Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/rrYYyEsqB72VMYQqYfwtgsCDwkY.roa
File:                     rrYYyEsqB72VMYQqYfwtgsCDwkY.roa (raw, json)
Hash identifier:          aXQdMBJ3Xw4UGDtqX3uSrj7Z6FIy+akj6CnWBZ2IIUg=
Subject key identifier:   AE:B6:18:C8:4B:2A:07:BD:95:31:84:2A:61:FC:2D:82:C0:83:C2:46
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186EAC690D729769A1BD035740857B0CB0A
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/rrYYyEsqB72VMYQqYfwtgsCDwkY.roa
Signing time:             Thu 16 Mar 2023 14:15:27 +0000
ROA not before:           Thu 16 Mar 2023 14:15:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:ea:c6:90:d7:29:76:9a:1b:d0:35:74:08:57:b0:cb:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 16 14:15:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=aeb618c84b2a07bd9531842a61fc2d82c083c246
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:af:33:bd:4b:4a:89:b7:83:63:81:0c:f6:1c:
                    8f:88:35:ea:d2:43:12:07:e6:2b:a8:c1:88:b1:f2:
                    4b:95:1f:9a:4c:29:f7:b1:2d:42:71:1f:b8:5b:91:
                    39:97:20:cd:3c:05:d4:67:49:d4:fa:25:1b:d6:16:
                    f4:25:10:d6:05:9b:ed:70:05:d7:36:15:57:72:5a:
                    35:80:cc:8d:13:2e:6c:74:0e:be:c4:f7:56:ac:8a:
                    b2:ef:6c:38:03:52:e8:91:fa:9d:81:ef:7c:94:1f:
                    f3:8f:02:0f:1b:43:1d:43:6c:d0:37:86:9e:50:31:
                    8a:4d:98:c7:a6:bf:f0:48:28:79:53:ac:bb:9a:54:
                    f8:67:09:8b:a6:29:d0:ca:98:c6:06:7b:15:d7:72:
                    c1:80:5e:3d:33:66:8b:17:e8:4c:ee:93:7e:f6:60:
                    7f:26:4b:a9:69:4c:d1:e2:1a:18:94:d8:4f:d6:e6:
                    c3:da:b4:ae:7a:48:9b:d1:07:fb:33:c5:74:fa:d1:
                    f2:41:be:c5:01:c9:6d:30:74:33:0a:2c:20:55:8b:
                    db:12:d6:9d:e9:81:00:4f:4c:95:11:14:8b:05:c6:
                    3d:a2:f7:5a:bc:61:dc:3f:a9:86:6f:c4:13:c9:43:
                    08:74:6f:1c:43:4b:bb:34:13:d1:85:ba:17:ec:e4:
                    af:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:B6:18:C8:4B:2A:07:BD:95:31:84:2A:61:FC:2D:82:C0:83:C2:46
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/rrYYyEsqB72VMYQqYfwtgsCDwkY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         29:b7:44:68:01:a0:78:68:7a:4b:c1:81:4b:bd:71:00:e0:30:
         75:2f:38:1e:9b:2b:32:e1:b3:f4:cc:b0:d9:55:ad:d5:6f:67:
         ed:e7:c9:9a:39:1d:bd:16:05:60:24:fe:13:11:6c:6a:94:1f:
         f4:75:9f:3b:7e:a0:89:5a:00:81:79:79:ba:24:fd:b9:2b:81:
         bc:7c:fa:ae:db:54:8b:82:c9:f8:f9:ba:36:e7:8a:65:24:4a:
         d5:61:fc:74:14:de:81:1e:72:4e:96:59:10:41:4c:5e:96:ce:
         22:fb:c6:29:50:0b:76:01:f7:74:56:51:23:8e:73:89:cb:de:
         3f:a4:f9:d6:5e:9d:8d:ed:3a:53:9a:53:24:ae:8f:4f:8e:75:
         8e:a2:36:34:f1:a6:91:ec:10:8f:ab:12:25:83:82:68:87:4f:
         c8:2e:ac:01:0a:81:76:8b:f4:d8:65:ee:54:24:75:e2:69:ff:
         08:3d:61:e2:e1:d5:04:18:ed:0c:b7:5e:90:d6:40:f7:76:d1:
         a7:47:4a:c5:69:ea:06:09:d2:b7:4e:0a:4b:bf:25:b1:11:48:
         11:9d:5b:89:6c:5c:44:e6:c9:f6:48:47:3d:cb:3a:f4:c1:6e:
         d6:6b:d1:95:16:cb:84:27:0c:e8:e6:af:f8:4a:a1:13:9a:81:
         f3:49:c8:40
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbqxpDXKXaaG9A1dAhXsMsKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzE2MTQxNTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWI2MThjODRiMmEwN2JkOTUzMTg0MmE2MWZjMmQ4MmMwODNjMjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArK8zvUtKibeDY4EM9hyPiDXq0kMS
B+YrqMGIsfJLlR+aTCn3sS1CcR+4W5E5lyDNPAXUZ0nU+iUb1hb0JRDWBZvtcAXX
NhVXclo1gMyNEy5sdA6+xPdWrIqy72w4A1Lokfqdge98lB/zjwIPG0MdQ2zQN4ae
UDGKTZjHpr/wSCh5U6y7mlT4ZwmLpinQypjGBnsV13LBgF49M2aLF+hM7pN+9mB/
JkupaUzR4hoYlNhP1ubD2rSuekib0Qf7M8V0+tHyQb7FAcltMHQzCiwgVYvbEtad
6YEAT0yVERSLBcY9ovdavGHcP6mGb8QTyUMIdG8cQ0u7NBPRhboX7OSvRwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFK62GMhLKge9lTGEKmH8LYLAg8JGMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcnJZWXlFc3FCNzJWTVlRcVlmd3Rnc0NEd2tZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACm3RGgBoHhoekvBgUu9
cQDgMHUvOB6bKzLhs/TMsNlVrdVvZ+3nyZo5Hb0WBWAk/hMRbGqUH/R1nzt+oIla
AIF5ebok/bkrgbx8+q7bVIuCyfj5ujbnimUkStVh/HQU3oEeck6WWRBBTF6WziL7
xilQC3YB93RWUSOOc4nL3j+k+dZenY3tOlOaUySuj0+OdY6iNjTxppHsEI+rEiWD
gmiHT8gurAEKgXaL9Nhl7lQkdeJp/wg9YeLh1QQY7Qy3XpDWQPd20adHSsVp6gYJ
0rdOCku/JbERSBGdW4lsXETmyfZIRz3LOvTBbtZr0ZUWy4QnDOjmr/hKoROagfNJ
yEA=
-----END CERTIFICATE-----