Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/tg-5JpBu90umMl6g-9csN1XoJpg.roa
File:                     tg-5JpBu90umMl6g-9csN1XoJpg.roa (raw, json)
Hash identifier:          E6dv1GdBU7RzN0wJEZ0hn0F0pLjVBOdZT1UEUUuMfeU=
Subject key identifier:   B6:0F:B9:26:90:6E:F7:4B:A6:32:5E:A0:FB:D7:2C:37:55:E8:26:98
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187FDD9E9A9B2E1D3A2613975986DABE7D1
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/tg-5JpBu90umMl6g-9csN1XoJpg.roa
Signing time:             Tue 09 May 2023 00:12:09 +0000
ROA not before:           Tue 09 May 2023 00:12:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:fd:d9:e9:a9:b2:e1:d3:a2:61:39:75:98:6d:ab:e7:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  9 00:12:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b60fb926906ef74ba6325ea0fbd72c3755e82698
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:e1:a1:1d:14:1e:df:32:52:fe:00:20:b9:f5:
                    48:4f:1c:4b:22:1a:f7:5b:27:2a:5c:3e:58:a8:ca:
                    ce:39:b3:81:dc:cb:83:46:35:88:6a:bb:da:59:18:
                    e9:dc:a5:ff:41:53:f1:2f:6f:10:13:89:b3:a7:23:
                    58:eb:2d:09:2f:fb:fe:8b:22:88:a9:e2:f5:0c:24:
                    85:44:b3:19:83:8c:84:dd:4c:17:ca:01:92:f9:c0:
                    a1:5e:e3:1a:b1:39:b6:6a:e9:00:7d:d9:ee:9a:92:
                    87:c2:0e:11:e5:4a:b1:bc:64:2e:c5:ac:dd:d3:09:
                    66:4d:de:f3:fb:a1:07:3c:bb:13:bb:ba:eb:e5:27:
                    e9:e9:88:b1:21:04:58:8b:93:0d:e7:60:5c:78:23:
                    80:2c:38:e4:7e:9c:20:0e:6a:8e:60:4f:83:1b:59:
                    44:fd:93:78:1c:b7:85:a6:7e:5d:13:3d:97:33:4c:
                    7c:15:72:1d:27:ab:ae:ab:87:ee:e9:47:b2:0b:87:
                    95:ac:dc:74:36:68:f7:00:34:9d:98:14:4c:f9:42:
                    bb:75:36:06:90:f8:e4:44:30:46:42:c6:a9:cf:b6:
                    0d:9d:86:2c:58:56:0c:e7:19:2b:14:79:9b:b6:82:
                    9b:d5:a4:04:30:d7:fb:88:7c:0e:23:3e:e4:26:ef:
                    57:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:0F:B9:26:90:6E:F7:4B:A6:32:5E:A0:FB:D7:2C:37:55:E8:26:98
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/tg-5JpBu90umMl6g-9csN1XoJpg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         5c:47:33:d9:5a:58:ce:09:02:59:1a:c9:33:af:c2:a1:d5:a9:
         41:b3:3e:76:88:21:4a:ac:c7:c2:d3:c1:b9:60:de:4d:bf:70:
         6e:33:cd:cf:66:8e:34:28:e3:ad:81:0d:02:45:ec:b5:b1:19:
         02:6a:b6:29:c3:03:51:4e:30:ad:28:57:72:4d:90:bb:c9:5b:
         93:85:5c:13:32:a1:af:3b:2b:87:aa:43:a5:84:7f:e5:2d:4f:
         a4:92:77:76:df:d8:94:ba:5d:cc:84:a8:f6:e2:a1:2e:7f:22:
         3d:ca:c9:c1:6c:5f:09:56:e2:9c:20:16:98:b1:92:b5:84:89:
         02:c6:4e:86:22:e0:d2:26:a4:37:f7:d0:1f:23:31:d3:6f:8e:
         65:9b:af:12:32:86:67:27:1d:4b:b2:bc:1c:db:91:ab:ef:8c:
         f1:5b:de:b9:db:e4:c6:e5:72:89:0e:d0:37:25:66:96:1c:88:
         46:a8:5f:c0:df:d2:4b:64:97:63:21:64:de:c7:30:a6:0c:59:
         e4:d6:01:09:c4:95:98:69:fd:fc:80:6e:4b:5c:d9:2b:00:b6:
         fe:b1:6f:f2:76:38:08:03:b8:1d:a4:37:f3:49:11:25:d1:c0:
         6d:3c:f3:93:71:0f:6e:d0:23:4f:df:ec:5c:aa:36:ff:78:84:
         5a:70:9e:3e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYf92empsuHTomE5dZhtq+fRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA5MDAxMjA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjBmYjkyNjkwNmVmNzRiYTYzMjVlYTBmYmQ3MmMzNzU1ZTgyNjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2OGhHRQe3zJS/gAgufVITxxLIhr3
WycqXD5YqMrOObOB3MuDRjWIarvaWRjp3KX/QVPxL28QE4mzpyNY6y0JL/v+iyKI
qeL1DCSFRLMZg4yE3UwXygGS+cChXuMasTm2aukAfdnumpKHwg4R5UqxvGQuxazd
0wlmTd7z+6EHPLsTu7rr5Sfp6YixIQRYi5MN52BceCOALDjkfpwgDmqOYE+DG1lE
/ZN4HLeFpn5dEz2XM0x8FXIdJ6uuq4fu6UeyC4eVrNx0Nmj3ADSdmBRM+UK7dTYG
kPjkRDBGQsapz7YNnYYsWFYM5xkrFHmbtoKb1aQEMNf7iHwOIz7kJu9XcQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLYPuSaQbvdLpjJeoPvXLDdV6CaYMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvdGctNUpwQnU5MHVtTWw2Zy05Y3NOMVhvSnBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFxHM9laWM4JAlkayTOv
wqHVqUGzPnaIIUqsx8LTwblg3k2/cG4zzc9mjjQo462BDQJF7LWxGQJqtinDA1FO
MK0oV3JNkLvJW5OFXBMyoa87K4eqQ6WEf+UtT6SSd3bf2JS6XcyEqPbioS5/Ij3K
ycFsXwlW4pwgFpixkrWEiQLGToYi4NImpDf30B8jMdNvjmWbrxIyhmcnHUuyvBzb
kavvjPFb3rnb5MblcokO0DclZpYciEaoX8Df0ktkl2MhZN7HMKYMWeTWAQnElZhp
/fyAbktc2SsAtv6xb/J2OAgDuB2kN/NJESXRwG0885NxD27QI0/f7FyqNv94hFpw
nj4=
-----END CERTIFICATE-----