Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/s9wrGhOKVaqY19dOqLmdT2CoGkg.roa
File:                     s9wrGhOKVaqY19dOqLmdT2CoGkg.roa (raw, json)
Hash identifier:          ZIUac5gn4Om/dCyxZVO6KutlsLa3m46QimlkrMKf+0g=
Subject key identifier:   B3:DC:2B:1A:13:8A:55:AA:98:D7:D7:4E:A8:B9:9D:4F:60:A8:1A:48
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01882DEA5D9AA7BB784394295FCA214BC232
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/s9wrGhOKVaqY19dOqLmdT2CoGkg.roa
Signing time:             Thu 18 May 2023 08:11:54 +0000
ROA not before:           Thu 18 May 2023 08:11:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:2d:ea:5d:9a:a7:bb:78:43:94:29:5f:ca:21:4b:c2:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 18 08:11:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b3dc2b1a138a55aa98d7d74ea8b99d4f60a81a48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:36:b6:4f:5f:97:4f:97:24:3f:36:42:2a:e8:
                    15:5e:d7:e3:1c:3a:2c:72:eb:b8:ff:20:54:cf:a1:
                    08:30:94:ee:33:c4:68:19:24:82:4a:a2:14:89:dd:
                    ef:1a:2d:3a:04:d9:05:a6:7f:60:67:08:46:9e:c9:
                    d6:19:6d:4b:41:0d:6f:07:43:a2:5d:41:eb:fb:32:
                    26:eb:cc:3b:5b:dc:27:6d:32:12:26:c1:8d:cb:c4:
                    af:76:c0:27:61:33:a9:2a:92:76:0d:49:82:09:41:
                    54:41:3f:40:2a:04:d7:fc:e4:46:41:22:a4:36:9e:
                    1e:14:34:2f:2c:4e:24:ed:79:30:9f:54:52:31:da:
                    8b:34:bb:63:4f:47:f0:72:92:9c:d9:a5:1a:5e:9e:
                    21:18:d2:82:d9:f1:ce:72:62:a7:d7:b0:c1:6f:98:
                    0e:f5:1b:21:93:ab:b2:fc:30:9f:22:c3:65:f9:2e:
                    61:06:b7:83:4b:f3:6f:74:42:32:d6:d9:0b:c9:da:
                    ea:a0:02:44:8f:bd:49:08:d0:e6:4f:a4:d5:48:e9:
                    18:2d:66:61:ca:f8:4a:49:30:27:22:8c:53:82:b3:
                    ae:64:d2:ab:f9:d0:45:3c:51:fa:72:7b:20:5f:26:
                    54:d9:be:aa:1f:ff:9b:93:9d:f7:0e:e0:c1:96:93:
                    78:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:DC:2B:1A:13:8A:55:AA:98:D7:D7:4E:A8:B9:9D:4F:60:A8:1A:48
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/s9wrGhOKVaqY19dOqLmdT2CoGkg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         74:7d:da:df:68:60:cc:0c:87:ee:73:95:87:08:46:12:af:5c:
         46:bd:18:84:b7:50:87:93:ef:10:d2:94:07:fd:cc:3d:35:d0:
         ba:96:00:b1:78:80:3a:fe:2e:d0:cf:6b:0d:06:88:52:8a:6b:
         19:23:cb:8e:3f:85:52:2d:78:7b:23:2d:9b:66:6a:9c:90:41:
         60:70:f5:3b:16:a0:9c:65:9c:7b:56:26:a5:10:b4:c3:31:5b:
         45:02:71:d1:47:3c:9f:46:66:47:bf:e1:23:f1:9a:5a:4f:50:
         bf:4f:50:fc:a3:4d:e2:df:d1:8f:69:ab:c6:43:27:f5:a3:74:
         11:35:60:be:7d:71:3d:0c:3b:67:f0:b2:72:b0:d1:0b:fc:4e:
         97:93:6c:dc:e0:72:74:86:27:7a:12:41:95:cf:06:22:cf:da:
         51:5b:2a:39:fc:aa:d2:7d:6b:07:3f:20:58:c5:77:5c:22:0d:
         51:84:fd:f3:09:f0:ff:ab:c3:a0:17:32:d2:3a:f8:67:95:f0:
         76:7d:9e:38:ad:c7:f1:64:b2:c1:d0:8c:20:9e:6d:86:64:67:
         f8:e9:fb:02:e9:a6:3d:a0:bb:c1:9a:1b:37:bc:02:0f:cd:c8:
         cb:6c:08:f8:2e:2c:10:28:98:c0:8a:0f:63:4c:a9:74:95:ba:
         d4:55:ad:a1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgt6l2ap7t4Q5QpX8ohS8IyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTE4MDgxMTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2RjMmIxYTEzOGE1NWFhOThkN2Q3NGVhOGI5OWQ0ZjYwYTgxYTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsTa2T1+XT5ckPzZCKugVXtfjHDos
cuu4/yBUz6EIMJTuM8RoGSSCSqIUid3vGi06BNkFpn9gZwhGnsnWGW1LQQ1vB0Oi
XUHr+zIm68w7W9wnbTISJsGNy8SvdsAnYTOpKpJ2DUmCCUFUQT9AKgTX/ORGQSKk
Np4eFDQvLE4k7Xkwn1RSMdqLNLtjT0fwcpKc2aUaXp4hGNKC2fHOcmKn17DBb5gO
9Rshk6uy/DCfIsNl+S5hBreDS/NvdEIy1tkLydrqoAJEj71JCNDmT6TVSOkYLWZh
yvhKSTAnIoxTgrOuZNKr+dBFPFH6cnsgXyZU2b6qH/+bk533DuDBlpN4JwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLPcKxoTilWqmNfXTqi5nU9gqBpIMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvczl3ckdoT0tWYXFZMTlkT3FMbWRUMkNvR2tnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHR92t9oYMwMh+5zlYcI
RhKvXEa9GIS3UIeT7xDSlAf9zD010LqWALF4gDr+LtDPaw0GiFKKaxkjy44/hVIt
eHsjLZtmapyQQWBw9TsWoJxlnHtWJqUQtMMxW0UCcdFHPJ9GZke/4SPxmlpPUL9P
UPyjTeLf0Y9pq8ZDJ/WjdBE1YL59cT0MO2fwsnKw0Qv8TpeTbNzgcnSGJ3oSQZXP
BiLP2lFbKjn8qtJ9awc/IFjFd1wiDVGE/fMJ8P+rw6AXMtI6+GeV8HZ9njitx/Fk
ssHQjCCebYZkZ/jp+wLppj2gu8GaGze8Ag/NyMtsCPguLBAomMCKD2NMqXSVutRV
raE=
-----END CERTIFICATE-----