kKY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         09:2e:b9:94:12:63:1b:8b:50:66:84:ab:8f:c7:cc:5c:ec:d1:
         18:4e:f4:dc:4c:e4:09:23:d0:23:08:0f:83:a3:f3:ae:03:26:
         17:84:cf:78:ae:28:e0:9a:4e:73:f4:38:09:73:02:12:93:1f:
         90:d0:7d:4f:fe:d5:9a:66:da:03:ee:bd:9a:39:a5:ea:32:51:
         ea:1d:da:f7:5d:00:fe:c8:60:46:86:90:98:07:db:53:14:47:
         c0:20:6e:cb:db:e5:d3:52:fc:f8:8a:b6:14:8b:0b:22:0f:b9:
         8f:cd:64:ee:1b:95:ed:04:c3:a8:96:81:82:4c:d7:00:5e:1e:
         5a:77:bc:c9:1e:c9:e6:4c:a7:0b:f4:a8:2c:bc:86:12:a2:86:
         ad:df:db:c0:4f:bb:fc:f0:63:38:8a:dc:b8:97:1d:96:6f:e6:
         3f:3d:93:d8:99:76:e9:07:ae:9b:33:74:80:23:3f:64:0f:4c:
         ae:82:e4:4d:69:5a:e1:e1:e7:f0:83:88:71:16:ce:55:91:06:
         85:22:e4:75:1f:8c:98:96:b8:23:54:5b:10:6f:22:23:e5:2f:
         69:e9:1e:05:91:06:27:5d:9c:5a:ed:2f:d0:33:fb:bf:a9:15:
         f1:8f:01:0d:30:78:82:34:ae:47:b5:17:75:34:a0:25:02:66:
         df:ab:af:32
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcs3KDwatoR15yCnywDE6UmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI5MTAxNDI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDM0MWZiNDA0ZDc3MzM1ZDhkZmQ2ZDZjNDViZjk5OWRiMzU5MGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgMC59TNFlm2rjnsBsQozTM1M9/0C
67Yawi2ZyNQwL00cje+3X5OxMBkIedOf5UWRAb/baQoVoRtLTOjUuFFvz4LVNUYi
VrOhJdQJ5fkzNYtxrTmXdjc5bkSsPDFcstFRiPKwar8vUJYt7qZ+iUdkW/Cx+T6p
9CMTgvsbl/SITCXqKuQA7fXNhHD6P+V0LZmvxz/XJk6s2BjKQ/OdPFF/VYzGFE6m
mk3E5DeeO2kgIY4wlYpWvI8PzJG6HLvw1cHQn5drJW3fwhiJhZeonkMzGoRawifA
hBVxOQ/5qQ4WtVcV+lToqC7Qe7VPIUUsWrdE69fMiP4b0jbGmmodM65VMwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKA0H7QE13M12N/W1sRb+ZnbNZCmMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvb0RRZnRBVFhjelhZMzliV3hGdjVtZHMxa0tZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAkuuZQSYxuLUGaEq4/H
zFzs0RhO9NxM5Akj0CMID4Oj864DJheEz3iuKOCaTnP0OAlzAhKTH5DQfU/+1Zpm
2gPuvZo5peoyUeod2vddAP7IYEaGkJgH21MUR8Agbsvb5dNS/PiKthSLCyIPuY/N
ZO4ble0Ew6iWgYJM1wBeHlp3vMkeyeZMpwv0qCy8hhKihq3f28BPu/zwYziK3LiX
HZZv5j89k9iZdukHrpszdIAjP2QPTK6C5E1pWuHh5/CDiHEWzlWRBoUi5HUfjJiW
uCNUWxBvIiPlL2npHgWRBiddnFrtL9Az+7+pFfGPAQ0weII0rke1F3U0oCUCZt+r
rzI=
-----END CERTIFICATE-----