Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/phGskrIu4D7fwhdpftJ7lNHTN6Q.roa
File:                     phGskrIu4D7fwhdpftJ7lNHTN6Q.roa (raw, json)
Hash identifier:          ZG/rBvmfE9p8YTKCtkiOnHDmlw1TBkUOoI60sSUObTo=
Subject key identifier:   A6:11:AC:92:B2:2E:E0:3E:DF:C2:17:69:7E:D2:7B:94:D1:D3:37:A4
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018701B22EE82185FE07218C23C863D3C5F1
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/phGskrIu4D7fwhdpftJ7lNHTN6Q.roa
Signing time:             Tue 21 Mar 2023 01:04:27 +0000
ROA not before:           Tue 21 Mar 2023 01:04:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:187:1b1:f28e/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:01:b2:2e:e8:21:85:fe:07:21:8c:23:c8:63:d3:c5:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 21 01:04:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a611ac92b22ee03edfc217697ed27b94d1d337a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:11:b2:ad:ad:1c:22:a1:84:cf:3f:f3:f8:2e:
                    b4:26:47:97:60:d6:70:b0:cb:2b:88:ab:b7:d2:1b:
                    00:89:b9:2a:c3:45:03:22:da:b4:79:6d:a6:d6:2b:
                    96:41:3a:31:1e:cc:fb:ab:2d:02:6c:a3:e8:cf:b1:
                    f5:67:16:e9:b9:58:38:56:a0:87:26:a1:37:db:96:
                    3d:a6:d7:91:84:b8:3a:73:7a:f4:b5:56:7b:54:f2:
                    de:68:38:14:c5:d6:72:35:c3:88:34:40:c5:6e:3c:
                    45:8e:a0:4e:c0:5d:14:fb:b5:ea:a7:06:be:c6:e5:
                    1e:08:ec:65:c0:64:30:c0:7d:4f:cf:ac:89:ba:d2:
                    a7:a5:85:9a:71:23:26:34:fe:a1:14:f9:58:13:6c:
                    f1:b2:85:cd:ab:42:8d:b9:24:e1:71:5f:d7:40:20:
                    7f:bb:40:5d:cf:9d:e9:eb:11:4b:46:23:93:33:e3:
                    76:44:df:bb:36:66:f2:94:c2:f2:a3:b1:a4:08:20:
                    f4:64:40:b1:6e:04:07:63:97:ca:2c:61:8d:e9:ac:
                    0e:17:7b:3f:50:55:00:87:08:98:fa:1f:f3:c2:dd:
                    4e:f7:26:a5:86:3d:32:8d:e3:12:76:16:46:60:ce:
                    c0:9e:dd:04:dd:e5:36:6d:25:23:c1:65:9a:b4:57:
                    ee:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:11:AC:92:B2:2E:E0:3E:DF:C2:17:69:7E:D2:7B:94:D1:D3:37:A4
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/phGskrIu4D7fwhdpftJ7lNHTN6Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         23:e9:57:87:03:68:29:8c:da:db:14:47:f4:2b:1a:1a:6a:cf:
         82:53:f9:74:43:2e:c1:49:a5:5c:47:ad:6e:54:f2:0d:cb:42:
         1d:4f:91:88:0e:3b:e1:2f:f4:fd:94:86:5b:13:73:fb:20:92:
         ae:52:19:e7:51:b7:c1:58:15:01:90:41:00:c0:5a:0d:5f:81:
         9d:74:76:30:05:d9:67:14:ef:33:54:65:40:a9:3e:6f:c0:67:
         32:39:f0:08:35:7f:b4:f6:b8:36:94:e1:c4:49:57:8a:7f:f8:
         f6:47:d1:a7:98:1b:7e:99:b8:29:cd:12:7c:93:d0:20:28:fc:
         98:d8:49:0e:53:04:7e:c0:1e:86:21:3e:61:6e:b1:ac:6a:8e:
         43:d4:41:07:a5:5d:df:9b:40:93:bf:bf:29:8c:bc:03:3a:ad:
         d4:25:ad:31:d7:be:59:60:70:45:cf:a7:45:9f:82:a9:49:44:
         f4:f1:82:62:13:e5:09:e6:13:de:57:8e:98:fd:24:b7:b8:c6:
         bc:e7:3a:03:40:ed:f7:64:36:65:32:57:e8:c0:19:b1:91:f9:
         93:74:85:aa:f6:19:a1:79:73:34:41:75:8b:00:c2:57:87:82:
         47:25:a3:8a:a8:53:06:20:2b:4d:25:ac:36:2e:2b:80:df:bd:
         d9:b0:50:fa
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcBsi7oIYX+ByGMI8hj08XxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzIxMDEwNDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjExYWM5MmIyMmVlMDNlZGZjMjE3Njk3ZWQyN2I5NGQxZDMzN2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmRGyra0cIqGEzz/z+C60JkeXYNZw
sMsriKu30hsAibkqw0UDItq0eW2m1iuWQToxHsz7qy0CbKPoz7H1ZxbpuVg4VqCH
JqE325Y9pteRhLg6c3r0tVZ7VPLeaDgUxdZyNcOINEDFbjxFjqBOwF0U+7Xqpwa+
xuUeCOxlwGQwwH1Pz6yJutKnpYWacSMmNP6hFPlYE2zxsoXNq0KNuSThcV/XQCB/
u0Bdz53p6xFLRiOTM+N2RN+7NmbylMLyo7GkCCD0ZECxbgQHY5fKLGGN6awOF3s/
UFUAhwiY+h/zwt1O9yalhj0yjeMSdhZGYM7Ant0E3eU2bSUjwWWatFfuFQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKYRrJKyLuA+38IXaX7Se5TR0zekMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcGhHc2tySXU0RDdmd2hkcGZ0SjdsTkhUTjZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACPpV4cDaCmM2tsUR/Qr
Ghpqz4JT+XRDLsFJpVxHrW5U8g3LQh1PkYgOO+Ev9P2UhlsTc/sgkq5SGedRt8FY
FQGQQQDAWg1fgZ10djAF2WcU7zNUZUCpPm/AZzI58Ag1f7T2uDaU4cRJV4p/+PZH
0aeYG36ZuCnNEnyT0CAo/JjYSQ5TBH7AHoYhPmFusaxqjkPUQQelXd+bQJO/vymM
vAM6rdQlrTHXvllgcEXPp0WfgqlJRPTxgmIT5QnmE95Xjpj9JLe4xrznOgNA7fdk
NmUyV+jAGbGR+ZN0har2GaF5czRBdYsAwleHgkclo4qoUwYgK00lrDYuK4Dfvdmw
UPo=
-----END CERTIFICATE-----