Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/v1dLdd5ZMTfqxE6Q5-U9Y6eKApA.roa
File:                     v1dLdd5ZMTfqxE6Q5-U9Y6eKApA.roa (raw, json)
Hash identifier:          rz7InVK8pc+1RE1w7F5UfXV+eN/S4qbQVH2CXP3VTp8=
Subject key identifier:   BF:57:4B:75:DE:59:31:37:EA:C4:4E:90:E7:E5:3D:63:A7:8A:02:90
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186D5BFF94F99E63C79AA9A42054D6CCBF3
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/v1dLdd5ZMTfqxE6Q5-U9Y6eKApA.roa
Signing time:             Sun 12 Mar 2023 12:16:13 +0000
ROA not before:           Sun 12 Mar 2023 12:16:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:d5:bf:f9:4f:99:e6:3c:79:aa:9a:42:05:4d:6c:cb:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 12 12:16:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bf574b75de593137eac44e90e7e53d63a78a0290
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:ee:c8:88:f8:a3:84:67:13:31:68:de:a9:81:
                    4d:c4:06:fd:0c:9a:4d:bf:06:6e:98:7e:97:dc:8b:
                    09:91:e3:ed:ac:1f:8a:80:dd:57:9c:25:66:98:b0:
                    88:0e:06:32:c5:05:e5:13:c2:e6:25:7e:b0:2b:ef:
                    9b:11:e0:0e:a0:dd:55:7a:c5:25:a3:8a:60:29:1d:
                    45:9b:10:ac:c3:36:02:79:40:ea:2b:37:3c:63:32:
                    bd:78:23:33:45:19:77:9b:80:0f:1f:f0:b1:21:97:
                    d0:b9:0f:4d:37:2b:9f:6b:3b:0a:54:9a:a0:57:ed:
                    f1:12:13:10:a3:e6:51:3a:73:7a:4d:57:5f:d9:70:
                    0a:02:4d:b3:43:a0:5e:a1:8d:90:f8:13:ca:ac:c2:
                    b6:47:10:b5:d2:e0:38:4b:41:bf:da:0c:f0:94:c8:
                    b9:a1:0e:67:76:86:7e:dc:e5:eb:44:62:19:13:f9:
                    51:0f:05:40:2a:34:a9:96:34:ab:66:86:db:e8:8c:
                    5f:ec:ab:cf:4b:17:7c:72:4b:39:bb:1f:91:13:70:
                    f5:52:5d:4c:27:1a:69:64:f8:f2:cf:7b:6d:d4:1d:
                    41:a3:9e:34:bd:af:04:da:8b:ee:91:ac:36:5e:7d:
                    2e:1b:79:9f:ef:43:91:0d:72:98:e0:c3:96:30:5b:
                    fe:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:57:4B:75:DE:59:31:37:EA:C4:4E:90:E7:E5:3D:63:A7:8A:02:90
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/v1dLdd5ZMTfqxE6Q5-U9Y6eKApA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         9a:a4:2c:95:81:25:eb:91:f2:5a:aa:f0:66:1a:d5:30:7d:9e:
         e7:c0:e9:4a:a2:cd:ae:6d:22:8d:a8:df:af:93:f3:08:6d:2e:
         2a:0d:68:d7:bb:30:55:05:44:8d:9f:76:7a:e7:09:bf:fd:97:
         21:7a:d9:9f:61:71:7e:5b:d4:ea:80:47:95:1e:f4:81:84:7a:
         67:d5:0a:00:41:73:a0:3a:d2:a2:99:e2:99:51:b8:c9:cd:3a:
         3b:76:94:51:93:26:12:2d:2d:b2:46:b1:d9:cb:91:86:c3:a7:
         ab:9b:c6:09:5b:bc:87:15:16:1f:94:88:b2:bd:e0:3d:f6:83:
         bc:04:f3:89:b5:28:9d:82:90:7b:ae:b4:87:98:3b:07:31:e5:
         fb:e5:ff:eb:57:78:4e:9f:00:e8:8c:01:d6:6b:0f:b3:78:b6:
         27:a4:27:d9:a9:f6:77:9e:87:44:a5:2f:77:a4:c3:bf:23:b9:
         0e:c1:04:bf:d2:0a:a1:27:fd:7d:1d:74:52:3a:81:98:5d:09:
         d3:26:87:4b:5a:7d:d2:e0:ca:78:a7:68:16:c8:06:34:c8:f6:
         41:71:6b:dc:f7:ac:9f:82:ee:fd:99:dc:39:8c:29:95:f8:10:
         89:ef:34:07:78:8b:db:9f:03:44:19:99:0d:4d:b0:99:47:76:
         6e:41:fd:1a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbVv/lPmeY8eaqaQgVNbMvzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzEyMTIxNjEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjU3NGI3NWRlNTkzMTM3ZWFjNDRlOTBlN2U1M2Q2M2E3OGEwMjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjO7IiPijhGcTMWjeqYFNxAb9DJpN
vwZumH6X3IsJkePtrB+KgN1XnCVmmLCIDgYyxQXlE8LmJX6wK++bEeAOoN1VesUl
o4pgKR1FmxCswzYCeUDqKzc8YzK9eCMzRRl3m4APH/CxIZfQuQ9NNyufazsKVJqg
V+3xEhMQo+ZROnN6TVdf2XAKAk2zQ6BeoY2Q+BPKrMK2RxC10uA4S0G/2gzwlMi5
oQ5ndoZ+3OXrRGIZE/lRDwVAKjSpljSrZobb6Ixf7KvPSxd8cks5ux+RE3D1Ul1M
JxppZPjyz3tt1B1Bo540va8E2ovukaw2Xn0uG3mf70ORDXKY4MOWMFv+FQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFL9XS3XeWTE36sROkOflPWOnigKQMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvdjFkTGRkNVpNVGZxeEU2UTUtVTlZNmVLQXBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJqkLJWBJeuR8lqq8GYa
1TB9nufA6Uqiza5tIo2o36+T8whtLioNaNe7MFUFRI2fdnrnCb/9lyF62Z9hcX5b
1OqAR5Ue9IGEemfVCgBBc6A60qKZ4plRuMnNOjt2lFGTJhItLbJGsdnLkYbDp6ub
xglbvIcVFh+UiLK94D32g7wE84m1KJ2CkHuutIeYOwcx5fvl/+tXeE6fAOiMAdZr
D7N4tiekJ9mp9neeh0SlL3ekw78juQ7BBL/SCqEn/X0ddFI6gZhdCdMmh0tafdLg
yninaBbIBjTI9kFxa9z3rJ+C7v2Z3DmMKZX4EInvNAd4i9ufA0QZmQ1NsJlHdm5B
/Ro=
-----END CERTIFICATE-----