Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/t6_6lNP9l42kNUEf1Fi7Cvy7ywM.roa
File:                     t6_6lNP9l42kNUEf1Fi7Cvy7ywM.roa (raw, json)
Hash identifier:          g9bNYPSwQO97PuiJnQL0Dhn2Sb64vaheBjkJbK2syRw=
Subject key identifier:   B7:AF:FA:94:D3:FD:97:8D:A4:35:41:1F:D4:58:BB:0A:FC:BB:CB:03
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187ED8936C1AD0E3022E080F870F8898324
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/t6_6lNP9l42kNUEf1Fi7Cvy7ywM.roa
Signing time:             Fri 05 May 2023 20:10:05 +0000
ROA not before:           Fri 05 May 2023 20:10:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:ed:89:36:c1:ad:0e:30:22:e0:80:f8:70:f8:89:83:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  5 20:10:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b7affa94d3fd978da435411fd458bb0afcbbcb03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:0d:ee:b4:5b:84:ba:ad:0a:b0:9f:04:8f:57:
                    11:87:da:fb:37:91:97:54:9e:e1:f8:9c:fd:1e:d6:
                    ad:21:fa:0f:db:cd:35:93:44:43:34:9f:b8:b7:21:
                    b4:6e:2b:97:f5:86:44:6a:b3:03:bb:c8:88:99:75:
                    eb:5a:6b:47:d9:ef:62:31:49:1c:5f:43:91:e1:6a:
                    73:28:fa:60:87:d0:f9:85:ca:89:06:0e:b7:0a:3e:
                    fb:4b:95:5d:d1:84:13:ff:dc:fe:02:05:40:b6:44:
                    9f:7b:30:26:a2:26:cc:a9:64:95:0d:6c:a1:3b:bb:
                    2b:c0:57:8f:51:d2:b2:9a:f2:94:87:5f:6e:9e:ce:
                    2c:68:d5:b8:e7:da:5d:fc:79:99:aa:c6:da:30:ae:
                    43:30:5d:49:dc:09:11:d2:6c:a2:98:96:95:48:6c:
                    43:39:3b:a1:76:13:37:d2:e2:fb:3a:f4:85:b8:80:
                    e5:6a:72:0e:37:75:18:e5:b4:f8:46:8d:13:ef:cd:
                    eb:a0:1c:e3:1f:ec:b3:23:0f:8d:b5:5b:72:37:09:
                    ce:a2:9a:25:7f:b3:03:24:2a:ef:e0:d4:bb:d2:22:
                    67:4d:64:a6:9c:47:de:37:f9:d3:19:e8:3f:f2:72:
                    80:66:f4:0c:2c:92:b1:f1:90:bb:be:ce:31:15:47:
                    3c:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:AF:FA:94:D3:FD:97:8D:A4:35:41:1F:D4:58:BB:0A:FC:BB:CB:03
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/t6_6lNP9l42kNUEf1Fi7Cvy7ywM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:9e:be:80:b4:74:b1:58:a8:45:d9:53:53:4b:de:a0:5f:11:
         9f:30:6e:9a:f0:f3:bd:4c:f9:55:a6:11:f9:68:9e:b0:ee:67:
         03:43:8d:a1:c1:df:dc:8f:2b:70:e5:3b:d6:25:3c:eb:56:b2:
         51:d8:09:16:82:cb:ce:4f:17:c4:b0:9f:ca:39:e3:15:37:c9:
         5f:29:1f:49:eb:0c:03:d3:da:fd:fa:aa:8b:7b:0c:cf:7b:7f:
         b7:b3:ab:04:7f:93:d7:78:44:b9:ed:79:d2:0f:b7:81:1c:d2:
         6a:17:f6:66:6a:38:9c:d1:2f:71:f5:a8:25:e5:83:9a:4a:7e:
         ca:ae:f1:8c:53:2a:9a:cb:b8:8f:3b:11:3a:52:ba:f8:c9:ee:
         27:89:79:e2:bd:cc:85:d7:ee:97:2c:a7:91:b6:81:6b:da:3c:
         36:9a:99:61:4e:41:8e:34:61:8a:f8:82:f8:08:a2:fd:f5:85:
         52:cd:5c:4e:77:b6:fb:9b:8b:c8:58:8e:35:f0:77:3b:9a:6b:
         9d:33:89:ca:86:75:92:9f:e3:fc:44:eb:67:8a:2c:45:41:bf:
         e1:33:e5:68:2a:41:76:03:2a:0d:c5:19:57:e3:52:2b:42:14:
         ae:6d:e7:1e:b2:fa:fc:22:3e:1f:b2:9a:be:39:5e:4a:e3:7e:
         2b:8f:4f:b6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYftiTbBrQ4wIuCA+HD4iYMkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA1MjAxMDA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2FmZmE5NGQzZmQ5NzhkYTQzNTQxMWZkNDU4YmIwYWZjYmJjYjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAww3utFuEuq0KsJ8Ej1cRh9r7N5GX
VJ7h+Jz9HtatIfoP2801k0RDNJ+4tyG0biuX9YZEarMDu8iImXXrWmtH2e9iMUkc
X0OR4WpzKPpgh9D5hcqJBg63Cj77S5Vd0YQT/9z+AgVAtkSfezAmoibMqWSVDWyh
O7srwFePUdKymvKUh19uns4saNW459pd/HmZqsbaMK5DMF1J3AkR0myimJaVSGxD
OTuhdhM30uL7OvSFuIDlanION3UY5bT4Ro0T783roBzjH+yzIw+NtVtyNwnOopol
f7MDJCrv4NS70iJnTWSmnEfeN/nTGeg/8nKAZvQMLJKx8ZC7vs4xFUc83wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLev+pTT/ZeNpDVBH9RYuwr8u8sDMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvdDZfNmxOUDlsNDJrTlVFZjFGaTdDdnk3eXdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAC2evoC0dLFYqEXZU1NL
3qBfEZ8wbprw871M+VWmEflonrDuZwNDjaHB39yPK3DlO9YlPOtWslHYCRaCy85P
F8Swn8o54xU3yV8pH0nrDAPT2v36qot7DM97f7ezqwR/k9d4RLntedIPt4Ec0moX
9mZqOJzRL3H1qCXlg5pKfsqu8YxTKprLuI87ETpSuvjJ7ieJeeK9zIXX7pcsp5G2
gWvaPDaamWFOQY40YYr4gvgIov31hVLNXE53tvubi8hYjjXwdzuaa50zicqGdZKf
4/xE62eKLEVBv+Ez5WgqQXYDKg3FGVfjUitCFK5t5x6y+vwiPh+ymr45XkrjfiuP
T7Y=
-----END CERTIFICATE-----