Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/uN_rV4c-6t2zvcQFPrm1qlEW0ao.roa
File:                     uN_rV4c-6t2zvcQFPrm1qlEW0ao.roa (raw, json)
Hash identifier:          9Im7v4+HdzCyb+getTbI5D4gjIHPXEjvtC8VsywhrfU=
Subject key identifier:   B8:DF:EB:57:87:3E:EA:DD:B3:BD:C4:05:3E:B9:B5:AA:51:16:D1:AA
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01870C0685E7103FC2472BCBB9418F2FCA4E
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/uN_rV4c-6t2zvcQFPrm1qlEW0ao.roa
Signing time:             Thu 23 Mar 2023 01:12:46 +0000
ROA not before:           Thu 23 Mar 2023 01:12:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:0c:06:85:e7:10:3f:c2:47:2b:cb:b9:41:8f:2f:ca:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 23 01:12:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b8dfeb57873eeaddb3bdc4053eb9b5aa5116d1aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:56:8e:3d:d0:15:bf:02:79:cb:f6:f8:fe:04:
                    86:3f:58:5e:cb:de:58:4f:ba:e8:b0:52:44:52:6e:
                    c5:18:da:94:17:07:34:ae:0d:ef:b0:39:e8:27:35:
                    63:26:fa:16:67:c2:0e:7a:f3:4d:af:e6:3f:c4:01:
                    17:4a:02:49:6b:12:05:12:df:df:a3:91:e3:41:0d:
                    bd:55:8d:eb:2c:24:75:70:9a:84:77:f8:38:ff:53:
                    fb:05:fa:65:8f:39:96:49:a5:25:c8:a3:c7:37:f0:
                    77:c9:84:99:c0:60:1c:71:bb:44:8a:81:bc:54:b0:
                    2d:df:50:0b:5e:da:97:75:e9:2d:c9:9d:ee:e7:87:
                    16:86:6b:b8:83:6e:0e:6a:25:c2:29:ff:02:60:55:
                    89:6d:c4:f0:ca:93:ac:c2:ea:bb:0a:c2:d4:a0:08:
                    f9:08:f4:8b:8a:f7:cd:3b:c6:5d:b2:b1:f8:91:6b:
                    bf:3a:63:11:f4:4e:9a:02:dd:1e:6c:0f:00:e8:7d:
                    f6:67:8c:be:d4:28:e3:23:20:16:76:23:ea:4d:37:
                    f9:ec:da:64:a9:38:01:8f:e0:76:24:c2:09:68:65:
                    dd:22:54:6d:43:91:c4:24:03:78:0d:9d:d2:85:8c:
                    9a:59:88:1d:ff:ca:f8:a0:5e:06:6e:d9:a0:bb:d1:
                    97:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:DF:EB:57:87:3E:EA:DD:B3:BD:C4:05:3E:B9:B5:AA:51:16:D1:AA
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/uN_rV4c-6t2zvcQFPrm1qlEW0ao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:ec:21:6f:02:6a:e0:4b:4d:2c:f3:3f:ce:64:69:7a:11:f3:
         4b:3e:1b:97:e4:da:ad:92:5d:6a:e2:db:7c:45:f8:95:09:cb:
         94:dc:d9:70:94:dc:4b:57:aa:88:47:ec:43:96:15:86:a2:1a:
         8a:fc:3b:05:50:f8:6e:35:8b:e5:c6:86:1b:ec:40:ee:60:7e:
         ef:da:c4:22:bc:f8:b7:2d:d7:02:4e:e8:d9:6b:16:15:48:d7:
         c4:0b:8f:62:a2:95:ac:07:da:6e:23:13:17:52:de:3a:46:bb:
         77:4c:38:4b:63:6b:c6:ef:48:01:cf:4c:14:5c:3e:ce:73:95:
         a1:92:9b:76:5f:63:aa:77:0f:92:85:bf:9b:32:88:e5:52:3b:
         02:8a:31:52:37:d7:2f:f9:34:ed:55:ab:c8:55:71:1a:6a:e7:
         09:03:35:db:3d:35:9e:fc:81:92:f1:85:f5:c1:bf:c8:2f:04:
         b1:3c:12:43:f9:bc:da:97:a6:9b:4a:8b:19:ad:17:d1:b9:e1:
         f7:39:5b:9d:39:c4:3e:af:bc:a3:fe:5d:a3:ba:51:ed:27:f6:
         32:f3:b1:da:ed:b9:bf:1d:67:92:05:66:40:01:a5:dd:8a:1c:
         c4:ed:99:97:ef:48:a0:af:c2:24:7c:85:63:c9:c0:42:e3:c4:
         ac:69:08:19
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcMBoXnED/CRyvLuUGPL8pOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzIzMDExMjQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGRmZWI1Nzg3M2VlYWRkYjNiZGM0MDUzZWI5YjVhYTUxMTZkMWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtlaOPdAVvwJ5y/b4/gSGP1hey95Y
T7rosFJEUm7FGNqUFwc0rg3vsDnoJzVjJvoWZ8IOevNNr+Y/xAEXSgJJaxIFEt/f
o5HjQQ29VY3rLCR1cJqEd/g4/1P7BfpljzmWSaUlyKPHN/B3yYSZwGAccbtEioG8
VLAt31ALXtqXdektyZ3u54cWhmu4g24OaiXCKf8CYFWJbcTwypOswuq7CsLUoAj5
CPSLivfNO8ZdsrH4kWu/OmMR9E6aAt0ebA8A6H32Z4y+1CjjIyAWdiPqTTf57Npk
qTgBj+B2JMIJaGXdIlRtQ5HEJAN4DZ3ShYyaWYgd/8r4oF4Gbtmgu9GX5QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLjf61eHPurds73EBT65tapRFtGqMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvdU5fclY0Yy02dDJ6dmNRRlBybTFxbEVXMGFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAbsIW8CauBLTSzzP85k
aXoR80s+G5fk2q2SXWri23xF+JUJy5Tc2XCU3EtXqohH7EOWFYaiGor8OwVQ+G41
i+XGhhvsQO5gfu/axCK8+Lct1wJO6NlrFhVI18QLj2KilawH2m4jExdS3jpGu3dM
OEtja8bvSAHPTBRcPs5zlaGSm3ZfY6p3D5KFv5syiOVSOwKKMVI31y/5NO1Vq8hV
cRpq5wkDNds9NZ78gZLxhfXBv8gvBLE8EkP5vNqXpptKixmtF9G54fc5W505xD6v
vKP+XaO6Ue0n9jLzsdrtub8dZ5IFZkABpd2KHMTtmZfvSKCvwiR8hWPJwELjxKxp
CBk=
-----END CERTIFICATE-----