Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/stZB-lqCCGT4ZIFd-xld-qyIY2s.roa
File:                     stZB-lqCCGT4ZIFd-xld-qyIY2s.roa (raw, json)
Hash identifier:          vBtOovYFq9hpSnbXS4n94QTRCgBszyHj/jPGyzDE04Q=
Subject key identifier:   B2:D6:41:FA:5A:82:08:64:F8:64:81:5D:FB:19:5D:FA:AC:88:63:6B
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018818E08DC7194CA085BD0E82C514A94697
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/stZB-lqCCGT4ZIFd-xld-qyIY2s.roa
Signing time:             Sun 14 May 2023 06:09:09 +0000
ROA not before:           Sun 14 May 2023 06:09:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:18:e0:8d:c7:19:4c:a0:85:bd:0e:82:c5:14:a9:46:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 14 06:09:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b2d641fa5a820864f864815dfb195dfaac88636b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:79:3f:b4:5b:aa:03:b4:9a:f2:2d:e4:ba:9f:
                    9b:c4:37:6a:7a:3b:dd:35:d4:1e:4e:c2:e9:d0:7b:
                    93:c6:3c:76:23:d8:04:26:36:6d:59:8b:ac:16:c4:
                    3d:38:3c:d4:49:02:ec:c8:d4:3a:38:40:eb:80:75:
                    93:b4:c4:15:8b:84:32:d3:83:b7:28:74:c4:f0:23:
                    c9:a8:5c:97:75:c5:cb:be:7d:8f:92:08:48:07:28:
                    fe:ba:31:49:e2:96:be:8a:4c:5b:19:4c:6c:4f:32:
                    4f:7a:2c:ff:aa:83:1b:7a:41:d1:cf:4d:fd:f9:70:
                    2c:df:bb:2d:19:ae:1b:0e:c1:94:9a:0a:7b:3d:f9:
                    a1:20:7f:a6:30:4a:47:b5:08:99:dc:2b:02:9c:42:
                    70:87:9c:6c:88:62:7c:84:96:17:2a:84:97:00:c3:
                    1e:a2:d8:50:37:3c:f9:3e:c8:20:dd:98:ad:0b:77:
                    5c:2e:9f:78:47:22:24:b7:56:16:7e:01:bc:ef:f1:
                    15:51:b0:3d:2c:d7:d0:0e:8d:97:59:1a:ca:dc:40:
                    c0:20:f3:a7:26:eb:ae:73:d8:48:a9:87:3d:b2:80:
                    d4:bc:10:48:a4:78:1f:44:cb:58:38:9a:9b:94:74:
                    0c:31:2d:8b:ee:c7:cf:43:a3:74:d5:47:0a:d9:ec:
                    55:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:D6:41:FA:5A:82:08:64:F8:64:81:5D:FB:19:5D:FA:AC:88:63:6B
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/stZB-lqCCGT4ZIFd-xld-qyIY2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         28:50:96:95:82:dc:69:18:5f:a0:17:50:91:df:64:10:df:22:
         5e:27:9c:f7:ba:05:67:fa:58:a9:18:c0:21:9c:b7:d2:44:7e:
         49:dc:63:6e:ac:3f:31:c9:ce:29:51:3a:d7:9e:98:63:20:8b:
         cc:a2:80:23:3c:ad:d5:9a:3b:14:38:38:15:2f:18:a9:72:2c:
         ea:70:e3:9e:ed:98:b0:f5:6b:44:76:84:ec:3f:3a:42:4c:43:
         9e:d2:14:03:6d:d6:05:b5:7a:65:e7:70:6f:72:0d:d1:93:78:
         8b:39:40:7e:94:70:4c:26:2e:bc:da:a2:a4:62:2f:3c:ab:f3:
         d9:d9:13:fb:42:68:a2:d4:ec:c7:0c:9b:31:a0:37:fb:e0:c9:
         56:aa:bd:5e:a7:ee:d6:e4:f0:e6:45:7d:99:14:09:c9:8f:c9:
         a1:8b:93:74:99:67:ae:03:9d:95:7a:4e:66:22:0f:98:22:54:
         7a:40:ba:da:4e:70:9a:07:7f:e4:8f:93:1f:53:70:5b:7c:84:
         89:42:b2:9b:0e:70:5e:92:08:4d:c5:e0:f1:72:fc:c2:a9:74:
         4d:54:53:73:5a:8a:53:83:01:06:84:67:59:f3:da:52:aa:8d:
         a3:d9:4a:a7:51:38:9b:29:7b:48:17:85:1c:9d:19:c8:ac:50:
         f7:30:30:54
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgY4I3HGUyghb0OgsUUqUaXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTE0MDYwOTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmQ2NDFmYTVhODIwODY0Zjg2NDgxNWRmYjE5NWRmYWFjODg2MzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunk/tFuqA7Sa8i3kup+bxDdqejvd
NdQeTsLp0HuTxjx2I9gEJjZtWYusFsQ9ODzUSQLsyNQ6OEDrgHWTtMQVi4Qy04O3
KHTE8CPJqFyXdcXLvn2PkghIByj+ujFJ4pa+ikxbGUxsTzJPeiz/qoMbekHRz039
+XAs37stGa4bDsGUmgp7PfmhIH+mMEpHtQiZ3CsCnEJwh5xsiGJ8hJYXKoSXAMMe
othQNzz5Psgg3ZitC3dcLp94RyIkt1YWfgG87/EVUbA9LNfQDo2XWRrK3EDAIPOn
Juuuc9hIqYc9soDUvBBIpHgfRMtYOJqblHQMMS2L7sfPQ6N01UcK2exV2QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLLWQfpagghk+GSBXfsZXfqsiGNrMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvc3RaQi1scUNDR1Q0WklGZC14bGQtcXlJWTJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAChQlpWC3GkYX6AXUJHf
ZBDfIl4nnPe6BWf6WKkYwCGct9JEfkncY26sPzHJzilROteemGMgi8yigCM8rdWa
OxQ4OBUvGKlyLOpw457tmLD1a0R2hOw/OkJMQ57SFANt1gW1emXncG9yDdGTeIs5
QH6UcEwmLrzaoqRiLzyr89nZE/tCaKLU7McMmzGgN/vgyVaqvV6n7tbk8OZFfZkU
CcmPyaGLk3SZZ64DnZV6TmYiD5giVHpAutpOcJoHf+SPkx9TcFt8hIlCspsOcF6S
CE3F4PFy/MKpdE1UU3NailODAQaEZ1nz2lKqjaPZSqdROJspe0gXhRydGcisUPcw
MFQ=
-----END CERTIFICATE-----