Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/plJKgr3GynKqbzuuwaH-QGdktKA.roa
File:                     plJKgr3GynKqbzuuwaH-QGdktKA.roa (raw, json)
Hash identifier:          kHvw6dIRbmd8B+Yj11xGn2wQnxGcFV5ghXOaUXjkkRg=
Subject key identifier:   A6:52:4A:82:BD:C6:CA:72:AA:6F:3B:AE:C1:A1:FE:40:67:64:B4:A0
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01876F218BF90062490995F167E680D2606F
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/plJKgr3GynKqbzuuwaH-QGdktKA.roa
Signing time:             Tue 11 Apr 2023 07:04:42 +0000
ROA not before:           Tue 11 Apr 2023 07:04:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:187:6f21:2538/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:6f:21:8b:f9:00:62:49:09:95:f1:67:e6:80:d2:60:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 11 07:04:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a6524a82bdc6ca72aa6f3baec1a1fe406764b4a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:45:c5:0b:29:c9:fc:7d:b1:2b:fe:da:ce:78:
                    f2:8c:e8:30:6a:26:10:12:77:02:e1:1a:aa:c7:6e:
                    06:a6:29:9a:df:50:54:74:fc:35:5a:23:d3:ba:b7:
                    36:4f:f3:d2:2e:28:a9:ea:3a:0f:cb:5a:32:d9:64:
                    15:02:40:98:15:13:bb:eb:c7:02:8f:cd:c7:c5:a5:
                    08:4b:3e:7c:c1:e1:0c:0b:a5:28:18:47:a2:a8:a0:
                    3f:67:88:a6:b7:3c:01:1b:5e:63:35:df:36:8e:02:
                    8a:d1:60:a0:eb:55:38:11:d4:64:88:bc:23:bb:5e:
                    4a:df:56:16:c4:9c:4b:f1:b0:18:ae:ae:73:20:d2:
                    af:9b:0f:95:15:b4:14:46:9f:48:db:d2:e1:d6:e3:
                    ec:5d:8b:f5:07:47:da:bd:51:4d:b4:19:b2:c6:3f:
                    e4:a3:78:52:f7:ba:0c:fd:8e:07:72:02:86:71:ba:
                    ef:40:4e:a5:c9:46:67:6c:17:f5:87:11:c5:18:06:
                    35:e8:0d:c9:76:db:82:ae:3f:b8:01:1c:0a:16:eb:
                    2e:69:e6:ea:09:68:46:80:35:ba:e4:4a:a5:dc:ed:
                    da:84:39:48:74:8d:e8:79:cd:4a:f4:fd:60:12:9e:
                    95:42:2b:4b:6d:8e:b4:16:29:d3:3c:4b:f1:1d:8c:
                    20:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:52:4A:82:BD:C6:CA:72:AA:6F:3B:AE:C1:A1:FE:40:67:64:B4:A0
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/plJKgr3GynKqbzuuwaH-QGdktKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:c0:4a:cf:51:27:df:e2:9e:e2:ba:fe:2b:fd:56:6f:1d:25:
         41:15:9b:06:fd:95:fa:b2:1f:6a:d4:c4:c6:88:cc:86:c1:54:
         6a:fc:d5:4f:3c:1d:3f:38:f1:8e:5f:6f:d5:89:57:62:90:b4:
         ae:d5:b2:71:2c:4a:74:90:15:2e:39:49:8f:6a:b2:96:a4:7a:
         78:20:dd:a8:88:c2:55:de:7d:db:f9:90:ae:16:b9:d2:64:37:
         97:25:89:47:e4:51:fc:48:5b:24:12:82:19:43:9f:1b:f9:f8:
         07:87:b2:62:6c:da:6e:5e:a8:3d:26:71:56:90:1f:6e:88:f0:
         ec:3c:80:df:d9:7a:67:3b:a9:83:37:1b:ad:22:df:dc:9c:bc:
         22:86:86:24:91:62:31:a5:d4:9d:5f:49:0d:41:41:b9:09:cd:
         b7:48:ec:15:65:9c:3f:05:63:a6:73:6e:f8:3a:32:88:54:9f:
         59:47:db:5e:8a:58:b7:59:58:30:d1:21:22:56:78:52:cd:b5:
         bc:29:76:07:12:5f:26:47:cc:5b:b5:19:79:e6:00:39:78:e7:
         15:7a:01:7a:1e:a7:5e:b1:50:64:1b:32:06:00:9e:2a:04:74:
         ab:bc:3c:45:8c:4d:48:af:58:06:01:91:a1:85:c9:df:27:39:
         11:bc:4b:55
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdvIYv5AGJJCZXxZ+aA0mBvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDExMDcwNDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjUyNGE4MmJkYzZjYTcyYWE2ZjNiYWVjMWExZmU0MDY3NjRiNGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAikXFCynJ/H2xK/7aznjyjOgwaiYQ
EncC4Rqqx24Gpima31BUdPw1WiPTurc2T/PSLiip6joPy1oy2WQVAkCYFRO768cC
j83HxaUISz58weEMC6UoGEeiqKA/Z4imtzwBG15jNd82jgKK0WCg61U4EdRkiLwj
u15K31YWxJxL8bAYrq5zINKvmw+VFbQURp9I29Lh1uPsXYv1B0favVFNtBmyxj/k
o3hS97oM/Y4HcgKGcbrvQE6lyUZnbBf1hxHFGAY16A3JdtuCrj+4ARwKFusuaebq
CWhGgDW65Eql3O3ahDlIdI3oec1K9P1gEp6VQitLbY60FinTPEvxHYwgnwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKZSSoK9xspyqm87rsGh/kBnZLSgMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcGxKS2dyM0d5bktxYnp1dXdhSC1RR2RrdEtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAATASs9RJ9/inuK6/iv9
Vm8dJUEVmwb9lfqyH2rUxMaIzIbBVGr81U88HT848Y5fb9WJV2KQtK7VsnEsSnSQ
FS45SY9qspakengg3aiIwlXefdv5kK4WudJkN5cliUfkUfxIWyQSghlDnxv5+AeH
smJs2m5eqD0mcVaQH26I8Ow8gN/Zemc7qYM3G60i39ycvCKGhiSRYjGl1J1fSQ1B
QbkJzbdI7BVlnD8FY6Zzbvg6MohUn1lH216KWLdZWDDRISJWeFLNtbwpdgcSXyZH
zFu1GXnmADl45xV6AXoep16xUGQbMgYAnioEdKu8PEWMTUivWAYBkaGFyd8nORG8
S1U=
-----END CERTIFICATE-----