Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ruI2aD0XzNii_leq2-aUQWkiNec.roa
File:                     ruI2aD0XzNii_leq2-aUQWkiNec.roa (raw, json)
Hash identifier:          VtOLexAtecw1TjoawDP5XN1gBrH9c4Qhu3fGrcOHu9k=
Subject key identifier:   AE:E2:36:68:3D:17:CC:D8:A2:FE:57:AA:DB:E6:94:41:69:22:35:E7
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187C6EA11D7D275D0AA69578425BF71F5F4
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ruI2aD0XzNii_leq2-aUQWkiNec.roa
Signing time:             Fri 28 Apr 2023 08:10:41 +0000
ROA not before:           Fri 28 Apr 2023 08:10:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:c6:ea:11:d7:d2:75:d0:aa:69:57:84:25:bf:71:f5:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 28 08:10:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=aee236683d17ccd8a2fe57aadbe69441692235e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:e5:5c:c3:74:b1:09:d9:0e:3c:5b:8a:80:dc:
                    ec:3b:fe:e2:25:49:91:ec:a5:12:c1:3d:2b:27:4a:
                    29:63:79:38:7c:78:e4:4f:c0:42:ed:41:1a:d3:50:
                    50:44:b7:e7:6d:93:12:cc:67:c4:27:fa:a6:88:6e:
                    fb:ac:dd:20:60:88:e5:0b:5a:94:6f:17:6e:00:08:
                    a2:d1:d2:cb:94:8e:07:08:2b:53:e3:f3:21:04:f0:
                    23:89:6c:f8:36:26:1a:4f:60:33:2f:2a:81:de:85:
                    3e:04:87:95:d1:a6:e0:d2:f2:b9:86:d2:8f:7c:a4:
                    9d:7b:1b:43:7b:c8:6b:7c:47:2d:4c:13:dd:60:94:
                    78:31:a2:06:0f:91:45:ed:75:9b:8a:42:5d:49:01:
                    5d:0e:57:0f:a6:17:0b:f1:48:46:69:32:ff:0e:37:
                    3f:d9:36:e1:64:d4:78:de:b3:ae:75:7e:81:7e:af:
                    e8:ba:7c:04:19:d8:ae:93:ef:3f:e8:00:62:01:bc:
                    7b:f1:52:9d:df:11:72:5c:d3:b5:5c:27:03:a0:e3:
                    6a:5f:79:b2:14:2a:56:3b:77:bf:45:68:98:c8:cb:
                    a2:21:45:65:b2:04:3b:e4:98:65:28:60:30:76:9f:
                    61:8e:f2:fc:69:45:d3:dc:e4:db:b3:4b:0e:ac:f3:
                    67:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:E2:36:68:3D:17:CC:D8:A2:FE:57:AA:DB:E6:94:41:69:22:35:E7
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ruI2aD0XzNii_leq2-aUQWkiNec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:9e:2e:c3:76:f5:c1:3a:76:57:99:b0:76:8c:ca:d1:37:a8:
         cc:4f:c5:ce:3d:41:de:08:05:5e:c5:7c:8a:f2:60:ae:f6:1f:
         bc:99:80:43:9e:bc:74:68:5f:0b:68:c8:91:7c:87:6d:71:12:
         43:c8:0b:f9:e5:65:e8:c0:dc:47:78:70:46:93:75:18:ad:d6:
         ae:1c:4e:c6:00:96:ae:36:e8:b4:fb:49:44:31:15:72:7f:21:
         27:33:fd:17:e6:00:56:ef:b7:22:0f:66:dc:bd:ec:2d:f6:9e:
         0f:00:da:af:38:6b:e6:c3:01:af:d6:7b:8a:ff:57:84:54:34:
         a4:b8:eb:f6:ad:85:af:22:20:9e:5c:d5:e7:36:00:49:ca:27:
         53:c3:8b:0d:59:c1:d8:00:53:bb:0c:bf:d1:05:ad:17:81:c7:
         61:98:ca:fa:e3:c3:ae:4c:59:61:b8:ad:0a:4b:64:ae:6a:a0:
         26:e5:94:91:9a:6a:38:01:74:d9:db:fd:55:56:db:66:71:6a:
         2b:61:f8:78:4a:30:1a:16:35:b7:a0:0b:d6:45:61:a0:23:27:
         ef:f4:23:56:aa:01:1e:72:e3:f1:97:a0:1d:f2:6d:ab:0b:1d:
         f3:70:1f:e4:b2:0f:2e:93:d9:77:46:a1:75:4f:ed:7d:25:54:
         aa:29:64:a0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfG6hHX0nXQqmlXhCW/cfX0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDI4MDgxMDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWUyMzY2ODNkMTdjY2Q4YTJmZTU3YWFkYmU2OTQ0MTY5MjIzNWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg+Vcw3SxCdkOPFuKgNzsO/7iJUmR
7KUSwT0rJ0opY3k4fHjkT8BC7UEa01BQRLfnbZMSzGfEJ/qmiG77rN0gYIjlC1qU
bxduAAii0dLLlI4HCCtT4/MhBPAjiWz4NiYaT2AzLyqB3oU+BIeV0abg0vK5htKP
fKSdextDe8hrfEctTBPdYJR4MaIGD5FF7XWbikJdSQFdDlcPphcL8UhGaTL/Djc/
2TbhZNR43rOudX6Bfq/ounwEGdiuk+8/6ABiAbx78VKd3xFyXNO1XCcDoONqX3my
FCpWO3e/RWiYyMuiIUVlsgQ75JhlKGAwdp9hjvL8aUXT3OTbs0sOrPNn8QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFK7iNmg9F8zYov5XqtvmlEFpIjXnMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcnVJMmFEMFh6TmlpX2xlcTItYVVRV2tpTmVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFaeLsN29cE6dleZsHaM
ytE3qMxPxc49Qd4IBV7FfIryYK72H7yZgEOevHRoXwtoyJF8h21xEkPIC/nlZejA
3Ed4cEaTdRit1q4cTsYAlq426LT7SUQxFXJ/IScz/RfmAFbvtyIPZty97C32ng8A
2q84a+bDAa/We4r/V4RUNKS46/atha8iIJ5c1ec2AEnKJ1PDiw1ZwdgAU7sMv9EF
rReBx2GYyvrjw65MWWG4rQpLZK5qoCbllJGaajgBdNnb/VVW22Zxaith+HhKMBoW
NbegC9ZFYaAjJ+/0I1aqAR5y4/GXoB3ybasLHfNwH+SyDy6T2XdGoXVP7X0lVKop
ZKA=
-----END CERTIFICATE-----