Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/plZJD0OFTzpdrtE2wnkZYw2NaBQ.roa
File:                     plZJD0OFTzpdrtE2wnkZYw2NaBQ.roa (raw, json)
Hash identifier:          cO2VMP7Bmg6f/NEBr9OPi2JT/nysNNFCzdldVy2poI4=
Subject key identifier:   A6:56:49:0F:43:85:4F:3A:5D:AE:D1:36:C2:79:19:63:0D:8D:68:14
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187DFD09C7D7420C6EDC6ACBD1C555E0CB5
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/plZJD0OFTzpdrtE2wnkZYw2NaBQ.roa
Signing time:             Wed 03 May 2023 04:13:23 +0000
ROA not before:           Wed 03 May 2023 04:13:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:df:d0:9c:7d:74:20:c6:ed:c6:ac:bd:1c:55:5e:0c:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  3 04:13:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a656490f43854f3a5daed136c27919630d8d6814
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:cf:e2:ec:1c:01:56:9b:ad:70:b6:39:86:d7:
                    97:f8:40:b4:e5:aa:4f:32:91:99:f4:94:d9:28:e8:
                    9e:b1:f4:28:79:9a:4e:ce:d2:49:95:7b:a7:87:63:
                    80:fa:70:99:dc:3a:4c:3e:92:c4:24:eb:c3:69:72:
                    40:88:12:c3:df:f7:5d:8a:e7:29:7a:39:06:c2:c5:
                    a7:d1:e2:5b:23:61:14:d2:e9:0a:90:a1:0a:1a:eb:
                    a2:12:9a:cc:46:cb:6e:b2:56:97:f3:6a:cf:41:64:
                    c3:fd:c9:0c:cf:22:be:6f:d8:d0:e9:d6:77:31:5a:
                    7b:66:5b:c4:68:2f:05:a3:e3:5e:53:4e:e9:fe:c4:
                    93:68:0b:f8:ef:b7:91:d8:1a:61:30:67:f7:07:71:
                    41:94:01:1e:4b:f5:8c:e6:52:ac:06:db:00:63:69:
                    2c:04:3a:d9:6f:c8:b3:c6:84:ec:b0:3e:01:c2:60:
                    73:44:75:c5:2f:0c:58:80:13:30:69:af:c2:03:9d:
                    a1:0b:56:76:db:a7:70:01:cd:f5:88:97:c2:fd:34:
                    0f:b6:8b:97:66:1f:11:ae:70:79:63:b3:a5:27:67:
                    2a:76:78:3c:d8:4c:0a:c6:df:45:3f:71:e6:35:4e:
                    d3:7d:c5:15:2b:eb:ab:af:7d:2e:88:d0:e9:0b:42:
                    d9:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:56:49:0F:43:85:4F:3A:5D:AE:D1:36:C2:79:19:63:0D:8D:68:14
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/plZJD0OFTzpdrtE2wnkZYw2NaBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         23:cd:51:33:b0:97:57:17:58:74:af:6c:19:30:25:f0:cf:81:
         65:03:87:4e:04:76:10:8f:0b:81:e0:4e:40:2a:f0:97:0b:61:
         dc:19:0e:18:f5:ce:2c:ac:27:6d:43:10:f6:07:98:ce:ab:a8:
         f4:d5:d5:08:88:ca:dd:0f:0b:45:61:cc:55:01:27:d2:e9:cd:
         80:05:7a:e9:98:85:51:7b:4d:d4:6a:10:fd:f8:5f:3c:06:62:
         1b:79:5b:9e:9e:81:bb:75:e1:e2:ed:eb:55:76:d2:3c:30:82:
         7a:9c:08:6c:9d:7d:5f:2c:98:ec:0d:71:78:74:75:1d:11:80:
         4f:f4:9e:0d:38:fa:fc:9f:aa:ee:ed:04:20:ea:eb:e3:1f:44:
         b0:10:f5:df:af:87:58:23:6c:b7:f6:65:2e:74:c0:b3:12:f9:
         78:5f:ea:6c:6b:64:dd:ac:82:e4:3e:51:3c:46:d4:48:76:2a:
         71:f4:f8:b3:b2:08:30:e4:22:b7:6d:cb:8d:18:19:4e:72:ed:
         cc:87:3f:64:83:1e:5b:76:ea:86:da:e3:4d:e5:c3:c9:3b:b5:
         0b:4a:82:b5:0d:df:db:d9:81:d2:22:cd:9d:04:29:d8:4c:f9:
         ab:20:a7:4b:a3:23:31:34:b5:8a:e9:17:9e:84:f4:11:32:d9:
         17:e8:a1:c0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYff0Jx9dCDG7casvRxVXgy1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTAzMDQxMzIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjU2NDkwZjQzODU0ZjNhNWRhZWQxMzZjMjc5MTk2MzBkOGQ2ODE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9M/i7BwBVputcLY5hteX+EC05apP
MpGZ9JTZKOiesfQoeZpOztJJlXunh2OA+nCZ3DpMPpLEJOvDaXJAiBLD3/ddiucp
ejkGwsWn0eJbI2EU0ukKkKEKGuuiEprMRstuslaX82rPQWTD/ckMzyK+b9jQ6dZ3
MVp7ZlvEaC8Fo+NeU07p/sSTaAv477eR2BphMGf3B3FBlAEeS/WM5lKsBtsAY2ks
BDrZb8izxoTssD4BwmBzRHXFLwxYgBMwaa/CA52hC1Z226dwAc31iJfC/TQPtouX
Zh8RrnB5Y7OlJ2cqdng82EwKxt9FP3HmNU7TfcUVK+urr30uiNDpC0LZHQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKZWSQ9DhU86Xa7RNsJ5GWMNjWgUMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcGxaSkQwT0ZUenBkcnRFMndua1pZdzJOYUJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACPNUTOwl1cXWHSvbBkw
JfDPgWUDh04EdhCPC4HgTkAq8JcLYdwZDhj1ziysJ21DEPYHmM6rqPTV1QiIyt0P
C0VhzFUBJ9LpzYAFeumYhVF7TdRqEP34XzwGYht5W56egbt14eLt61V20jwwgnqc
CGydfV8smOwNcXh0dR0RgE/0ng04+vyfqu7tBCDq6+MfRLAQ9d+vh1gjbLf2ZS50
wLMS+Xhf6mxrZN2sguQ+UTxG1Eh2KnH0+LOyCDDkIrdty40YGU5y7cyHP2SDHlt2
6oba403lw8k7tQtKgrUN39vZgdIizZ0EKdhM+asgp0ujIzE0tYrpF56E9BEy2Rfo
ocA=
-----END CERTIFICATE-----