Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/sRb2r-hWMFWF0r_pTbm62MIqCBA.roa
File:                     sRb2r-hWMFWF0r_pTbm62MIqCBA.roa (raw, json)
Hash identifier:          M+M1MNRAVWLRWP5LqqqpHdAtf06ZopNcv0yc1vg4ltM=
Subject key identifier:   B1:16:F6:AF:E8:56:30:55:85:D2:BF:E9:4D:B9:BA:D8:C2:2A:08:10
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187C1874969DAEE8038B29A23E5AD1B738C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/sRb2r-hWMFWF0r_pTbm62MIqCBA.roa
Signing time:             Thu 27 Apr 2023 07:04:41 +0000
ROA not before:           Thu 27 Apr 2023 07:04:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:187:c186:c751/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:c1:87:49:69:da:ee:80:38:b2:9a:23:e5:ad:1b:73:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 27 07:04:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b116f6afe856305585d2bfe94db9bad8c22a0810
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:7d:48:84:d8:d0:03:16:f7:08:df:6a:e8:15:
                    a8:6a:39:56:5f:9e:0e:db:14:8d:fe:a6:c8:8a:d7:
                    e8:4b:84:1c:76:e2:e0:70:bf:c1:06:8d:ad:24:e6:
                    f9:f9:be:ac:d3:93:8c:25:8c:fd:b3:da:87:2a:82:
                    e8:d3:52:f6:c7:6a:fe:a4:d7:1d:98:ae:45:0c:ad:
                    56:df:cb:6b:6c:be:69:56:b2:ab:f4:07:97:e0:41:
                    d0:eb:34:e3:77:ca:cd:8e:0a:2f:60:44:84:47:9e:
                    46:aa:41:13:22:a4:56:1f:2f:3b:4d:fd:f7:72:ab:
                    40:84:d4:f5:bf:3f:74:32:2b:43:7d:a5:cf:aa:48:
                    f5:aa:0c:5e:d3:54:d2:fc:03:25:0e:62:d4:7b:74:
                    3c:0a:ef:c5:86:18:83:d8:6f:2f:d2:90:d1:84:49:
                    f0:13:95:0b:0d:b2:e5:ec:11:59:ee:63:77:a4:58:
                    30:b3:47:d6:ac:64:5b:8c:f4:2d:3b:f3:0b:e5:cd:
                    24:06:ac:84:73:09:90:31:09:85:bf:64:6f:52:54:
                    c2:c4:04:d2:be:99:06:e8:84:45:58:0e:c1:b2:73:
                    77:4b:fb:7b:3a:cd:58:3d:58:39:d9:8c:54:aa:05:
                    c0:5d:9e:aa:bc:63:81:a6:8b:b9:42:0e:0c:49:bf:
                    33:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:16:F6:AF:E8:56:30:55:85:D2:BF:E9:4D:B9:BA:D8:C2:2A:08:10
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/sRb2r-hWMFWF0r_pTbm62MIqCBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:68:95:dc:f5:71:cf:d1:b8:7f:24:01:f6:3c:47:fa:15:af:
         4e:d6:99:2c:82:d1:13:cf:01:8a:78:e1:75:2c:74:db:18:5d:
         ed:03:d5:ff:e5:17:ac:d2:d1:64:4d:a8:17:1d:a3:59:22:be:
         dc:d4:d8:04:c5:68:2e:5f:b9:db:5c:ad:68:a2:56:41:27:28:
         11:ed:c8:1c:9e:45:a9:e8:21:76:06:6c:5f:78:7c:11:ac:6f:
         6a:56:ec:4d:2f:91:ac:84:c2:00:1d:4d:2b:9e:8f:58:7c:b4:
         2a:4f:20:88:bc:58:1b:51:97:37:14:bc:b9:3b:af:1f:17:95:
         2b:f1:e3:ce:4a:3c:dd:e1:cc:fd:4c:97:00:32:6d:28:8e:8f:
         33:3b:1d:fb:c5:89:72:a5:4d:26:e6:99:51:3c:64:95:64:cc:
         98:af:1e:f9:14:be:ec:2a:cd:5a:00:c2:2e:c8:84:8e:0a:ae:
         e1:3d:e5:bf:eb:92:d9:1f:6a:da:f1:a8:08:16:d4:3f:52:75:
         fe:9c:01:47:df:88:34:14:3b:8b:23:0b:e1:bf:e5:10:4d:5b:
         b5:b7:29:93:3a:e2:c7:ae:54:dd:20:21:94:0e:a6:9e:3c:09:
         9b:2c:37:d6:e9:b6:3a:7a:0c:5d:3a:a2:58:a6:f0:4e:5b:fa:
         c4:0a:46:a3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfBh0lp2u6AOLKaI+WtG3OMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDI3MDcwNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTE2ZjZhZmU4NTYzMDU1ODVkMmJmZTk0ZGI5YmFkOGMyMmEwODEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjX1IhNjQAxb3CN9q6BWoajlWX54O
2xSN/qbIitfoS4QcduLgcL/BBo2tJOb5+b6s05OMJYz9s9qHKoLo01L2x2r+pNcd
mK5FDK1W38trbL5pVrKr9AeX4EHQ6zTjd8rNjgovYESER55GqkETIqRWHy87Tf33
cqtAhNT1vz90MitDfaXPqkj1qgxe01TS/AMlDmLUe3Q8Cu/FhhiD2G8v0pDRhEnw
E5ULDbLl7BFZ7mN3pFgws0fWrGRbjPQtO/ML5c0kBqyEcwmQMQmFv2RvUlTCxATS
vpkG6IRFWA7BsnN3S/t7Os1YPVg52YxUqgXAXZ6qvGOBpou5Qg4MSb8zLwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLEW9q/oVjBVhdK/6U25utjCKggQMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvc1JiMnItaFdNRldGMHJfcFRibTYyTUlxQ0JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGholdz1cc/RuH8kAfY8
R/oVr07WmSyC0RPPAYp44XUsdNsYXe0D1f/lF6zS0WRNqBcdo1kivtzU2ATFaC5f
udtcrWiiVkEnKBHtyByeRanoIXYGbF94fBGsb2pW7E0vkayEwgAdTSuej1h8tCpP
IIi8WBtRlzcUvLk7rx8XlSvx485KPN3hzP1MlwAybSiOjzM7HfvFiXKlTSbmmVE8
ZJVkzJivHvkUvuwqzVoAwi7IhI4KruE95b/rktkfatrxqAgW1D9Sdf6cAUffiDQU
O4sjC+G/5RBNW7W3KZM64seuVN0gIZQOpp48CZssN9bptjp6DF06olim8E5b+sQK
RqM=
-----END CERTIFICATE-----