Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/vNVNUNLt9YGMG8xCnJGY6ji8MH4.roa
File:                     vNVNUNLt9YGMG8xCnJGY6ji8MH4.roa (raw, json)
Hash identifier:          imd4xEzVJlisCaLmIqeF3/NEhkJ4EigDmg2pdYddpX8=
Subject key identifier:   BC:D5:4D:50:D2:ED:F5:81:8C:1B:CC:42:9C:91:98:EA:38:BC:30:7E
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01879EFB4B5F9DE2708B43148FD7AF54FB36
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/vNVNUNLt9YGMG8xCnJGY6ji8MH4.roa
Signing time:             Thu 20 Apr 2023 14:04:41 +0000
ROA not before:           Thu 20 Apr 2023 14:04:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:187:9efa:e864/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:9e:fb:4b:5f:9d:e2:70:8b:43:14:8f:d7:af:54:fb:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 20 14:04:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bcd54d50d2edf5818c1bcc429c9198ea38bc307e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:04:c0:ef:16:73:59:0f:60:6e:41:77:01:f3:
                    f0:16:e3:fc:d6:88:11:c3:e3:95:2f:56:22:eb:1e:
                    7d:78:40:f3:f0:41:d8:18:26:8a:2c:f0:1d:c7:6f:
                    ad:17:ca:d1:2f:0f:0e:f9:08:55:9b:75:c9:5e:44:
                    44:67:e5:6b:7d:7f:31:a2:c3:a9:c7:f2:b2:fa:91:
                    72:5a:df:85:04:1e:23:a7:b4:5b:f9:d8:8b:96:26:
                    5f:d7:22:19:0d:7f:29:55:b1:e8:2a:6c:a8:48:01:
                    8b:75:30:8b:7b:4c:5e:cf:79:0d:d8:22:01:78:23:
                    e6:c2:33:2f:c9:a3:fd:23:29:ea:b2:a9:74:16:ca:
                    d5:74:30:3e:e1:42:d2:82:00:4e:45:c7:9e:e1:89:
                    7a:62:13:a8:15:17:c3:a8:8c:c0:c7:d0:d6:17:dc:
                    13:59:81:98:43:24:95:83:fb:ac:d3:c5:e1:44:07:
                    ba:19:e5:c8:6f:90:af:8c:38:42:c6:2a:82:50:f8:
                    47:f2:5d:51:65:82:f2:ab:44:92:8f:cf:48:95:d9:
                    ea:3f:f4:b2:3e:9d:6a:4c:c7:03:13:7f:b4:76:44:
                    65:f8:c8:54:5e:ef:92:93:3e:8b:ca:c5:7f:82:4a:
                    a6:c4:72:6b:39:f5:b4:34:a4:58:5e:4e:27:3c:d3:
                    e2:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:D5:4D:50:D2:ED:F5:81:8C:1B:CC:42:9C:91:98:EA:38:BC:30:7E
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/vNVNUNLt9YGMG8xCnJGY6ji8MH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:9a:1e:b4:31:a6:f6:08:08:29:16:f5:8f:4d:89:3c:55:eb:
         7e:c9:c4:66:c4:05:5d:61:bd:21:3d:b5:9a:95:7d:c4:fd:04:
         6b:5d:e3:75:be:95:8b:b3:c7:d3:43:df:a6:71:07:37:18:66:
         12:d7:8d:7e:74:53:db:39:69:db:16:c4:6a:79:7c:b1:d7:3f:
         88:b3:de:c2:1b:df:1d:26:06:18:67:b0:24:a1:88:54:b6:8f:
         2c:a6:94:84:e0:03:48:30:67:97:d4:a8:dc:3a:da:8b:26:0e:
         52:8f:14:cc:61:a6:93:c1:84:0f:83:f9:5b:6a:df:03:cf:67:
         f1:97:f9:56:b8:84:bb:0d:b9:8b:d5:9d:17:3d:09:bd:6d:b0:
         72:78:f1:85:d0:18:4b:cd:9d:9d:ea:b5:a6:cb:b8:0f:a1:76:
         67:a5:ee:f4:6b:b2:48:67:b0:bf:45:87:a6:59:cb:a9:36:78:
         39:ce:b6:9c:9c:1d:1d:2b:70:ba:91:f6:24:4d:45:73:43:9f:
         71:e1:30:35:c9:14:15:8b:20:0b:ce:cd:9c:ae:9e:85:9a:c6:
         ee:48:4a:e0:e2:29:84:29:62:de:2f:dc:c6:16:52:13:9b:e8:
         aa:de:d0:fb:a9:db:4d:0e:17:b4:17:6a:4c:3f:77:1c:d0:91:
         0a:61:3f:95
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYee+0tfneJwi0MUj9evVPs2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDIwMTQwNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2Q1NGQ1MGQyZWRmNTgxOGMxYmNjNDI5YzkxOThlYTM4YmMzMDdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlATA7xZzWQ9gbkF3AfPwFuP81ogR
w+OVL1Yi6x59eEDz8EHYGCaKLPAdx2+tF8rRLw8O+QhVm3XJXkREZ+VrfX8xosOp
x/Ky+pFyWt+FBB4jp7Rb+diLliZf1yIZDX8pVbHoKmyoSAGLdTCLe0xez3kN2CIB
eCPmwjMvyaP9Iynqsql0FsrVdDA+4ULSggBORcee4Yl6YhOoFRfDqIzAx9DWF9wT
WYGYQySVg/us08XhRAe6GeXIb5CvjDhCxiqCUPhH8l1RZYLyq0SSj89IldnqP/Sy
Pp1qTMcDE3+0dkRl+MhUXu+Skz6LysV/gkqmxHJrOfW0NKRYXk4nPNPiBwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLzVTVDS7fWBjBvMQpyRmOo4vDB+MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvdk5WTlVOTHQ5WUdNRzh4Q25KR1k2amk4TUg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHyaHrQxpvYICCkW9Y9N
iTxV637JxGbEBV1hvSE9tZqVfcT9BGtd43W+lYuzx9ND36ZxBzcYZhLXjX50U9s5
adsWxGp5fLHXP4iz3sIb3x0mBhhnsCShiFS2jyymlITgA0gwZ5fUqNw62osmDlKP
FMxhppPBhA+D+Vtq3wPPZ/GX+Va4hLsNuYvVnRc9Cb1tsHJ48YXQGEvNnZ3qtabL
uA+hdmel7vRrskhnsL9Fh6ZZy6k2eDnOtpycHR0rcLqR9iRNRXNDn3HhMDXJFBWL
IAvOzZyunoWaxu5ISuDiKYQpYt4v3MYWUhOb6Kre0Pup200OF7QXakw/dxzQkQph
P5U=
-----END CERTIFICATE-----