Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/v1Yr3uY_2Yd1RbbZtqgid07anhA.roa
File:                     v1Yr3uY_2Yd1RbbZtqgid07anhA.roa (raw, json)
Hash identifier:          FOYjCVOoL3ZbeGL1Vni0iuqA9Shnr5D1mZcLzjD12vU=
Subject key identifier:   BF:56:2B:DE:E6:3F:D9:87:75:45:B6:D9:B6:A8:22:77:4E:DA:9E:10
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01877000BAD5C5FD865A4D53F9012E922155
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/v1Yr3uY_2Yd1RbbZtqgid07anhA.roa
Signing time:             Tue 11 Apr 2023 11:08:28 +0000
ROA not before:           Tue 11 Apr 2023 11:08:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:70:00:ba:d5:c5:fd:86:5a:4d:53:f9:01:2e:92:21:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 11 11:08:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bf562bdee63fd9877545b6d9b6a822774eda9e10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:9d:1e:9b:bf:a3:49:4d:1b:7f:2e:8b:23:03:
                    4d:2c:e2:35:0f:3b:7b:c7:af:56:03:f6:d8:b7:c8:
                    c8:bc:ea:c5:dd:90:8c:40:73:6d:62:cc:41:1f:32:
                    37:17:94:79:f9:32:b1:3a:34:bf:ab:1a:6e:92:d3:
                    d6:b7:73:c5:cd:36:c8:ec:78:52:91:a7:81:e4:a3:
                    e1:72:a9:22:86:b8:fc:e9:f2:2a:f8:88:2b:db:e3:
                    2b:cb:b2:f9:8f:b2:27:70:73:6d:a5:07:af:0f:f8:
                    7d:77:a4:be:86:6a:33:8c:1d:bb:34:d8:a9:3f:9a:
                    85:d3:4c:97:ad:b0:08:94:5d:60:11:27:4a:46:71:
                    a0:6e:1f:8e:3f:10:e9:17:d1:72:74:5f:10:1b:13:
                    83:21:a6:89:34:66:f6:c5:10:4a:81:69:74:32:4d:
                    7f:37:45:de:9e:4c:cf:9a:ba:33:de:27:78:15:93:
                    0a:a8:a6:80:85:73:33:31:9f:6d:8d:3b:9e:50:10:
                    e3:fc:0e:f6:7b:51:29:96:55:26:68:29:8f:e5:7c:
                    8d:0c:01:da:72:4d:a5:3a:00:49:1d:61:68:d5:77:
                    6d:9f:4e:f8:be:89:c4:8d:ee:d3:72:cb:ea:c1:6d:
                    e9:17:da:53:fa:dd:62:dc:5f:3b:45:67:10:dd:74:
                    17:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:56:2B:DE:E6:3F:D9:87:75:45:B6:D9:B6:A8:22:77:4E:DA:9E:10
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/v1Yr3uY_2Yd1RbbZtqgid07anhA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         8b:2a:02:7a:cf:ae:a7:2d:bc:ca:d7:10:91:e9:2b:a7:ea:97:
         ab:87:ba:3c:4b:12:69:75:8d:1a:b3:02:08:97:d7:d3:85:12:
         80:27:38:31:50:42:1e:ce:87:d6:37:04:ca:8c:cb:a0:6f:17:
         8d:04:dd:ed:27:6f:04:f7:79:ec:9b:71:fb:36:70:0a:6c:a6:
         97:61:12:1c:74:2d:db:06:ff:07:cd:19:39:e1:e1:d4:bf:44:
         26:33:73:d3:55:01:30:31:f5:3f:db:2f:ff:14:7b:d5:f2:b5:
         43:5b:39:04:4b:bc:e8:1a:98:d8:2d:bd:db:fb:6c:1d:9f:c7:
         d6:29:27:27:a6:3a:06:65:82:14:b7:a2:6e:a2:6a:4f:97:c3:
         7b:a5:a1:e4:ef:be:15:79:52:7b:f3:05:16:6c:a8:48:f9:58:
         97:c5:d3:d9:72:34:9b:fd:17:5c:38:d2:ab:d3:36:32:e7:0e:
         47:29:d9:53:bb:24:70:05:a2:eb:25:61:14:81:b8:4c:23:26:
         88:64:e4:3f:47:b5:ce:5f:6d:1a:76:7a:12:ae:f4:db:c1:33:
         35:29:21:ff:6b:24:65:e1:10:bd:75:ca:60:49:08:28:93:55:
         2a:19:8e:67:cc:de:b9:45:40:c9:50:6e:46:64:2e:34:b1:e8:
         46:b6:68:af
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdwALrVxf2GWk1T+QEukiFVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDExMTEwODI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjU2MmJkZWU2M2ZkOTg3NzU0NWI2ZDliNmE4MjI3NzRlZGE5ZTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5p0em7+jSU0bfy6LIwNNLOI1Dzt7
x69WA/bYt8jIvOrF3ZCMQHNtYsxBHzI3F5R5+TKxOjS/qxpuktPWt3PFzTbI7HhS
kaeB5KPhcqkihrj86fIq+Igr2+Mry7L5j7IncHNtpQevD/h9d6S+hmozjB27NNip
P5qF00yXrbAIlF1gESdKRnGgbh+OPxDpF9FydF8QGxODIaaJNGb2xRBKgWl0Mk1/
N0XenkzPmroz3id4FZMKqKaAhXMzMZ9tjTueUBDj/A72e1EpllUmaCmP5XyNDAHa
ck2lOgBJHWFo1Xdtn074vonEje7TcsvqwW3pF9pT+t1i3F87RWcQ3XQXewIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFL9WK97mP9mHdUW22baoIndO2p4QMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvdjFZcjN1WV8yWWQxUmJiWnRxZ2lkMDdhbmhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIsqAnrPrqctvMrXEJHp
K6fql6uHujxLEml1jRqzAgiX19OFEoAnODFQQh7Oh9Y3BMqMy6BvF40E3e0nbwT3
eeybcfs2cApsppdhEhx0LdsG/wfNGTnh4dS/RCYzc9NVATAx9T/bL/8Ue9XytUNb
OQRLvOgamNgtvdv7bB2fx9YpJyemOgZlghS3om6iak+Xw3uloeTvvhV5UnvzBRZs
qEj5WJfF09lyNJv9F1w40qvTNjLnDkcp2VO7JHAFouslYRSBuEwjJohk5D9Htc5f
bRp2ehKu9NvBMzUpIf9rJGXhEL11ymBJCCiTVSoZjmfM3rlFQMlQbkZkLjSx6Ea2
aK8=
-----END CERTIFICATE-----