Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/py4CPkulohGK5pii5-4--Rn18oI.roa
File:                     py4CPkulohGK5pii5-4--Rn18oI.roa (raw, json)
Hash identifier:          WfHMlNxiQ6M+PVKDd7ePLfzw6h9jALdx+ERZPVVi5F4=
Subject key identifier:   A7:2E:02:3E:4B:A5:A2:11:8A:E6:98:A2:E7:EE:3E:F9:19:F5:F2:82
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01871D9E00D5DE8C43C82E22658EBCB44C12
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/py4CPkulohGK5pii5-4--Rn18oI.roa
Signing time:             Sun 26 Mar 2023 11:11:46 +0000
ROA not before:           Sun 26 Mar 2023 11:11:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:1d:9e:00:d5:de:8c:43:c8:2e:22:65:8e:bc:b4:4c:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 26 11:11:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a72e023e4ba5a2118ae698a2e7ee3ef919f5f282
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:56:75:58:70:c8:d9:8a:c2:0c:36:23:67:25:
                    0c:bf:b4:a8:ef:9e:80:0f:8c:44:d2:30:d6:0e:14:
                    89:c2:2c:80:34:b4:67:9b:9c:49:7e:d3:9a:48:36:
                    8c:23:34:d9:be:13:86:1a:6c:88:82:a7:61:a7:77:
                    ff:5e:44:7c:8f:a2:76:0e:d6:b3:0c:ce:47:e0:96:
                    22:76:72:7c:3a:0d:84:b1:08:e7:c9:38:55:12:b9:
                    fe:17:20:b7:25:58:f6:f5:ae:6c:54:bd:8f:f3:84:
                    cb:e9:70:b1:cc:e2:87:da:d5:8b:72:3c:e2:e9:09:
                    b3:74:4e:f9:44:aa:e6:47:42:d8:b4:f7:e6:11:59:
                    13:e9:3a:db:ef:57:ad:47:8f:b3:c5:c8:fc:d8:9d:
                    fa:75:f8:a5:e5:59:3f:f4:86:79:3e:ae:5a:ef:a0:
                    72:4e:35:9f:7b:7a:01:70:ec:18:53:ca:96:98:8e:
                    7f:71:f6:7b:57:ad:e2:a1:a1:c4:8b:60:1c:62:88:
                    31:ef:aa:9d:47:80:12:5f:be:c2:8b:f3:e5:89:45:
                    06:da:dc:89:1e:fb:7c:ac:d5:b8:1a:27:eb:e6:bd:
                    60:a3:b2:97:5c:95:f4:a2:b9:68:68:19:e3:bc:75:
                    c9:2e:a3:a5:81:e7:01:79:64:65:be:5a:24:fd:75:
                    b8:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:2E:02:3E:4B:A5:A2:11:8A:E6:98:A2:E7:EE:3E:F9:19:F5:F2:82
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/py4CPkulohGK5pii5-4--Rn18oI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:56:b8:8a:d2:da:b6:42:0e:57:e6:67:cd:34:19:36:a2:0a:
         fc:48:b5:56:9d:c5:49:dd:c0:17:59:02:bf:d1:0d:29:93:8d:
         20:5a:ad:c5:63:ad:49:4b:42:04:5e:a4:da:3f:9c:84:bb:51:
         e5:d2:30:0b:01:b3:1b:60:50:16:fe:ad:7d:e0:10:a0:5f:1e:
         6f:96:51:24:4d:ac:ef:37:b6:5f:e2:d1:5c:06:1c:8e:b5:1a:
         18:a9:f2:e6:c8:7b:45:db:35:7c:8d:79:ee:dd:5b:e8:b3:10:
         c6:00:48:f3:29:51:da:0b:07:d8:2a:87:da:1a:17:ea:92:38:
         9e:b2:ef:4a:bd:15:fa:c8:aa:02:ee:33:70:cd:b3:90:03:f3:
         ee:73:32:44:f0:bc:a6:77:71:0e:5d:c4:29:8c:ed:9f:6d:d2:
         80:50:ea:ad:a0:74:98:bd:7f:8d:b5:e5:75:bd:96:24:eb:93:
         df:28:78:3d:d1:c9:6d:7b:00:da:5b:64:97:e8:0c:0b:92:4d:
         84:9f:20:d8:39:8e:ec:63:91:d7:47:cf:71:d4:a4:29:f4:e7:
         cc:64:2a:7b:aa:42:43:7a:18:dc:c3:c5:ee:90:f2:42:cb:fe:
         b9:96:32:69:68:2d:68:9f:6e:c3:ba:6d:93:c8:4c:c7:14:80:
         ff:46:5d:ef
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcdngDV3oxDyC4iZY68tEwSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI2MTExMTQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzJlMDIzZTRiYTVhMjExOGFlNjk4YTJlN2VlM2VmOTE5ZjVmMjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFZ1WHDI2YrCDDYjZyUMv7So756A
D4xE0jDWDhSJwiyANLRnm5xJftOaSDaMIzTZvhOGGmyIgqdhp3f/XkR8j6J2Dtaz
DM5H4JYidnJ8Og2EsQjnyThVErn+FyC3JVj29a5sVL2P84TL6XCxzOKH2tWLcjzi
6QmzdE75RKrmR0LYtPfmEVkT6Trb71etR4+zxcj82J36dfil5Vk/9IZ5Pq5a76By
TjWfe3oBcOwYU8qWmI5/cfZ7V63ioaHEi2AcYogx76qdR4ASX77Ci/PliUUG2tyJ
Hvt8rNW4Gifr5r1go7KXXJX0orloaBnjvHXJLqOlgecBeWRlvlok/XW4vQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKcuAj5LpaIRiuaYoufuPvkZ9fKCMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcHk0Q1BrdWxvaEdLNXBpaTUtNC0tUm4xOG9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFBWuIrS2rZCDlfmZ800
GTaiCvxItVadxUndwBdZAr/RDSmTjSBarcVjrUlLQgRepNo/nIS7UeXSMAsBsxtg
UBb+rX3gEKBfHm+WUSRNrO83tl/i0VwGHI61Ghip8ubIe0XbNXyNee7dW+izEMYA
SPMpUdoLB9gqh9oaF+qSOJ6y70q9FfrIqgLuM3DNs5AD8+5zMkTwvKZ3cQ5dxCmM
7Z9t0oBQ6q2gdJi9f4215XW9liTrk98oeD3RyW17ANpbZJfoDAuSTYSfINg5juxj
kddHz3HUpCn058xkKnuqQkN6GNzDxe6Q8kLL/rmWMmloLWifbsO6bZPITMcUgP9G
Xe8=
-----END CERTIFICATE-----