Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/sdCEMSoOZNVHNeTgXKwjJCFhhq4.roa
File:                     sdCEMSoOZNVHNeTgXKwjJCFhhq4.roa (raw, json)
Hash identifier:          Zg5CPVEDTKsp0KsW7SV+nhFv1QQ4HN/NOxlB6Rmp6CI=
Subject key identifier:   B1:D0:84:31:2A:0E:64:D5:47:35:E4:E0:5C:AC:23:24:21:61:86:AE
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0189330C4B1C22B3F19B665CC765F4C1B70D
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/sdCEMSoOZNVHNeTgXKwjJCFhhq4.roa
Signing time:             Sat 08 Jul 2023 01:09:50 +0000
ROA not before:           Sat 08 Jul 2023 01:09:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:33:0c:4b:1c:22:b3:f1:9b:66:5c:c7:65:f4:c1:b7:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul  8 01:09:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b1d084312a0e64d54735e4e05cac2324216186ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:fe:ce:01:51:a6:79:e0:b3:7a:af:f0:51:52:
                    65:94:44:89:95:22:0d:4d:92:22:38:40:1c:82:13:
                    be:fd:16:4d:6d:2c:51:78:c0:09:c1:13:95:69:b1:
                    61:02:6f:50:d9:b9:59:1f:81:e7:82:19:3d:0d:de:
                    99:d3:96:19:3f:19:99:fb:29:da:97:9d:bc:67:47:
                    0f:52:f1:4e:d6:18:37:39:26:b3:33:37:48:78:dc:
                    f9:64:c4:22:4e:ac:d7:e6:51:c2:48:c5:c1:0f:74:
                    33:d5:31:a3:1a:fd:d5:b9:67:85:d0:f1:d3:34:ee:
                    14:69:c9:d9:82:82:20:bb:1d:61:dd:32:6c:6e:ad:
                    96:f4:8c:81:52:cf:6e:ff:e7:2d:c4:63:66:59:e6:
                    c1:a2:b7:f0:fb:2c:26:2c:4b:79:d5:e1:6c:dd:04:
                    91:d2:ca:df:62:36:38:8c:ec:d6:b5:50:f4:19:6e:
                    b0:5c:ff:cd:48:24:44:29:f5:48:8f:aa:f7:96:0e:
                    1a:b5:12:cd:88:fc:46:ce:fb:79:53:d0:18:df:fa:
                    ad:c8:aa:5c:c5:82:84:80:99:d9:78:1a:ad:72:31:
                    47:73:49:aa:21:81:47:92:21:e0:86:cf:f3:a5:98:
                    7e:66:9a:ab:ca:a5:71:eb:80:8c:50:78:65:49:4e:
                    fd:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:D0:84:31:2A:0E:64:D5:47:35:E4:E0:5C:AC:23:24:21:61:86:AE
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/sdCEMSoOZNVHNeTgXKwjJCFhhq4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:0b:ac:ab:76:2b:98:2a:c8:a0:ba:cf:8a:b5:70:22:b6:f2:
         9b:53:ff:9d:8a:7e:82:e7:63:3c:c2:d0:0e:5c:35:35:48:7d:
         65:b0:06:3c:23:d0:82:1b:b4:1a:54:4b:3b:67:61:16:01:1a:
         ba:fd:ff:70:c2:a0:0c:b7:d6:fc:0f:1d:82:f5:eb:d9:58:79:
         a1:2a:3b:d7:79:59:65:2f:8d:5e:9c:b7:d4:bd:9e:c2:fd:81:
         3b:15:51:9b:5a:10:1a:b2:af:1a:d6:4f:f7:d6:e4:94:9d:08:
         bf:7d:d3:f9:d5:ad:b7:9e:d9:16:fe:e0:2f:c6:d1:05:0a:cc:
         db:32:ba:43:e2:d1:d3:43:bc:eb:35:88:2f:90:f2:8b:54:da:
         b9:3f:56:22:27:49:98:d1:31:4c:1e:9b:91:6d:48:10:01:8d:
         91:b4:44:63:a6:53:c1:6a:4b:11:4b:29:85:e6:87:aa:e3:96:
         9b:96:40:d1:14:fd:48:49:86:2c:b1:91:02:cf:cc:53:92:f4:
         25:65:fc:9b:d6:4d:96:27:05:05:95:2a:f0:3a:ce:dc:fa:a7:
         bb:5c:c4:1b:b2:17:78:17:ce:b5:65:4b:93:3f:d6:c6:6b:24:
         96:d0:f1:b1:b6:d2:0a:53:43:b3:37:12:64:14:27:74:69:db:
         4d:b5:d0:3a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYkzDEscIrPxm2Zcx2X0wbcNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzA4MDEwOTUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWQwODQzMTJhMGU2NGQ1NDczNWU0ZTA1Y2FjMjMyNDIxNjE4NmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArf7OAVGmeeCzeq/wUVJllESJlSIN
TZIiOEAcghO+/RZNbSxReMAJwROVabFhAm9Q2blZH4Hnghk9Dd6Z05YZPxmZ+yna
l528Z0cPUvFO1hg3OSazMzdIeNz5ZMQiTqzX5lHCSMXBD3Qz1TGjGv3VuWeF0PHT
NO4UacnZgoIgux1h3TJsbq2W9IyBUs9u/+ctxGNmWebBorfw+ywmLEt51eFs3QSR
0srfYjY4jOzWtVD0GW6wXP/NSCREKfVIj6r3lg4atRLNiPxGzvt5U9AY3/qtyKpc
xYKEgJnZeBqtcjFHc0mqIYFHkiHghs/zpZh+ZpqryqVx64CMUHhlSU79cwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLHQhDEqDmTVRzXk4FysIyQhYYauMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvc2RDRU1Tb09aTlZITmVUZ1hLd2pKQ0ZoaHE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAoLrKt2K5gqyKC6z4q1
cCK28ptT/52KfoLnYzzC0A5cNTVIfWWwBjwj0IIbtBpUSztnYRYBGrr9/3DCoAy3
1vwPHYL169lYeaEqO9d5WWUvjV6ct9S9nsL9gTsVUZtaEBqyrxrWT/fW5JSdCL99
0/nVrbee2Rb+4C/G0QUKzNsyukPi0dNDvOs1iC+Q8otU2rk/ViInSZjRMUwem5Ft
SBABjZG0RGOmU8FqSxFLKYXmh6rjlpuWQNEU/UhJhiyxkQLPzFOS9CVl/JvWTZYn
BQWVKvA6ztz6p7tcxBuyF3gXzrVlS5M/1sZrJJbQ8bG20gpTQ7M3EmQUJ3Rp2021
0Do=
-----END CERTIFICATE-----