Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/sLhISPBri0ujM0Pu_sXjaaImLC8.roa
File:                     sLhISPBri0ujM0Pu_sXjaaImLC8.roa (raw, json)
Hash identifier:          URcfkq3UIidSz3CtYtlyNMZDRoSk57fBF0JhPl4v+fY=
Subject key identifier:   B0:B8:48:48:F0:6B:8B:4B:A3:33:43:EE:FE:C5:E3:69:A2:26:2C:2F
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01879A0BDF257960952F1A9AF4FE5C7C03B3
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/sLhISPBri0ujM0Pu_sXjaaImLC8.roa
Signing time:             Wed 19 Apr 2023 15:04:41 +0000
ROA not before:           Wed 19 Apr 2023 15:04:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:9a0b:93b8/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:9a:0b:df:25:79:60:95:2f:1a:9a:f4:fe:5c:7c:03:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 19 15:04:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b0b84848f06b8b4ba33343eefec5e369a2262c2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:44:21:f6:01:cd:f9:de:2a:a1:12:17:72:5f:
                    9e:74:f1:11:15:95:ab:c1:43:30:54:2d:c2:bb:d2:
                    12:cf:5d:11:22:2e:49:4e:4b:88:2c:7d:8f:64:1b:
                    10:83:fa:18:a6:d4:82:19:20:54:c9:4c:26:d2:4d:
                    52:af:3f:ca:26:fe:14:3c:62:11:fa:31:08:29:41:
                    4f:fe:6b:29:cb:d0:58:ec:19:87:ad:76:ba:9c:bd:
                    70:c3:79:40:7d:ad:a7:13:68:80:f2:b4:35:aa:46:
                    b4:95:05:ad:fc:57:47:47:64:f4:7c:12:56:2f:c6:
                    d2:33:2f:0e:fa:d7:fe:cf:84:35:89:71:b9:b9:8d:
                    3a:7c:a6:1d:96:69:de:e9:bd:23:1f:21:68:3f:89:
                    5b:a6:1a:54:20:25:af:d3:32:0b:67:9e:b3:29:3b:
                    f4:97:f8:85:79:b4:a9:8e:f0:d9:3e:16:f8:05:ae:
                    17:87:7c:89:54:3f:47:d1:1d:6b:6b:41:3c:8f:13:
                    1d:d0:7a:fc:7f:b0:7d:08:f5:f0:74:cf:dc:8a:3c:
                    82:9b:55:37:b5:51:dc:fd:72:8a:cb:78:8b:92:a8:
                    40:bd:6d:07:75:20:78:4e:cc:1d:73:a8:93:1d:48:
                    77:b2:1e:05:d3:3c:5d:e4:01:53:e3:a6:9e:16:d0:
                    2d:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:B8:48:48:F0:6B:8B:4B:A3:33:43:EE:FE:C5:E3:69:A2:26:2C:2F
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/sLhISPBri0ujM0Pu_sXjaaImLC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a8:d6:4d:8a:db:6f:e4:d4:5b:17:fd:70:5b:10:ca:c7:63:c6:
         9f:20:73:a3:1a:1a:1c:96:a9:ad:24:d5:9a:f1:5f:45:01:91:
         df:8c:e4:9e:10:2d:23:88:f7:fc:2e:5d:1f:62:7b:9e:35:09:
         31:db:cb:6d:39:8a:80:15:18:33:c3:94:e3:51:32:31:81:5e:
         38:d2:e2:3f:ea:61:c2:b7:b6:c4:95:11:03:d8:74:f5:65:4f:
         78:4c:c6:35:96:99:08:88:c4:1a:05:7f:4f:c7:c9:3f:f7:83:
         bb:73:e6:22:9f:d4:e2:19:09:81:1b:78:06:8c:ca:75:3d:d3:
         12:25:d5:9a:67:f6:44:7b:f3:8d:20:07:d3:da:7f:78:ea:e1:
         c0:77:bc:8c:23:f9:af:c4:25:6c:9a:cd:01:1b:a9:62:99:28:
         3f:e9:c7:69:3f:73:81:ce:8e:be:78:02:33:7e:30:10:21:a1:
         e9:90:10:95:37:f6:d3:d8:88:d7:7d:0e:c0:7c:b5:1a:5f:b9:
         5b:27:14:74:1a:84:c8:ff:47:73:07:0a:c9:45:dc:7e:7b:52:
         7e:88:fe:08:b4:8c:ed:22:af:cd:e2:0a:7f:14:1c:3a:2f:68:
         e3:25:8c:44:f7:8b:b9:29:22:e2:48:93:0f:53:55:10:be:71:
         6a:a8:05:87
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYeaC98leWCVLxqa9P5cfAOzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDE5MTUwNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGI4NDg0OGYwNmI4YjRiYTMzMzQzZWVmZWM1ZTM2OWEyMjYyYzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjkQh9gHN+d4qoRIXcl+edPERFZWr
wUMwVC3Cu9ISz10RIi5JTkuILH2PZBsQg/oYptSCGSBUyUwm0k1Srz/KJv4UPGIR
+jEIKUFP/mspy9BY7BmHrXa6nL1ww3lAfa2nE2iA8rQ1qka0lQWt/FdHR2T0fBJW
L8bSMy8O+tf+z4Q1iXG5uY06fKYdlmne6b0jHyFoP4lbphpUICWv0zILZ56zKTv0
l/iFebSpjvDZPhb4Ba4Xh3yJVD9H0R1ra0E8jxMd0Hr8f7B9CPXwdM/cijyCm1U3
tVHc/XKKy3iLkqhAvW0HdSB4Tswdc6iTHUh3sh4F0zxd5AFT46aeFtAtIQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLC4SEjwa4tLozND7v7F42miJiwvMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvc0xoSVNQQnJpMHVqTTBQdV9zWGphYUltTEM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKjWTYrbb+TUWxf9cFsQ
ysdjxp8gc6MaGhyWqa0k1ZrxX0UBkd+M5J4QLSOI9/wuXR9ie541CTHby205ioAV
GDPDlONRMjGBXjjS4j/qYcK3tsSVEQPYdPVlT3hMxjWWmQiIxBoFf0/HyT/3g7tz
5iKf1OIZCYEbeAaMynU90xIl1Zpn9kR7840gB9Paf3jq4cB3vIwj+a/EJWyazQEb
qWKZKD/px2k/c4HOjr54AjN+MBAhoemQEJU39tPYiNd9DsB8tRpfuVsnFHQahMj/
R3MHCslF3H57Un6I/gi0jO0ir83iCn8UHDovaOMljET3i7kpIuJIkw9TVRC+cWqo
BYc=
-----END CERTIFICATE-----