Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/s5z-8CqR2sbjS2ka64I1fGQg9Kk.roa
File:                     s5z-8CqR2sbjS2ka64I1fGQg9Kk.roa (raw, json)
Hash identifier:          KoZFY4BeUTj7BgGWLb4zzZJO7uAuzqpjTOjwM8NyyTw=
Subject key identifier:   B3:9C:FE:F0:2A:91:DA:C6:E3:4B:69:1A:EB:82:35:7C:64:20:F4:A9
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01882C6BAC986839481575CC1430E32A320A
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/s5z-8CqR2sbjS2ka64I1fGQg9Kk.roa
Signing time:             Thu 18 May 2023 01:13:54 +0000
ROA not before:           Thu 18 May 2023 01:13:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:2c:6b:ac:98:68:39:48:15:75:cc:14:30:e3:2a:32:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 18 01:13:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b39cfef02a91dac6e34b691aeb82357c6420f4a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:29:52:b0:9c:f2:8f:2a:71:0b:fa:d7:a9:5c:
                    81:12:41:6b:19:e2:a6:83:7d:80:e4:82:43:22:99:
                    fd:f9:2c:ed:b4:c7:14:a7:0d:1c:5a:2c:9b:54:42:
                    fc:bb:4b:9b:c4:43:d0:3b:79:79:ca:e4:90:f5:2e:
                    2e:57:fa:1d:91:12:a9:ad:8f:e0:95:5e:35:0d:a3:
                    c6:fe:68:e0:4d:0b:db:09:e3:f5:76:ae:7d:bc:aa:
                    eb:d3:88:f1:0a:fb:ea:2d:cd:72:4e:ae:13:c7:f9:
                    df:c3:eb:2f:a8:b9:36:db:65:8c:0d:1c:fd:6f:fe:
                    63:fc:92:17:39:e4:a5:a0:80:1d:17:4c:8e:8e:9d:
                    c0:6a:6e:2b:1c:bb:e3:21:54:86:49:7c:bf:5b:d7:
                    e5:10:a5:c0:43:00:2a:1c:51:8e:65:41:ab:0f:72:
                    54:f1:5f:99:5f:3f:b3:50:7b:b9:d3:d4:71:40:d4:
                    13:1c:7b:80:59:af:1c:3b:68:ee:bd:b3:5f:78:e2:
                    60:35:e0:5e:65:6d:9e:8d:98:27:ec:ff:57:20:6b:
                    aa:59:6b:a3:53:db:d0:50:60:53:2e:f0:4e:2a:fd:
                    f8:12:7e:7c:4a:5e:91:7b:42:ec:ac:5b:02:b1:20:
                    6d:61:a3:5a:40:39:43:0e:4a:ad:40:2b:56:5b:7e:
                    99:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:9C:FE:F0:2A:91:DA:C6:E3:4B:69:1A:EB:82:35:7C:64:20:F4:A9
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/s5z-8CqR2sbjS2ka64I1fGQg9Kk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         02:16:48:aa:a3:d9:00:3f:06:8b:22:61:09:cb:9a:17:40:d7:
         9a:df:c6:33:03:dc:59:ce:6b:31:af:35:eb:c1:a3:cb:1d:36:
         c6:40:e4:60:f4:f8:67:21:e1:17:f2:d6:2a:62:a3:e6:7e:a8:
         d2:63:c3:bc:35:7d:69:3b:d3:95:2e:05:be:31:0c:0b:64:a9:
         6c:c7:4c:5f:ca:03:63:4d:ae:a6:48:20:f0:a5:94:df:af:c7:
         2b:30:75:e8:41:16:ab:d0:09:87:2b:e1:ea:e1:22:e0:cb:69:
         63:28:61:30:30:c5:47:1d:56:32:0d:4b:00:04:9d:6b:e0:58:
         bd:32:49:ba:79:75:37:58:b6:eb:82:c9:e4:4d:a3:e2:9c:de:
         ce:39:4d:27:28:ee:09:50:1d:c5:78:b1:49:04:e8:f7:1d:7d:
         93:5a:f9:ad:60:d7:55:b7:ae:b5:b3:a6:79:b4:1a:0c:6c:61:
         19:26:c8:eb:2b:4e:4e:58:85:cf:1d:8b:c6:eb:71:fc:21:0a:
         4c:bb:a1:a1:7f:c6:e9:7f:a8:de:70:dc:5a:69:f8:7c:75:06:
         d3:0c:04:25:20:cc:8d:4a:92:b1:3e:2e:6c:f9:04:98:39:e2:
         ae:00:2c:41:ed:86:18:6d:73:3c:ef:ad:33:92:3d:bb:36:c3:
         69:e7:1c:51
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgsa6yYaDlIFXXMFDDjKjIKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTE4MDExMzU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzljZmVmMDJhOTFkYWM2ZTM0YjY5MWFlYjgyMzU3YzY0MjBmNGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ClSsJzyjypxC/rXqVyBEkFrGeKm
g32A5IJDIpn9+SzttMcUpw0cWiybVEL8u0ubxEPQO3l5yuSQ9S4uV/odkRKprY/g
lV41DaPG/mjgTQvbCeP1dq59vKrr04jxCvvqLc1yTq4Tx/nfw+svqLk222WMDRz9
b/5j/JIXOeSloIAdF0yOjp3Aam4rHLvjIVSGSXy/W9flEKXAQwAqHFGOZUGrD3JU
8V+ZXz+zUHu509RxQNQTHHuAWa8cO2juvbNfeOJgNeBeZW2ejZgn7P9XIGuqWWuj
U9vQUGBTLvBOKv34En58Sl6Re0LsrFsCsSBtYaNaQDlDDkqtQCtWW36ZoQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLOc/vAqkdrG40tpGuuCNXxkIPSpMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvczV6LThDcVIyc2JqUzJrYTY0STFmR1FnOUtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAIWSKqj2QA/BosiYQnL
mhdA15rfxjMD3FnOazGvNevBo8sdNsZA5GD0+Gch4Rfy1ipio+Z+qNJjw7w1fWk7
05UuBb4xDAtkqWzHTF/KA2NNrqZIIPCllN+vxyswdehBFqvQCYcr4erhIuDLaWMo
YTAwxUcdVjINSwAEnWvgWL0ySbp5dTdYtuuCyeRNo+Kc3s45TSco7glQHcV4sUkE
6PcdfZNa+a1g11W3rrWzpnm0GgxsYRkmyOsrTk5Yhc8di8brcfwhCky7oaF/xul/
qN5w3Fpp+Hx1BtMMBCUgzI1KkrE+Lmz5BJg54q4ALEHthhhtczzvrTOSPbs2w2nn
HFE=
-----END CERTIFICATE-----