Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/rAOesHeV9p5a112GOv1kC97dWhU.roa
File:                     rAOesHeV9p5a112GOv1kC97dWhU.roa (raw, json)
Hash identifier:          H1rydjduf+r7TjFZkGbmrNmg3HxedsNC0gAdlZ7zIyg=
Subject key identifier:   AC:03:9E:B0:77:95:F6:9E:5A:D7:5D:86:3A:FD:64:0B:DE:DD:5A:15
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01885E2B2125922AED50A20CBFBBE9D51453
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/rAOesHeV9p5a112GOv1kC97dWhU.roa
Signing time:             Sat 27 May 2023 17:04:24 +0000
ROA not before:           Sat 27 May 2023 17:04:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5e2b:ac1/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:5e:2b:21:25:92:2a:ed:50:a2:0c:bf:bb:e9:d5:14:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 27 17:04:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ac039eb07795f69e5ad75d863afd640bdedd5a15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:5a:2c:e9:27:a3:4b:9c:7f:eb:e5:3d:3c:51:
                    87:c3:80:88:06:95:ae:ad:89:05:e3:35:8f:5a:9b:
                    8e:b5:7f:9e:27:ec:fe:9e:09:e7:1c:49:c2:3f:19:
                    00:8b:fe:8c:cf:23:bf:25:e0:35:0c:28:7e:84:80:
                    4c:f5:c3:b8:46:c1:2a:4d:52:c6:4f:ce:c1:31:69:
                    47:d5:f0:21:64:b4:38:97:d4:08:67:b4:f6:a1:79:
                    e1:ab:f2:8e:ac:a3:30:11:f9:17:c6:f7:e3:5c:31:
                    79:3a:e6:3f:03:0b:7e:d0:ce:d1:67:e3:ec:78:3e:
                    35:e4:47:db:2b:c6:69:2f:6f:b4:83:39:be:eb:fe:
                    22:9e:48:7d:36:71:32:ad:cc:41:d0:9f:33:80:97:
                    45:e3:01:04:46:87:a6:ab:aa:43:90:d3:4b:34:03:
                    a0:76:68:9b:4b:8d:b4:08:13:df:9a:8e:18:2d:a1:
                    1b:6b:12:15:96:2f:e5:1b:35:80:8f:50:57:4c:ba:
                    c0:ac:4b:63:c7:73:36:99:68:9f:9f:f5:93:70:7f:
                    29:00:be:d3:81:04:17:9d:af:7e:07:aa:96:73:e5:
                    df:80:54:4c:bb:fc:99:5d:13:cf:8b:e2:33:a2:a5:
                    e0:05:5c:3e:00:4b:3d:c9:f5:51:35:10:fd:a1:6a:
                    33:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:03:9E:B0:77:95:F6:9E:5A:D7:5D:86:3A:FD:64:0B:DE:DD:5A:15
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/rAOesHeV9p5a112GOv1kC97dWhU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         81:1e:16:e8:41:84:27:32:d6:13:29:a2:55:59:0a:28:1f:b3:
         3e:a2:8f:6f:7b:ec:4e:05:6d:8c:2c:dd:45:39:34:98:b0:b2:
         fd:08:1f:86:3f:ba:85:91:4c:d0:9a:ba:3f:b9:b9:74:50:54:
         04:e1:f4:0d:40:82:8e:2e:9b:6a:2b:09:55:95:c6:71:38:c0:
         47:a3:2d:11:e1:b4:11:9e:64:67:1c:32:ab:95:d7:52:2a:0a:
         d3:75:ee:8e:40:e4:ce:f2:e9:c4:cb:96:da:42:c8:d6:40:97:
         8f:b8:04:7c:03:ee:ba:78:e7:dc:1b:cc:80:7c:59:30:5d:f1:
         ed:3b:2f:a5:3f:bb:ab:b1:53:14:6c:08:87:4f:8d:e8:43:cf:
         e5:69:fc:7f:42:27:28:ae:99:04:a5:4a:e1:9b:9b:4f:4c:29:
         c0:4e:21:cd:52:d5:9b:63:1a:f8:fb:f0:27:5b:b4:92:0e:5e:
         5d:60:64:af:6d:ef:d6:ae:54:52:14:31:e0:da:76:7b:59:14:
         30:fc:d3:cf:15:e3:bb:cc:43:89:3f:2a:fb:c1:12:a4:20:4a:
         70:38:3f:35:17:c4:1c:58:75:da:10:9b:1b:4a:3c:89:32:ac:
         49:b3:bb:99:96:0f:04:3d:fb:cc:56:67:2a:bf:33:09:5a:d9:
         7f:10:55:f1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYheKyElkirtUKIMv7vp1RRTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTI3MTcwNDI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzAzOWViMDc3OTVmNjllNWFkNzVkODYzYWZkNjQwYmRlZGQ1YTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1os6SejS5x/6+U9PFGHw4CIBpWu
rYkF4zWPWpuOtX+eJ+z+ngnnHEnCPxkAi/6MzyO/JeA1DCh+hIBM9cO4RsEqTVLG
T87BMWlH1fAhZLQ4l9QIZ7T2oXnhq/KOrKMwEfkXxvfjXDF5OuY/Awt+0M7RZ+Ps
eD415EfbK8ZpL2+0gzm+6/4inkh9NnEyrcxB0J8zgJdF4wEERoemq6pDkNNLNAOg
dmibS420CBPfmo4YLaEbaxIVli/lGzWAj1BXTLrArEtjx3M2mWifn/WTcH8pAL7T
gQQXna9+B6qWc+XfgFRMu/yZXRPPi+IzoqXgBVw+AEs9yfVRNRD9oWozEwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKwDnrB3lfaeWtddhjr9ZAve3VoVMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvckFPZXNIZVY5cDVhMTEyR092MWtDOTdkV2hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIEeFuhBhCcy1hMpolVZ
Cigfsz6ij2977E4FbYws3UU5NJiwsv0IH4Y/uoWRTNCauj+5uXRQVATh9A1Ago4u
m2orCVWVxnE4wEejLRHhtBGeZGccMquV11IqCtN17o5A5M7y6cTLltpCyNZAl4+4
BHwD7rp459wbzIB8WTBd8e07L6U/u6uxUxRsCIdPjehDz+Vp/H9CJyiumQSlSuGb
m09MKcBOIc1S1ZtjGvj78CdbtJIOXl1gZK9t79auVFIUMeDadntZFDD8088V47vM
Q4k/KvvBEqQgSnA4PzUXxBxYddoQmxtKPIkyrEmzu5mWDwQ9+8xWZyq/Mwla2X8Q
VfE=
-----END CERTIFICATE-----