Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/uSb2-2R79bdphYo5RDoIUaW_N5c.roa
File:                     uSb2-2R79bdphYo5RDoIUaW_N5c.roa (raw, json)
Hash identifier:          BMJ7h79j5YXLCrKgSsngO0TulFn6Eb+aOBODbgJz+1g=
Subject key identifier:   B9:26:F6:FB:64:7B:F5:B7:69:85:8A:39:44:3A:08:51:A5:BF:37:97
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187B2B9007CB261A6948A0D45E4082B9159
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/uSb2-2R79bdphYo5RDoIUaW_N5c.roa
Signing time:             Mon 24 Apr 2023 10:04:41 +0000
ROA not before:           Mon 24 Apr 2023 10:04:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:b2:b9:00:7c:b2:61:a6:94:8a:0d:45:e4:08:2b:91:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 24 10:04:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b926f6fb647bf5b769858a39443a0851a5bf3797
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:e7:95:bc:48:b0:4d:18:8e:1c:0d:e8:05:c9:
                    4d:7f:42:d7:49:7d:da:0f:af:3f:7a:f2:34:14:a4:
                    a3:3d:3f:75:67:df:10:2b:68:8b:b9:0a:1e:19:16:
                    5d:03:ef:c1:81:39:d9:ee:f8:e2:1f:94:63:fd:3f:
                    94:81:c2:80:83:d6:a8:4e:dc:9b:85:2d:c5:dc:94:
                    8c:24:fb:69:40:5b:5a:f0:cb:c4:9f:da:06:65:df:
                    81:ab:22:66:67:bb:94:8d:83:27:e9:8a:8c:4c:f2:
                    48:12:cf:2b:9b:7a:65:e9:cd:32:5f:fb:0c:43:2c:
                    de:53:d3:d7:6f:6c:b8:d2:4b:ed:61:55:66:f1:89:
                    99:47:b2:74:d6:c6:34:80:de:97:3d:ef:84:88:fa:
                    fa:be:9c:be:ff:8a:f0:d5:cc:bc:d8:06:42:34:16:
                    93:53:b9:75:08:60:a3:07:4e:05:6f:46:5f:ad:3d:
                    be:78:f6:69:20:8a:d6:bc:86:f3:0d:3e:4d:11:cc:
                    7d:8e:fc:62:cd:93:e6:fb:97:4f:ab:bf:6a:7a:58:
                    67:09:85:ea:b8:43:f8:77:2d:22:f8:44:0c:62:57:
                    9e:ee:0b:3e:33:4e:0d:bd:76:a1:fa:54:fe:b1:3f:
                    ca:15:df:c9:77:c5:a7:4e:0e:9f:f7:77:85:c4:27:
                    3d:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:26:F6:FB:64:7B:F5:B7:69:85:8A:39:44:3A:08:51:A5:BF:37:97
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/uSb2-2R79bdphYo5RDoIUaW_N5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         57:7e:d8:4e:f7:9a:2f:dc:6d:88:2e:c4:2f:24:a7:f5:35:98:
         9e:fb:61:03:ad:43:cb:9d:da:87:fe:29:9a:73:78:0d:28:76:
         6a:c7:fa:7a:1f:a2:34:45:d2:91:b0:87:5b:b1:c1:29:7a:1d:
         fa:66:2e:50:aa:d7:47:58:bb:1a:47:cd:73:f5:75:c6:06:f7:
         6a:5d:3d:de:74:5e:51:8b:63:01:47:7a:59:eb:80:13:d6:98:
         36:38:4b:4f:d1:ff:24:58:67:20:b0:5d:79:2d:62:af:2f:df:
         f6:d9:8d:d0:ee:be:87:74:4c:48:35:9a:ed:1e:25:0d:13:3b:
         b6:33:b5:d7:5c:53:24:f6:7f:7f:c6:0d:c1:02:9e:c9:02:98:
         8f:d7:7d:a3:45:a3:60:58:89:7f:30:e8:6a:89:2f:17:b4:f8:
         2a:92:df:8b:6c:f7:99:f3:ee:95:95:69:88:23:b4:af:7c:13:
         a9:dd:ae:ef:34:8f:4b:02:22:90:79:13:f1:35:ff:36:2e:58:
         01:dc:8e:98:69:0a:3a:df:49:0c:83:3d:45:6b:5b:a6:bf:85:
         e3:e9:2a:0e:ff:2c:df:a9:00:f2:1d:2f:a1:e9:95:11:33:c5:
         41:51:a6:2a:e6:c6:c2:6b:05:e2:27:61:68:10:d6:2f:f7:31:
         b8:2c:aa:3b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYeyuQB8smGmlIoNReQIK5FZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDI0MTAwNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTI2ZjZmYjY0N2JmNWI3Njk4NThhMzk0NDNhMDg1MWE1YmYzNzk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi+eVvEiwTRiOHA3oBclNf0LXSX3a
D68/evI0FKSjPT91Z98QK2iLuQoeGRZdA+/BgTnZ7vjiH5Rj/T+UgcKAg9aoTtyb
hS3F3JSMJPtpQFta8MvEn9oGZd+BqyJmZ7uUjYMn6YqMTPJIEs8rm3pl6c0yX/sM
QyzeU9PXb2y40kvtYVVm8YmZR7J01sY0gN6XPe+EiPr6vpy+/4rw1cy82AZCNBaT
U7l1CGCjB04Fb0ZfrT2+ePZpIIrWvIbzDT5NEcx9jvxizZPm+5dPq79qelhnCYXq
uEP4dy0i+EQMYlee7gs+M04NvXah+lT+sT/KFd/Jd8WnTg6f93eFxCc92QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLkm9vtke/W3aYWKOUQ6CFGlvzeXMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvdVNiMi0yUjc5YmRwaFlvNVJEb0lVYVdfTjVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFd+2E73mi/cbYguxC8k
p/U1mJ77YQOtQ8ud2of+KZpzeA0odmrH+nofojRF0pGwh1uxwSl6HfpmLlCq10dY
uxpHzXP1dcYG92pdPd50XlGLYwFHelnrgBPWmDY4S0/R/yRYZyCwXXktYq8v3/bZ
jdDuvod0TEg1mu0eJQ0TO7YztddcUyT2f3/GDcECnskCmI/XfaNFo2BYiX8w6GqJ
Lxe0+CqS34ts95nz7pWVaYgjtK98E6ndru80j0sCIpB5E/E1/zYuWAHcjphpCjrf
SQyDPUVrW6a/hePpKg7/LN+pAPIdL6HplREzxUFRpirmxsJrBeInYWgQ1i/3Mbgs
qjs=
-----END CERTIFICATE-----