Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ogfopChaE91IB5vuLlZgwKyc8S4.roa
File:                     ogfopChaE91IB5vuLlZgwKyc8S4.roa (raw, json)
Hash identifier:          LKMVS9qWOGizHWgXVl2mWAyLoo5xCLydeFxT15s+Ruc=
Subject key identifier:   A2:07:E8:A4:28:5A:13:DD:48:07:9B:EE:2E:56:60:C0:AC:9C:F1:2E
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01878AD620B229DFFC0CD0ACBEA80EA124DD
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ogfopChaE91IB5vuLlZgwKyc8S4.roa
Signing time:             Sun 16 Apr 2023 16:11:41 +0000
ROA not before:           Sun 16 Apr 2023 16:11:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:8a:d6:20:b2:29:df:fc:0c:d0:ac:be:a8:0e:a1:24:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 16 16:11:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a207e8a4285a13dd48079bee2e5660c0ac9cf12e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:d0:c7:e5:5e:2e:46:53:62:19:97:c7:7d:d9:
                    2f:97:cd:99:6a:d2:da:64:1d:e8:20:29:7b:4d:ac:
                    54:77:c3:42:a6:d4:c9:90:b6:a2:a5:eb:19:81:9d:
                    f2:95:a9:ab:5a:fd:c8:3f:f8:53:f4:07:3c:28:6c:
                    77:03:f3:13:dc:36:86:e1:ca:91:4a:df:71:47:b4:
                    a8:d5:d3:51:bb:60:4c:dd:bf:0f:3b:fe:38:31:03:
                    c4:c2:ed:77:63:23:7a:25:36:22:e8:4b:d3:40:0d:
                    3d:5f:a3:8e:b9:58:a8:61:be:ff:2b:46:a4:9e:06:
                    41:48:90:72:a0:76:4c:a7:fa:24:ef:de:8a:70:9a:
                    ee:21:08:a9:92:ea:c7:74:2d:c4:51:62:8a:0c:ee:
                    13:73:7f:d1:e3:38:1c:3d:16:80:29:48:48:28:37:
                    77:82:c7:3c:0b:c6:c0:0d:39:e1:e9:c5:67:6e:fe:
                    3e:29:04:7a:09:95:7f:ae:e0:b6:91:e6:8b:ac:64:
                    0c:c2:10:ac:bb:d3:b4:29:5d:7c:d7:26:30:6c:df:
                    0f:67:d6:bc:d1:92:e8:1e:9d:de:e3:41:de:0d:b4:
                    bd:0e:a4:41:99:91:0d:8a:51:a0:3e:7f:b8:ba:84:
                    e6:03:d8:72:df:6b:93:6f:49:f3:78:15:b8:48:19:
                    1f:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:07:E8:A4:28:5A:13:DD:48:07:9B:EE:2E:56:60:C0:AC:9C:F1:2E
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ogfopChaE91IB5vuLlZgwKyc8S4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a7:3d:ab:1c:c0:01:53:f8:34:7f:49:5a:12:db:74:7f:ad:ab:
         43:cf:7e:ea:b5:da:eb:3c:ac:ee:da:60:16:0a:ae:63:4d:fd:
         19:b0:3f:7b:f5:9b:14:a4:6a:12:aa:51:24:1a:8b:cd:0a:49:
         5d:77:1e:a3:70:0f:c4:9f:f0:b9:ef:3a:9b:dc:24:5f:9e:01:
         ff:b7:eb:d8:44:f5:d7:d5:74:0d:b1:46:34:0a:c8:dd:f3:76:
         8b:4e:ab:fa:ac:06:55:f8:a0:28:d4:77:15:44:09:f0:b3:ff:
         ab:ed:85:d0:c3:cc:9a:b0:db:08:03:05:74:45:d7:c8:cb:a8:
         bb:13:0e:2c:ed:73:34:d5:05:42:3b:9d:39:fd:64:c1:c5:21:
         f9:a5:a0:d1:eb:39:18:38:05:9b:85:c8:34:18:c5:a5:a2:00:
         72:72:73:d2:4e:55:75:ec:9d:53:aa:77:5c:91:33:82:57:1f:
         ee:eb:da:d3:75:0f:7b:db:f6:d8:99:e0:91:d2:60:2e:b0:c8:
         c5:f2:6a:2a:dc:cd:7b:32:cd:b4:2c:bd:bd:ee:c7:0b:ca:77:
         08:c5:dd:fd:ac:6b:e4:40:47:48:06:97:e8:18:88:52:2d:b7:
         23:5b:39:8a:56:77:ea:0d:f8:bb:93:b3:3e:0e:15:77:d0:68:
         2f:09:c4:1f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYeK1iCyKd/8DNCsvqgOoSTdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDE2MTYxMTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjA3ZThhNDI4NWExM2RkNDgwNzliZWUyZTU2NjBjMGFjOWNmMTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjdDH5V4uRlNiGZfHfdkvl82ZatLa
ZB3oICl7TaxUd8NCptTJkLaipesZgZ3ylamrWv3IP/hT9Ac8KGx3A/MT3DaG4cqR
St9xR7So1dNRu2BM3b8PO/44MQPEwu13YyN6JTYi6EvTQA09X6OOuVioYb7/K0ak
ngZBSJByoHZMp/ok796KcJruIQipkurHdC3EUWKKDO4Tc3/R4zgcPRaAKUhIKDd3
gsc8C8bADTnh6cVnbv4+KQR6CZV/ruC2keaLrGQMwhCsu9O0KV181yYwbN8PZ9a8
0ZLoHp3e40HeDbS9DqRBmZENilGgPn+4uoTmA9hy32uTb0nzeBW4SBkfWwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKIH6KQoWhPdSAeb7i5WYMCsnPEuMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvb2dmb3BDaGFFOTFJQjV2dUxsWmd3S3ljOFM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKc9qxzAAVP4NH9JWhLb
dH+tq0PPfuq12us8rO7aYBYKrmNN/RmwP3v1mxSkahKqUSQai80KSV13HqNwD8Sf
8LnvOpvcJF+eAf+369hE9dfVdA2xRjQKyN3zdotOq/qsBlX4oCjUdxVECfCz/6vt
hdDDzJqw2wgDBXRF18jLqLsTDiztczTVBUI7nTn9ZMHFIfmloNHrORg4BZuFyDQY
xaWiAHJyc9JOVXXsnVOqd1yRM4JXH+7r2tN1D3vb9tiZ4JHSYC6wyMXyairczXsy
zbQsvb3uxwvKdwjF3f2sa+RAR0gGl+gYiFIttyNbOYpWd+oN+LuTsz4OFXfQaC8J
xB8=
-----END CERTIFICATE-----