Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/rlBjjb3llnCFWwF7UbDwz4S5WTE.roa
File:                     rlBjjb3llnCFWwF7UbDwz4S5WTE.roa (raw, json)
Hash identifier:          RhYLUOiKEAjPmFLJNvLUbrnOoqgewHzSFtU/+14VeC0=
Subject key identifier:   AE:50:63:8D:BD:E5:96:70:85:5B:01:7B:51:B0:F0:CF:84:B9:59:31
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187695EA295C988625FA8D5B61C247376D5
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/rlBjjb3llnCFWwF7UbDwz4S5WTE.roa
Signing time:             Mon 10 Apr 2023 04:13:42 +0000
ROA not before:           Mon 10 Apr 2023 04:13:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:69:5e:a2:95:c9:88:62:5f:a8:d5:b6:1c:24:73:76:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 10 04:13:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ae50638dbde59670855b017b51b0f0cf84b95931
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:dc:f7:ff:55:42:85:f1:b2:fb:5d:64:1c:71:
                    e3:01:93:0f:48:c4:77:bd:10:89:47:72:7f:8d:67:
                    79:70:66:4b:d8:67:79:44:25:50:3a:26:50:97:b5:
                    9c:1a:45:55:b3:11:ca:3e:95:05:c0:5a:f4:04:eb:
                    22:f5:cd:52:41:73:22:bf:36:4e:90:83:e5:8d:dd:
                    4f:ba:fd:0e:4f:3f:15:e6:a6:13:42:65:e8:a7:3b:
                    d4:55:37:ea:22:06:0e:71:dd:61:d8:eb:58:df:1e:
                    73:69:9a:ec:17:23:7d:96:f5:54:38:89:3b:36:92:
                    87:cc:ca:ba:87:d8:78:17:73:22:26:83:96:e3:0c:
                    b2:69:49:0e:38:19:86:87:a9:80:0c:73:b3:0e:58:
                    96:46:53:4b:56:64:07:f2:bb:0f:8d:ba:76:35:20:
                    75:81:54:54:49:a4:e7:ef:f5:c6:c3:ac:ba:32:45:
                    0f:1e:e0:ec:e9:36:14:55:9a:f0:eb:70:b5:55:51:
                    78:d5:0c:55:75:bf:e6:73:ee:a0:66:82:2e:c2:a3:
                    7b:4a:48:5f:99:0a:1e:d6:8b:6e:c9:d4:ed:25:9b:
                    ac:91:66:b0:fb:04:5e:47:e3:bc:cd:f5:82:d5:2d:
                    35:39:64:71:3f:6f:65:27:73:76:22:88:66:e8:01:
                    e4:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:50:63:8D:BD:E5:96:70:85:5B:01:7B:51:B0:F0:CF:84:B9:59:31
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/rlBjjb3llnCFWwF7UbDwz4S5WTE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:04:5a:47:20:80:b6:57:15:cb:ce:35:63:ec:40:f2:4d:55:
         f7:52:91:97:59:33:24:36:b5:1f:db:2b:a3:73:34:dc:e1:dd:
         ed:2f:6a:09:7d:98:79:ef:6a:86:d6:6d:49:ff:71:eb:2d:5e:
         12:80:b1:6a:5f:ab:7c:28:85:9e:5f:23:57:a2:c1:f7:31:07:
         4c:6a:58:d7:ad:1c:0f:28:74:06:ca:83:fc:05:39:eb:34:e4:
         f2:a9:fb:eb:ef:ad:b5:25:67:7f:8e:03:2f:48:37:dd:dd:8d:
         6e:03:8d:d4:92:ee:aa:e2:3a:a1:0f:fe:a9:90:38:2a:88:40:
         11:22:e7:72:a8:a1:99:f1:7a:83:de:03:64:fd:3d:b5:c1:c0:
         db:95:f5:97:68:23:dc:8c:d9:dd:10:ef:33:4e:2a:1e:b2:33:
         d2:da:56:8f:0a:6f:0e:cd:3f:0c:d8:57:7b:8d:6f:f2:19:aa:
         dc:0c:8e:d1:20:cc:29:be:2a:d6:3a:49:b5:b1:63:ad:6f:0f:
         da:a9:59:8c:7f:3c:0f:5c:bf:50:3b:d0:ab:39:93:59:98:70:
         e2:c6:57:f3:46:39:6b:1c:40:5b:3d:cf:63:b7:4f:21:9c:53:
         29:f8:05:bd:47:24:84:ad:95:57:72:8a:68:18:5a:9b:2b:0c:
         16:74:31:c7
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdpXqKVyYhiX6jVthwkc3bVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDEwMDQxMzQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTUwNjM4ZGJkZTU5NjcwODU1YjAxN2I1MWIwZjBjZjg0Yjk1OTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9z3/1VChfGy+11kHHHjAZMPSMR3
vRCJR3J/jWd5cGZL2Gd5RCVQOiZQl7WcGkVVsxHKPpUFwFr0BOsi9c1SQXMivzZO
kIPljd1Puv0OTz8V5qYTQmXopzvUVTfqIgYOcd1h2OtY3x5zaZrsFyN9lvVUOIk7
NpKHzMq6h9h4F3MiJoOW4wyyaUkOOBmGh6mADHOzDliWRlNLVmQH8rsPjbp2NSB1
gVRUSaTn7/XGw6y6MkUPHuDs6TYUVZrw63C1VVF41QxVdb/mc+6gZoIuwqN7Skhf
mQoe1otuydTtJZuskWaw+wReR+O8zfWC1S01OWRxP29lJ3N2Iohm6AHkaQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFK5QY4295ZZwhVsBe1Gw8M+EuVkxMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcmxCampiM2xsbkNGV3dGN1ViRHd6NFM1V1RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAYEWkcggLZXFcvONWPs
QPJNVfdSkZdZMyQ2tR/bK6NzNNzh3e0vagl9mHnvaobWbUn/cestXhKAsWpfq3wo
hZ5fI1eiwfcxB0xqWNetHA8odAbKg/wFOes05PKp++vvrbUlZ3+OAy9IN93djW4D
jdSS7qriOqEP/qmQOCqIQBEi53KooZnxeoPeA2T9PbXBwNuV9ZdoI9yM2d0Q7zNO
Kh6yM9LaVo8Kbw7NPwzYV3uNb/IZqtwMjtEgzCm+KtY6SbWxY61vD9qpWYx/PA9c
v1A70Ks5k1mYcOLGV/NGOWscQFs9z2O3TyGcUyn4Bb1HJIStlVdyimgYWpsrDBZ0
Mcc=
-----END CERTIFICATE-----