Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/r63egYCOP_N88PKU11vVq-r-nJY.roa
File:                     r63egYCOP_N88PKU11vVq-r-nJY.roa (raw, json)
Hash identifier:          jgpZHO8WkSSWQF66Atpc8UQ9IbmzsfugTkzoXCs7Awo=
Subject key identifier:   AF:AD:DE:81:80:8E:3F:F3:7C:F0:F2:94:D7:5B:D5:AB:EA:FE:9C:96
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187AF17BEE9F9D5C71F1A88BEDC37FFC046
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/r63egYCOP_N88PKU11vVq-r-nJY.roa
Signing time:             Sun 23 Apr 2023 17:09:41 +0000
ROA not before:           Sun 23 Apr 2023 17:09:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:af:17:be:e9:f9:d5:c7:1f:1a:88:be:dc:37:ff:c0:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 23 17:09:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=afadde81808e3ff37cf0f294d75bd5abeafe9c96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:16:be:c3:a0:ac:38:56:ba:ff:f0:b0:3c:62:
                    fc:6a:0f:53:ab:b3:22:ea:a4:49:73:67:82:49:d8:
                    06:65:bc:c9:ee:51:90:d0:95:4d:47:ff:ef:ba:3e:
                    3a:78:98:48:76:b7:00:d5:1e:47:fc:84:d6:b7:94:
                    f7:1b:88:af:d9:24:fd:aa:25:5d:0f:37:5e:3b:7e:
                    84:cc:de:71:b5:53:da:84:63:f3:eb:16:04:a3:b8:
                    7c:35:5f:bc:39:0e:4b:21:a2:52:59:9d:63:30:91:
                    be:4a:cf:84:e1:31:cc:01:cc:8a:82:22:da:58:fd:
                    d1:dc:10:ba:71:d1:a3:eb:8f:37:7a:63:72:01:fb:
                    16:ba:84:98:26:75:76:db:bc:bc:0c:90:6d:e4:23:
                    0b:4c:6f:85:67:b6:b9:ae:0b:65:0e:74:b6:fd:89:
                    7b:51:89:3a:b8:da:03:be:39:d0:63:1d:05:dc:7b:
                    58:cf:a2:05:f3:27:57:e9:2e:6d:a5:14:38:02:e2:
                    bb:07:10:48:41:c9:1f:22:8c:ce:69:0d:b0:88:74:
                    b6:c0:4f:23:6b:59:88:44:b0:27:e8:1f:4f:4e:0d:
                    f8:f4:70:da:a3:12:73:fe:6f:5d:42:55:4f:42:dc:
                    51:ce:c9:4d:4f:97:42:46:82:2c:16:2e:e4:31:47:
                    b3:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:AD:DE:81:80:8E:3F:F3:7C:F0:F2:94:D7:5B:D5:AB:EA:FE:9C:96
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/r63egYCOP_N88PKU11vVq-r-nJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         65:f7:bd:87:3d:1e:cf:89:92:65:e9:0b:63:e9:2c:f3:06:45:
         9c:de:f9:ba:8f:f0:80:45:d6:30:78:f1:62:d7:fe:c1:24:2d:
         7d:d3:42:2d:7d:c2:21:43:80:f0:57:af:f0:d0:0e:a5:3e:2d:
         d8:0b:bc:b8:09:bb:47:a9:ed:07:7a:93:56:1d:bb:83:3e:83:
         4f:38:f7:d8:49:1a:4f:cb:f2:38:2a:3f:89:b9:48:be:24:57:
         fe:6c:79:7f:af:a7:80:86:d2:ec:18:0c:7f:6d:72:b4:61:0f:
         b4:3a:63:a3:b2:9a:37:a9:0e:4f:b0:04:9c:a3:8a:36:e3:a9:
         5d:54:69:97:18:3f:e5:69:9c:25:6e:56:f5:d4:7c:28:07:45:
         aa:11:4e:e0:28:ba:1d:56:c0:5d:45:16:70:cb:37:62:3c:02:
         46:a0:ae:b5:fb:3e:12:94:59:dc:9f:b7:a8:28:64:61:32:03:
         d2:2a:dc:f3:11:5a:7d:bd:6d:be:d8:7b:59:54:20:c9:6f:59:
         6b:28:07:31:4e:90:f9:ab:5e:31:20:dc:64:d7:42:7a:f9:57:
         06:9a:9e:f4:4f:29:de:81:40:cf:dd:71:cf:fe:77:6b:0c:5d:
         b4:57:97:a0:d3:e4:73:77:6d:76:46:b9:55:0d:d9:b2:57:13:
         1a:67:03:7e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYevF77p+dXHHxqIvtw3/8BGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDIzMTcwOTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmFkZGU4MTgwOGUzZmYzN2NmMGYyOTRkNzViZDVhYmVhZmU5Yzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArBa+w6CsOFa6//CwPGL8ag9Tq7Mi
6qRJc2eCSdgGZbzJ7lGQ0JVNR//vuj46eJhIdrcA1R5H/ITWt5T3G4iv2ST9qiVd
DzdeO36EzN5xtVPahGPz6xYEo7h8NV+8OQ5LIaJSWZ1jMJG+Ss+E4THMAcyKgiLa
WP3R3BC6cdGj6483emNyAfsWuoSYJnV227y8DJBt5CMLTG+FZ7a5rgtlDnS2/Yl7
UYk6uNoDvjnQYx0F3HtYz6IF8ydX6S5tpRQ4AuK7BxBIQckfIozOaQ2wiHS2wE8j
a1mIRLAn6B9PTg349HDaoxJz/m9dQlVPQtxRzslNT5dCRoIsFi7kMUezmQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFK+t3oGAjj/zfPDylNdb1avq/pyWMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcjYzZWdZQ09QX044OFBLVTExdlZxLXItbkpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGX3vYc9Hs+JkmXpC2Pp
LPMGRZze+bqP8IBF1jB48WLX/sEkLX3TQi19wiFDgPBXr/DQDqU+LdgLvLgJu0ep
7Qd6k1Ydu4M+g08499hJGk/L8jgqP4m5SL4kV/5seX+vp4CG0uwYDH9tcrRhD7Q6
Y6OymjepDk+wBJyjijbjqV1UaZcYP+VpnCVuVvXUfCgHRaoRTuAouh1WwF1FFnDL
N2I8AkagrrX7PhKUWdyft6goZGEyA9Iq3PMRWn29bb7Ye1lUIMlvWWsoBzFOkPmr
XjEg3GTXQnr5VwaanvRPKd6BQM/dcc/+d2sMXbRXl6DT5HN3bXZGuVUN2bJXExpn
A34=
-----END CERTIFICATE-----