Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/oRPr1osfFU1X-O4qcvtwsjUu-2I.roa
File:                     oRPr1osfFU1X-O4qcvtwsjUu-2I.roa (raw, json)
Hash identifier:          VFaTUXt+4CzSlnlauVyC8e5F/pot68Qov/FSIfjcl7s=
Subject key identifier:   A1:13:EB:D6:8B:1F:15:4D:57:F8:EE:2A:72:FB:70:B2:35:2E:FB:62
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018734CD7B8ED01821B60B5F5FB29C9C2CB3
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/oRPr1osfFU1X-O4qcvtwsjUu-2I.roa
Signing time:             Thu 30 Mar 2023 23:14:54 +0000
ROA not before:           Thu 30 Mar 2023 23:14:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:34:cd:7b:8e:d0:18:21:b6:0b:5f:5f:b2:9c:9c:2c:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 30 23:14:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a113ebd68b1f154d57f8ee2a72fb70b2352efb62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:9e:be:bd:ac:20:40:c7:70:52:1e:0b:e3:e4:
                    c6:ab:fa:c0:16:71:39:d5:e2:50:42:8c:9b:77:bf:
                    15:b6:c6:d2:b3:9a:bf:08:5f:25:98:87:ac:40:f6:
                    42:ab:46:1b:99:a7:78:f9:00:29:60:91:27:59:20:
                    39:40:ab:0f:89:ce:72:92:35:3b:c7:74:2d:9f:cf:
                    d7:21:83:70:78:e1:8f:f7:d5:ba:88:c0:d8:58:df:
                    9b:1b:b6:7d:58:54:a4:75:59:75:78:5b:31:84:e5:
                    75:c5:40:55:47:5e:c9:31:ee:43:35:28:ba:32:17:
                    52:7c:03:9a:76:b9:12:7d:3b:f6:6c:c8:b5:83:f9:
                    93:10:5e:80:6d:a6:04:e4:0a:95:b1:16:d6:c8:19:
                    b6:ca:a1:3e:8c:aa:2b:78:36:d5:12:d1:b4:2a:a0:
                    bc:6c:51:3a:ab:a3:21:14:92:0b:57:f0:d8:23:30:
                    63:a3:41:7f:d4:1e:13:cc:08:34:04:7a:87:d1:50:
                    12:79:df:07:e1:a5:7f:2f:b4:e4:5b:b0:6f:8c:f7:
                    c8:21:c7:a2:87:b1:f4:ac:d9:f7:81:9f:f4:3c:05:
                    90:01:76:4d:d6:d5:d1:83:4e:2f:26:58:db:a7:a9:
                    33:08:3f:b4:03:8b:70:0f:45:61:7a:a9:47:de:77:
                    ff:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:13:EB:D6:8B:1F:15:4D:57:F8:EE:2A:72:FB:70:B2:35:2E:FB:62
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/oRPr1osfFU1X-O4qcvtwsjUu-2I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         10:0d:c3:d2:9e:b9:66:9b:f6:08:fb:d1:f7:8b:55:98:af:5a:
         76:32:be:b3:d3:cd:39:dc:88:5a:11:3a:2d:16:09:81:96:ca:
         23:ae:3c:ac:88:3d:ff:1a:6f:bc:94:bc:51:a5:71:06:d0:6d:
         ca:72:cb:9f:89:90:4a:4c:35:49:ba:8a:cc:31:bd:2e:f4:a7:
         44:85:04:9c:98:61:9e:08:74:77:8e:3a:45:ce:e2:23:ea:86:
         8b:67:ef:99:65:cc:53:fa:32:84:c7:49:eb:71:76:12:58:89:
         f1:ae:b8:02:92:af:55:78:92:af:b3:fc:0a:26:c5:02:51:31:
         56:05:c4:26:c4:92:7f:f1:01:d8:c9:5a:3c:21:ec:44:48:74:
         9c:a9:d8:1b:db:57:b6:7e:b8:51:5f:83:65:39:84:2f:6b:b2:
         65:d1:ce:7f:c9:0a:b3:3a:77:51:3c:d6:e9:6b:14:3f:a2:f2:
         2c:c7:97:d9:dc:f5:4c:4c:63:6d:47:3f:9d:a8:7d:e1:58:dd:
         2a:1e:1a:1a:25:79:a7:72:10:a1:e6:a4:af:3a:54:bb:ce:71:
         6b:f2:d8:bf:cb:bb:c0:c7:ff:75:99:84:11:9b:18:2a:e1:bc:
         14:d7:fa:85:44:4f:09:1c:d9:fa:dc:ca:81:47:9a:b0:cf:86:
         c4:1c:a9:9b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYc0zXuO0BghtgtfX7KcnCyzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzMwMjMxNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTEzZWJkNjhiMWYxNTRkNTdmOGVlMmE3MmZiNzBiMjM1MmVmYjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4p6+vawgQMdwUh4L4+TGq/rAFnE5
1eJQQoybd78VtsbSs5q/CF8lmIesQPZCq0Ybmad4+QApYJEnWSA5QKsPic5ykjU7
x3Qtn8/XIYNweOGP99W6iMDYWN+bG7Z9WFSkdVl1eFsxhOV1xUBVR17JMe5DNSi6
MhdSfAOadrkSfTv2bMi1g/mTEF6AbaYE5AqVsRbWyBm2yqE+jKoreDbVEtG0KqC8
bFE6q6MhFJILV/DYIzBjo0F/1B4TzAg0BHqH0VASed8H4aV/L7TkW7BvjPfIIcei
h7H0rNn3gZ/0PAWQAXZN1tXRg04vJljbp6kzCD+0A4twD0VheqlH3nf/7wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKET69aLHxVNV/juKnL7cLI1LvtiMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvb1JQcjFvc2ZGVTFYLU80cWN2dHdzalV1LTJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABANw9KeuWab9gj70feL
VZivWnYyvrPTzTnciFoROi0WCYGWyiOuPKyIPf8ab7yUvFGlcQbQbcpyy5+JkEpM
NUm6iswxvS70p0SFBJyYYZ4IdHeOOkXO4iPqhotn75llzFP6MoTHSetxdhJYifGu
uAKSr1V4kq+z/AomxQJRMVYFxCbEkn/xAdjJWjwh7ERIdJyp2BvbV7Z+uFFfg2U5
hC9rsmXRzn/JCrM6d1E81ulrFD+i8izHl9nc9UxMY21HP52ofeFY3SoeGholeady
EKHmpK86VLvOcWvy2L/Lu8DH/3WZhBGbGCrhvBTX+oVETwkc2frcyoFHmrDPhsQc
qZs=
-----END CERTIFICATE-----