Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/rHRq32HD1YRG6O3six32wFOHovM.roa
File:                     rHRq32HD1YRG6O3six32wFOHovM.roa (raw, json)
Hash identifier:          y0ZZL8eCVGy1+10OWAl52aR4yZ0XmALiuxmY54A4eDQ=
Subject key identifier:   AC:74:6A:DF:61:C3:D5:84:46:E8:ED:EC:8B:1D:F6:C0:53:87:A2:F3
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187BFD661ED9DEB2648A3A2AAF00175CE55
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/rHRq32HD1YRG6O3six32wFOHovM.roa
Signing time:             Wed 26 Apr 2023 23:11:50 +0000
ROA not before:           Wed 26 Apr 2023 23:11:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:bf:d6:61:ed:9d:eb:26:48:a3:a2:aa:f0:01:75:ce:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 26 23:11:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ac746adf61c3d58446e8edec8b1df6c05387a2f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:21:ba:49:6c:9f:96:a9:45:b0:d9:e6:f6:9b:
                    2d:8e:70:95:99:ca:2a:ec:4f:64:a4:82:eb:39:9b:
                    69:cf:3f:f4:ea:8a:e1:36:16:3e:73:68:2b:86:68:
                    e4:ab:23:27:d4:74:e1:5a:f4:7d:76:ff:d0:db:de:
                    b6:fe:31:4f:1c:e2:a9:cf:98:db:77:9f:e1:08:7f:
                    e7:c6:0e:50:1e:f9:6c:55:3c:9f:09:4e:ce:fb:b8:
                    98:94:ad:25:f3:f6:65:d3:1a:54:e2:cf:a9:ff:c3:
                    20:04:d6:f8:67:8e:d0:ea:44:b7:bb:11:9a:60:b1:
                    b3:54:fe:ec:63:60:f5:95:66:02:75:8c:bf:8d:82:
                    7d:cc:42:e7:ad:b9:3a:a7:8c:97:53:08:3d:40:81:
                    03:b0:2c:ff:95:39:01:8b:5e:84:ad:63:cb:a2:1b:
                    9a:da:13:4e:d7:8c:56:08:e9:c1:e5:91:bc:1c:9f:
                    01:49:90:11:2b:0b:61:39:c4:dd:66:c9:cf:9c:4f:
                    a6:a7:9b:78:3b:10:a1:0e:3d:87:1e:df:c9:23:32:
                    08:9f:17:bd:1c:b9:b2:10:40:c8:1a:61:c1:88:8c:
                    cf:0e:af:91:3a:9f:f7:e9:47:5b:3a:c5:7e:e9:24:
                    81:e5:32:40:15:73:32:44:e8:a5:f9:c8:b1:7f:ae:
                    4d:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:74:6A:DF:61:C3:D5:84:46:E8:ED:EC:8B:1D:F6:C0:53:87:A2:F3
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/rHRq32HD1YRG6O3six32wFOHovM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:60:d8:55:4f:76:15:79:26:7b:48:c7:c6:fc:f0:e4:0d:de:
         2c:91:31:b4:e3:e6:59:d7:b2:4d:73:34:dd:60:2d:48:17:90:
         d4:ee:0a:1d:7c:d1:99:cd:87:1e:6a:0f:6f:8c:9b:d1:ac:c0:
         23:97:41:2e:ec:be:3b:db:9d:68:54:a5:0f:b1:7c:70:cd:d3:
         73:6f:d1:e2:af:49:3d:34:ac:d3:26:e8:41:68:a6:80:0e:59:
         7f:22:d9:5c:9d:cc:15:2f:8b:07:22:da:9c:f6:11:43:8a:b1:
         c8:32:f1:e8:2e:c4:3c:ea:d5:94:41:d5:0d:42:78:dd:bb:73:
         aa:53:c8:bb:22:6e:12:c1:46:c9:30:66:13:71:34:db:7a:65:
         f1:2b:c1:10:13:9e:5c:31:bd:81:07:03:4f:44:bd:6f:d9:c6:
         a6:be:a2:2c:f7:8b:44:16:1a:a1:e6:aa:d6:00:95:a5:fa:16:
         30:db:09:aa:25:6e:12:93:c6:1a:9c:62:15:d5:71:b4:02:cc:
         08:29:1d:d4:af:56:18:b7:6f:15:39:a0:56:55:a3:b5:e9:4c:
         2d:f7:c9:8a:7c:6f:73:65:b2:ea:95:85:8a:fe:07:00:29:49:
         11:ca:dc:b5:db:b7:8d:5e:68:16:ff:8b:f7:4d:3f:c6:a8:3d:
         97:86:13:30
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYe/1mHtnesmSKOiqvABdc5VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDI2MjMxMTUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzc0NmFkZjYxYzNkNTg0NDZlOGVkZWM4YjFkZjZjMDUzODdhMmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgSG6SWyflqlFsNnm9pstjnCVmcoq
7E9kpILrOZtpzz/06orhNhY+c2grhmjkqyMn1HThWvR9dv/Q2962/jFPHOKpz5jb
d5/hCH/nxg5QHvlsVTyfCU7O+7iYlK0l8/Zl0xpU4s+p/8MgBNb4Z47Q6kS3uxGa
YLGzVP7sY2D1lWYCdYy/jYJ9zELnrbk6p4yXUwg9QIEDsCz/lTkBi16ErWPLohua
2hNO14xWCOnB5ZG8HJ8BSZARKwthOcTdZsnPnE+mp5t4OxChDj2HHt/JIzIInxe9
HLmyEEDIGmHBiIzPDq+ROp/36UdbOsV+6SSB5TJAFXMyROil+cixf65NxQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKx0at9hw9WERujt7Isd9sBTh6LzMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvckhScTMySEQxWVJHNk8zc2l4MzJ3Rk9Ib3ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAC1g2FVPdhV5JntIx8b8
8OQN3iyRMbTj5lnXsk1zNN1gLUgXkNTuCh180ZnNhx5qD2+Mm9GswCOXQS7svjvb
nWhUpQ+xfHDN03Nv0eKvST00rNMm6EFopoAOWX8i2VydzBUviwci2pz2EUOKscgy
8eguxDzq1ZRB1Q1CeN27c6pTyLsibhLBRskwZhNxNNt6ZfErwRATnlwxvYEHA09E
vW/Zxqa+oiz3i0QWGqHmqtYAlaX6FjDbCaolbhKTxhqcYhXVcbQCzAgpHdSvVhi3
bxU5oFZVo7XpTC33yYp8b3NlsuqVhYr+BwApSRHK3LXbt41eaBb/i/dNP8aoPZeG
EzA=
-----END CERTIFICATE-----