Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/uY-xhq3a54zc1MkWheX6xDiEcy8.roa
File:                     uY-xhq3a54zc1MkWheX6xDiEcy8.roa (raw, json)
Hash identifier:          kSzpw9WWp4bPMXndqwIlAIorZL4Wbyh9XyD7jBcoUC0=
Subject key identifier:   B9:8F:B1:86:AD:DA:E7:8C:DC:D4:C9:16:85:E5:FA:C4:38:84:73:2F
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187703893A322F51FCD9E5280722670C7F1
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/uY-xhq3a54zc1MkWheX6xDiEcy8.roa
Signing time:             Tue 11 Apr 2023 12:09:28 +0000
ROA not before:           Tue 11 Apr 2023 12:09:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:70:38:93:a3:22:f5:1f:cd:9e:52:80:72:26:70:c7:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 11 12:09:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b98fb186addae78cdcd4c91685e5fac43884732f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:23:c3:3d:03:b4:15:05:f1:44:af:7b:4e:04:
                    5e:7d:50:a9:7b:84:7f:1b:d4:8c:de:34:32:2d:57:
                    41:0e:2a:9c:0d:aa:a6:cf:e2:27:93:ea:b6:46:ee:
                    70:bc:68:c0:90:49:c1:f6:59:92:ec:cf:3a:44:1e:
                    c2:bd:43:d0:ba:d5:fc:28:39:18:63:c8:8d:fd:13:
                    1c:83:99:f0:4b:e4:b9:4d:43:e0:1a:f8:58:5c:3b:
                    b7:29:21:a8:7c:c0:e4:20:1a:9a:32:77:bf:65:d0:
                    8d:0c:e2:1c:d6:6b:76:a9:19:f4:6f:c5:a4:98:7c:
                    a5:15:5f:e8:6c:94:89:1c:69:42:a0:98:51:b2:09:
                    21:cb:f0:43:4e:e6:c7:6c:c3:c7:bb:aa:92:cb:91:
                    80:b0:15:e2:be:9c:c2:16:1b:35:9d:92:84:d5:46:
                    fc:06:8b:e1:8c:de:ac:7c:72:53:84:5c:54:d3:e6:
                    0c:73:79:0b:2e:14:db:7e:31:ba:06:4e:ee:ac:11:
                    35:a8:e5:67:0c:45:73:3b:07:f0:a0:32:7b:76:c9:
                    44:9a:73:44:25:ac:f3:4d:97:9f:17:6a:e3:f0:cd:
                    87:45:f9:e4:62:85:05:22:3f:fa:52:7e:b5:75:6e:
                    6f:76:ed:d1:f1:0b:40:d0:6a:ee:9c:63:3c:9b:46:
                    04:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:8F:B1:86:AD:DA:E7:8C:DC:D4:C9:16:85:E5:FA:C4:38:84:73:2F
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/uY-xhq3a54zc1MkWheX6xDiEcy8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         45:0a:bc:65:db:ba:4b:6a:09:70:33:fd:33:99:df:58:14:64:
         62:b3:5c:3b:53:0a:03:29:27:ea:75:ce:d9:1c:65:b1:af:12:
         49:5d:d1:22:5b:93:ec:95:13:ed:0e:81:58:7a:47:16:ac:39:
         f6:b4:7d:84:2e:55:40:98:4a:16:75:0f:3e:8c:67:d9:4d:43:
         db:b1:1c:0b:22:24:93:4c:d4:ba:6d:54:13:5a:90:60:7d:ce:
         c2:11:f5:f5:c8:d9:96:d9:38:9d:d6:1c:79:aa:02:22:e8:95:
         bd:de:3c:81:e5:b1:eb:ec:69:ca:14:5c:fa:76:cf:2c:fe:09:
         79:8a:8f:c5:dd:d1:f0:f5:ef:82:1e:fe:71:6d:49:d8:13:d2:
         74:9f:5d:70:20:87:78:e0:cf:b6:f2:6c:41:c7:1d:a2:b3:21:
         48:7f:1c:2a:e6:f4:b1:cb:dd:a1:0a:e5:26:05:b2:98:04:5d:
         50:16:86:ad:9e:0c:6c:d2:a3:b5:4d:e1:46:30:63:cd:bc:3a:
         a6:a4:09:ee:43:cb:63:d9:5c:b1:05:ff:f3:af:3a:b4:f7:32:
         83:e1:a8:d0:18:d1:1c:38:ca:4d:26:1f:82:89:d7:ef:6a:fc:
         cd:eb:3a:8e:e0:27:79:11:6a:ec:ff:f2:6f:00:db:52:f2:e7:
         3a:4d:6b:ab
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdwOJOjIvUfzZ5SgHImcMfxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDExMTIwOTI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOThmYjE4NmFkZGFlNzhjZGNkNGM5MTY4NWU1ZmFjNDM4ODQ3MzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiiPDPQO0FQXxRK97TgRefVCpe4R/
G9SM3jQyLVdBDiqcDaqmz+Ink+q2Ru5wvGjAkEnB9lmS7M86RB7CvUPQutX8KDkY
Y8iN/RMcg5nwS+S5TUPgGvhYXDu3KSGofMDkIBqaMne/ZdCNDOIc1mt2qRn0b8Wk
mHylFV/obJSJHGlCoJhRsgkhy/BDTubHbMPHu6qSy5GAsBXivpzCFhs1nZKE1Ub8
BovhjN6sfHJThFxU0+YMc3kLLhTbfjG6Bk7urBE1qOVnDEVzOwfwoDJ7dslEmnNE
JazzTZefF2rj8M2HRfnkYoUFIj/6Un61dW5vdu3R8QtA0GrunGM8m0YE7wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLmPsYat2ueM3NTJFoXl+sQ4hHMvMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvdVkteGhxM2E1NHpjMU1rV2hlWDZ4RGlFY3k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEUKvGXbuktqCXAz/TOZ
31gUZGKzXDtTCgMpJ+p1ztkcZbGvEkld0SJbk+yVE+0OgVh6RxasOfa0fYQuVUCY
ShZ1Dz6MZ9lNQ9uxHAsiJJNM1LptVBNakGB9zsIR9fXI2ZbZOJ3WHHmqAiLolb3e
PIHlsevsacoUXPp2zyz+CXmKj8Xd0fD174Ie/nFtSdgT0nSfXXAgh3jgz7bybEHH
HaKzIUh/HCrm9LHL3aEK5SYFspgEXVAWhq2eDGzSo7VN4UYwY828OqakCe5Dy2PZ
XLEF//OvOrT3MoPhqNAY0Rw4yk0mH4KJ1+9q/M3rOo7gJ3kRauz/8m8A21Ly5zpN
a6s=
-----END CERTIFICATE-----