Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/vWm5EI8TrcUaTs-aXmprFdeHr98.roa
File:                     vWm5EI8TrcUaTs-aXmprFdeHr98.roa (raw, json)
Hash identifier:          aKc6Fcq/gnjjqAxswHpxY9B6UXKBwVvBEIMdpLrOWVs=
Subject key identifier:   BD:69:B9:10:8F:13:AD:C5:1A:4E:CF:9A:5E:6A:6B:15:D7:87:AF:DF
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186F8B74C32344A2D282E12C862AA06AAEF
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/vWm5EI8TrcUaTs-aXmprFdeHr98.roa
Signing time:             Sun 19 Mar 2023 07:13:27 +0000
ROA not before:           Sun 19 Mar 2023 07:13:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:f8:b7:4c:32:34:4a:2d:28:2e:12:c8:62:aa:06:aa:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 19 07:13:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bd69b9108f13adc51a4ecf9a5e6a6b15d787afdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:4d:94:c5:34:7b:03:d9:8d:d8:ea:68:e3:5d:
                    41:dd:8a:b7:34:c8:27:b3:25:22:79:b0:0b:ba:73:
                    b2:7a:3b:6f:dc:7d:cc:0b:61:33:01:fd:5c:b5:fa:
                    0d:35:1c:5b:79:1e:e8:1c:86:14:c7:e4:f4:5f:5a:
                    a2:f0:ac:6e:51:95:09:5f:0d:03:58:06:35:f9:a8:
                    dd:e4:8d:75:44:6e:70:22:ea:61:93:53:23:17:1d:
                    27:08:4a:fd:81:c0:0e:68:a8:51:b0:34:25:7f:45:
                    4b:09:dd:60:8e:81:17:ea:7f:3e:3c:ec:71:06:85:
                    bc:08:a4:30:2a:69:8e:10:aa:5c:74:c7:28:43:bf:
                    5f:ef:e0:5b:c1:90:a3:79:34:61:33:70:c1:39:87:
                    01:05:f5:fc:a1:0b:b8:0d:fd:9d:08:a5:38:76:2a:
                    ea:a3:21:9c:35:17:2c:08:21:f0:eb:f3:f5:f2:6e:
                    db:5a:30:76:2e:4b:4d:94:14:a7:af:83:5f:95:b1:
                    8b:3f:39:83:20:bc:62:a6:1c:7b:2c:b4:d8:ef:87:
                    a0:8d:e8:df:f2:2a:cd:4e:8c:9c:c5:f7:5d:34:c7:
                    8b:5b:d6:a8:7d:41:20:41:bc:a0:50:d0:99:96:16:
                    28:ab:5a:1a:30:a2:5b:c3:fc:3e:62:76:10:6d:06:
                    a3:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:69:B9:10:8F:13:AD:C5:1A:4E:CF:9A:5E:6A:6B:15:D7:87:AF:DF
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/vWm5EI8TrcUaTs-aXmprFdeHr98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         01:f8:d7:c2:24:ef:d0:37:70:48:26:44:d7:e5:b6:28:ce:ea:
         f0:ce:cb:cd:ce:c1:8e:30:72:b9:52:0e:ef:90:b3:af:b1:1f:
         ee:d5:be:fc:24:cc:a2:f3:bc:c7:5b:ac:ef:98:cf:c2:15:fa:
         8d:58:f5:c3:84:f2:6d:6d:5f:fc:c6:6b:70:46:4c:55:cb:18:
         6d:2e:df:af:01:f1:3d:5f:2d:e9:9f:8c:db:50:40:6f:ed:83:
         22:74:d1:cf:42:06:85:67:6d:f0:86:7e:47:40:44:dc:8a:85:
         e6:81:2d:4d:7b:81:9f:ec:1a:d7:0f:8e:f1:c8:93:29:f3:1a:
         eb:32:6a:26:12:49:52:bf:38:03:24:24:f9:31:40:6e:cf:1d:
         d8:51:3a:89:7b:cf:7c:82:1a:7e:56:ac:91:a3:ca:6f:0e:23:
         47:8c:b3:78:af:9b:f8:62:95:d4:7d:51:c8:73:b9:e7:d6:ba:
         05:6d:44:5e:48:cc:26:bd:1b:0d:93:b0:fd:28:0e:52:0e:2b:
         58:ec:3b:4f:08:f5:73:90:b4:b9:57:cc:d8:be:a2:24:31:56:
         3b:4a:fe:81:dd:3c:79:e9:5b:05:37:49:55:4b:f2:f3:79:82:
         f6:33:4a:f4:43:09:41:0c:30:0e:28:aa:8e:6a:8a:37:d9:ac:
         fd:af:75:28
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYb4t0wyNEotKC4SyGKqBqrvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzE5MDcxMzI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDY5YjkxMDhmMTNhZGM1MWE0ZWNmOWE1ZTZhNmIxNWQ3ODdhZmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjk2UxTR7A9mN2Opo411B3Yq3NMgn
syUiebALunOyejtv3H3MC2EzAf1ctfoNNRxbeR7oHIYUx+T0X1qi8KxuUZUJXw0D
WAY1+ajd5I11RG5wIuphk1MjFx0nCEr9gcAOaKhRsDQlf0VLCd1gjoEX6n8+POxx
BoW8CKQwKmmOEKpcdMcoQ79f7+BbwZCjeTRhM3DBOYcBBfX8oQu4Df2dCKU4dirq
oyGcNRcsCCHw6/P18m7bWjB2LktNlBSnr4NflbGLPzmDILxiphx7LLTY74egjejf
8irNToycxfddNMeLW9aofUEgQbygUNCZlhYoq1oaMKJbw/w+YnYQbQajqQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFL1puRCPE63FGk7Pml5qaxXXh6/fMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvdldtNUVJOFRyY1VhVHMtYVhtcHJGZGVIcjk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAH418Ik79A3cEgmRNfl
tijO6vDOy83OwY4wcrlSDu+Qs6+xH+7VvvwkzKLzvMdbrO+Yz8IV+o1Y9cOE8m1t
X/zGa3BGTFXLGG0u368B8T1fLemfjNtQQG/tgyJ00c9CBoVnbfCGfkdARNyKheaB
LU17gZ/sGtcPjvHIkynzGusyaiYSSVK/OAMkJPkxQG7PHdhROol7z3yCGn5WrJGj
ym8OI0eMs3ivm/hildR9UchzuefWugVtRF5IzCa9Gw2TsP0oDlIOK1jsO08I9XOQ
tLlXzNi+oiQxVjtK/oHdPHnpWwU3SVVL8vN5gvYzSvRDCUEMMA4oqo5qijfZrP2v
dSg=
-----END CERTIFICATE-----