Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/reV2P1RLLPZmg1FkYeC9ReFOnpQ.roa
File:                     reV2P1RLLPZmg1FkYeC9ReFOnpQ.roa (raw, json)
Hash identifier:          hM+EgHg0AUqhHeflwEKKRH2eexepgCp7wqRF/4mCBjY=
Subject key identifier:   AD:E5:76:3F:54:4B:2C:F6:66:83:51:64:61:E0:BD:45:E1:4E:9E:94
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01879B91E111F56A637362E44D7B50081E4E
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/reV2P1RLLPZmg1FkYeC9ReFOnpQ.roa
Signing time:             Wed 19 Apr 2023 22:10:41 +0000
ROA not before:           Wed 19 Apr 2023 22:10:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:9b:91:e1:11:f5:6a:63:73:62:e4:4d:7b:50:08:1e:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 19 22:10:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ade5763f544b2cf66683516461e0bd45e14e9e94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:fc:5d:13:0d:c5:84:53:ef:94:8b:e2:ab:04:
                    b7:71:22:6e:d4:53:56:74:7d:2b:3e:7c:9a:d8:ec:
                    e3:b2:e5:70:5d:ee:d6:81:39:7f:2b:9f:63:9a:aa:
                    f2:56:c2:5a:e9:41:e1:ae:be:22:8f:d8:57:35:ec:
                    cd:d3:23:78:b8:0d:cf:55:2b:60:75:ce:e4:c9:71:
                    08:f3:4c:93:32:03:89:21:dd:ef:d1:d2:6c:f7:2e:
                    f0:b4:04:73:c8:15:fb:93:05:03:72:5d:ed:e3:47:
                    56:e4:69:ec:38:4d:6d:fe:2a:0a:90:dd:a9:e8:f2:
                    4e:26:1c:b4:51:0e:f6:0f:03:23:85:7b:23:ab:44:
                    95:37:a2:6e:54:37:78:97:5a:63:34:05:f3:fa:38:
                    8a:f3:25:6f:f5:cd:3a:11:9e:9b:b5:97:59:98:b3:
                    b4:b9:98:0b:ae:57:74:bf:a8:c2:cf:9e:f5:89:c4:
                    22:2c:d3:4c:c5:18:c3:41:88:ff:2c:1f:8f:04:f6:
                    26:97:1a:88:04:d0:7c:fc:6d:7c:aa:07:3d:e2:37:
                    2c:8d:46:ba:6c:6f:c9:8d:90:b1:36:61:16:eb:61:
                    fb:da:6e:7f:70:8c:c7:93:04:18:9e:7e:77:c9:31:
                    97:77:9d:1f:e0:2f:d0:e3:32:56:fd:45:d5:44:46:
                    70:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:E5:76:3F:54:4B:2C:F6:66:83:51:64:61:E0:BD:45:E1:4E:9E:94
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/reV2P1RLLPZmg1FkYeC9ReFOnpQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         34:8d:04:c8:09:ad:82:ac:78:ea:1e:9c:3f:73:b7:e7:08:d6:
         7e:c0:28:50:0e:8b:f0:b1:cb:9d:81:15:cb:2a:7b:c3:88:a9:
         ca:be:d8:67:98:29:77:5f:9a:9c:60:82:7c:87:c3:4b:2c:f7:
         1b:a2:f0:4b:63:e8:b8:86:78:db:00:93:d2:78:f5:b5:1e:97:
         76:e7:90:17:02:f0:77:ed:8c:3a:ed:03:b2:a8:0e:93:f1:cc:
         f6:37:9d:e3:c3:69:ab:ad:50:b2:d3:ef:a3:2b:f0:69:45:88:
         00:b4:96:ea:d3:29:da:3e:91:f8:2f:57:ec:48:b5:5a:7d:ee:
         ba:05:20:2c:6f:b1:f2:6d:e8:61:01:57:e2:58:e0:72:e2:57:
         5a:ef:9e:24:87:51:8b:e6:10:52:a7:52:14:46:fb:67:84:c0:
         78:ef:c8:d3:94:48:6e:25:55:77:df:fb:ce:93:99:78:a9:d9:
         36:37:15:5b:26:74:d2:d0:80:21:2a:26:92:b9:83:5c:b1:a4:
         df:72:c2:34:42:6b:0b:cf:f0:f0:d7:a3:95:d0:70:10:1f:6d:
         9e:e6:e3:16:85:54:85:69:20:cf:1d:de:5a:a9:4a:a1:0f:61:
         1a:27:91:b3:df:60:61:97:c1:4d:bd:30:06:b5:3e:8b:8e:a7:
         51:b2:45:55
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYebkeER9Wpjc2LkTXtQCB5OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDE5MjIxMDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGU1NzYzZjU0NGIyY2Y2NjY4MzUxNjQ2MWUwYmQ0NWUxNGU5ZTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/xdEw3FhFPvlIviqwS3cSJu1FNW
dH0rPnya2OzjsuVwXe7WgTl/K59jmqryVsJa6UHhrr4ij9hXNezN0yN4uA3PVStg
dc7kyXEI80yTMgOJId3v0dJs9y7wtARzyBX7kwUDcl3t40dW5GnsOE1t/ioKkN2p
6PJOJhy0UQ72DwMjhXsjq0SVN6JuVDd4l1pjNAXz+jiK8yVv9c06EZ6btZdZmLO0
uZgLrld0v6jCz571icQiLNNMxRjDQYj/LB+PBPYmlxqIBNB8/G18qgc94jcsjUa6
bG/JjZCxNmEW62H72m5/cIzHkwQYnn53yTGXd50f4C/Q4zJW/UXVREZwUQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFK3ldj9USyz2ZoNRZGHgvUXhTp6UMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcmVWMlAxUkxMUFptZzFGa1llQzlSZUZPbnBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADSNBMgJrYKseOoenD9z
t+cI1n7AKFAOi/Cxy52BFcsqe8OIqcq+2GeYKXdfmpxggnyHw0ss9xui8Etj6LiG
eNsAk9J49bUel3bnkBcC8HftjDrtA7KoDpPxzPY3nePDaautULLT76Mr8GlFiAC0
lurTKdo+kfgvV+xItVp97roFICxvsfJt6GEBV+JY4HLiV1rvniSHUYvmEFKnUhRG
+2eEwHjvyNOUSG4lVXff+86TmXip2TY3FVsmdNLQgCEqJpK5g1yxpN9ywjRCawvP
8PDXo5XQcBAfbZ7m4xaFVIVpIM8d3lqpSqEPYRonkbPfYGGXwU29MAa1PouOp1Gy
RVU=
-----END CERTIFICATE-----