Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/r69gv5oPHOWNZYd-QK_G0qoGGBI.roa
File:                     r69gv5oPHOWNZYd-QK_G0qoGGBI.roa (raw, json)
Hash identifier:          339/g6y3eb9VIKejtTtHvOfKROZeT5y61Apdd98fLo8=
Subject key identifier:   AF:AF:60:BF:9A:0F:1C:E5:8D:65:87:7E:40:AF:C6:D2:AA:06:18:12
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187AA6114A017BF23095C51F957A7B93D9A
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/r69gv5oPHOWNZYd-QK_G0qoGGBI.roa
Signing time:             Sat 22 Apr 2023 19:11:41 +0000
ROA not before:           Sat 22 Apr 2023 19:11:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:aa:61:14:a0:17:bf:23:09:5c:51:f9:57:a7:b9:3d:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 22 19:11:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=afaf60bf9a0f1ce58d65877e40afc6d2aa061812
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:7f:67:3c:7c:41:37:b5:eb:f4:a5:a2:ec:81:
                    a1:4b:ad:2a:c3:98:c8:a3:bc:06:85:e2:97:5d:68:
                    18:c0:eb:a9:bc:bd:08:b1:9e:31:a8:9c:61:b3:df:
                    61:c7:3d:c3:98:c3:c9:70:55:b3:d0:9a:56:eb:77:
                    b8:b5:87:60:25:82:21:c9:76:1e:ac:be:88:3b:ca:
                    fb:ed:a8:66:cc:ea:c2:be:42:70:dc:40:6c:30:30:
                    b2:0d:2f:62:26:67:ea:7b:35:09:da:88:9e:2a:fc:
                    00:a2:08:7d:a4:29:98:29:5b:45:a4:e9:7b:4a:c9:
                    6f:45:25:12:81:32:6f:a6:c7:68:e1:a2:db:97:3d:
                    59:dc:70:9d:c7:99:74:ed:92:b4:81:94:0f:f7:bc:
                    fb:b0:66:b5:0b:b2:b5:3e:ca:e3:40:50:9a:64:10:
                    3e:ab:dd:05:01:69:77:b1:39:4f:e2:68:e3:d3:3a:
                    ad:81:c7:8c:e5:d9:ed:03:42:00:3f:fd:32:99:1c:
                    5c:d5:87:ef:9b:7a:f9:fa:e7:88:78:55:c5:12:3b:
                    51:95:07:a4:e9:ad:cb:86:91:d4:6d:f4:99:0d:74:
                    45:a5:97:ad:7e:1d:b2:41:ae:68:88:82:dd:35:37:
                    32:87:a1:52:f1:de:f3:8c:67:9f:da:ab:68:c0:75:
                    1b:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:AF:60:BF:9A:0F:1C:E5:8D:65:87:7E:40:AF:C6:D2:AA:06:18:12
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/r69gv5oPHOWNZYd-QK_G0qoGGBI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:ac:d3:4e:87:52:36:8d:0c:5a:07:f8:4d:ef:51:c3:a3:30:
         a6:fc:49:78:de:bf:7a:7d:f5:73:76:27:be:f9:88:65:56:10:
         e1:f7:db:55:d9:df:1d:7a:bd:cb:93:9e:37:3e:6a:39:b5:d3:
         3d:d8:b1:b3:8a:d3:c5:90:99:c7:91:d3:c1:4b:9d:61:4e:db:
         9b:2c:df:75:ee:be:03:98:c1:15:2d:06:05:fa:f3:c0:02:7f:
         8a:61:e5:f5:7f:5f:c3:f4:7d:da:97:da:4a:4e:bd:a7:b3:a8:
         95:5b:78:23:10:c8:fb:5a:b4:2f:db:36:94:4d:0c:20:e3:fb:
         df:6e:15:41:cc:3b:cd:14:32:af:ab:e3:86:14:a9:e4:9e:ec:
         b1:47:2a:fa:40:bd:a1:4f:fb:ac:7d:85:85:3d:4a:80:75:b6:
         6f:ec:ad:3a:0b:dc:96:63:bf:da:5e:4f:b4:26:16:2b:80:75:
         ad:f0:86:57:1a:7a:36:c3:cb:65:9f:b1:44:f8:45:95:79:43:
         45:d4:fa:fb:a1:36:59:fb:f8:51:57:d8:c7:c8:5b:df:75:4a:
         8e:f7:6c:3a:4f:f7:f7:08:36:6d:d1:e2:2f:a0:3a:0a:38:0b:
         35:e2:a1:e2:dc:ae:0a:17:97:2a:75:a0:bd:fd:1c:f7:d5:4f:
         76:7f:f6:7a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYeqYRSgF78jCVxR+VenuT2aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDIyMTkxMTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmFmNjBiZjlhMGYxY2U1OGQ2NTg3N2U0MGFmYzZkMmFhMDYxODEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo39nPHxBN7Xr9KWi7IGhS60qw5jI
o7wGheKXXWgYwOupvL0IsZ4xqJxhs99hxz3DmMPJcFWz0JpW63e4tYdgJYIhyXYe
rL6IO8r77ahmzOrCvkJw3EBsMDCyDS9iJmfqezUJ2oieKvwAogh9pCmYKVtFpOl7
SslvRSUSgTJvpsdo4aLblz1Z3HCdx5l07ZK0gZQP97z7sGa1C7K1PsrjQFCaZBA+
q90FAWl3sTlP4mjj0zqtgceM5dntA0IAP/0ymRxc1Yfvm3r5+ueIeFXFEjtRlQek
6a3LhpHUbfSZDXRFpZetfh2yQa5oiILdNTcyh6FS8d7zjGef2qtowHUbywIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFK+vYL+aDxzljWWHfkCvxtKqBhgSMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcjY5Z3Y1b1BIT1dOWllkLVFLX0cwcW9HR0JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAC6s006HUjaNDFoH+E3v
UcOjMKb8SXjev3p99XN2J775iGVWEOH321XZ3x16vcuTnjc+ajm10z3YsbOK08WQ
mceR08FLnWFO25ss33XuvgOYwRUtBgX688ACf4ph5fV/X8P0fdqX2kpOvaezqJVb
eCMQyPtatC/bNpRNDCDj+99uFUHMO80UMq+r44YUqeSe7LFHKvpAvaFP+6x9hYU9
SoB1tm/srToL3JZjv9peT7QmFiuAda3whlcaejbDy2WfsUT4RZV5Q0XU+vuhNln7
+FFX2MfIW991So73bDpP9/cINm3R4i+gOgo4CzXioeLcrgoXlyp1oL39HPfVT3Z/
9no=
-----END CERTIFICATE-----