Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/vxyQjyNpbtYCX0ckipQ-e_rmi7c.roa
File:                     vxyQjyNpbtYCX0ckipQ-e_rmi7c.roa (raw, json)
Hash identifier:          w/CYUXXLDM1W+/rd2Lrym9lLqvVehYUFC1eMl2C5aAc=
Subject key identifier:   BF:1C:90:8F:23:69:6E:D6:02:5F:47:24:8A:94:3E:7B:FA:E6:8B:B7
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01883C4A56DD2A76AC991C8BB51078EA9DA2
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/vxyQjyNpbtYCX0ckipQ-e_rmi7c.roa
Signing time:             Sun 21 May 2023 03:11:24 +0000
ROA not before:           Sun 21 May 2023 03:11:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:3c:4a:56:dd:2a:76:ac:99:1c:8b:b5:10:78:ea:9d:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 21 03:11:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bf1c908f23696ed6025f47248a943e7bfae68bb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:00:92:1d:40:ec:43:30:48:93:ff:a2:3b:2f:
                    f7:fa:bb:eb:d2:bc:03:a8:85:50:82:92:f7:29:40:
                    8c:47:05:d0:c9:66:41:67:41:24:f5:81:cf:ff:0c:
                    05:2e:e1:9d:39:6d:89:2b:eb:06:2d:74:8b:4e:38:
                    58:1b:38:46:c2:cf:00:21:67:91:07:6b:89:2d:31:
                    23:df:71:81:c5:c6:b2:14:78:f0:98:a8:a1:ce:ea:
                    0c:73:64:7e:eb:fb:e7:7e:e9:20:4b:a9:fc:05:60:
                    fe:70:8e:7e:84:d7:5a:3a:a5:45:36:aa:a3:a4:0c:
                    40:46:27:7e:ed:93:20:fb:0a:07:3c:98:57:72:dc:
                    ac:2f:37:96:dc:fa:9f:83:2a:fd:73:c5:63:b1:41:
                    f6:9a:ed:bd:c4:6b:65:14:f3:23:45:77:be:6d:63:
                    b0:56:32:80:3a:96:b2:94:78:49:37:13:dc:ba:63:
                    92:25:8a:c3:ec:62:47:58:d6:7b:63:80:21:a7:29:
                    87:d4:f8:02:e1:2c:73:7e:6a:b3:7e:8b:b0:f1:9a:
                    e3:31:ce:61:cd:fa:9c:f1:69:54:03:c9:6b:6c:a5:
                    23:ba:85:22:33:f9:6b:05:e6:2b:65:32:00:3d:04:
                    d3:8b:be:87:5d:aa:bc:56:24:0e:69:08:7a:7d:2e:
                    2f:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:1C:90:8F:23:69:6E:D6:02:5F:47:24:8A:94:3E:7B:FA:E6:8B:B7
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/vxyQjyNpbtYCX0ckipQ-e_rmi7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         05:52:e6:b3:f3:84:fb:95:9a:4d:6d:8d:91:c6:2c:bd:b6:ca:
         11:fa:18:ea:c4:43:74:29:31:20:6f:6a:bf:eb:4d:0e:6b:e3:
         a4:e3:cb:d7:ce:03:d3:b1:59:6d:34:34:5b:25:db:93:62:b4:
         97:d7:58:7c:df:0a:d2:3e:aa:45:85:e0:ff:47:d1:55:78:64:
         39:05:cd:74:d1:38:2e:70:b7:ba:f7:7b:7a:8c:9c:4a:2b:c0:
         36:9f:56:2d:91:8d:56:cc:7f:d1:e6:bd:89:ba:23:26:4c:9c:
         82:e5:ff:e7:bc:3f:d2:25:89:6f:80:18:0f:99:ad:82:e7:17:
         75:d8:40:63:6a:83:cd:ee:42:4f:e6:58:37:b3:11:20:7a:27:
         2e:7c:68:9d:bc:e5:4c:c3:7e:13:d8:f7:39:7e:e8:c9:fe:55:
         04:b1:8e:56:93:c0:98:e0:63:93:79:65:66:be:ee:fe:bb:9a:
         60:6e:07:19:ec:8b:1d:6e:b1:af:6c:10:d0:ec:08:3b:f1:0d:
         50:a3:de:fe:e4:be:cd:b5:94:bd:0d:ee:21:0a:0e:01:12:e4:
         0f:71:29:e7:de:3a:5e:ab:67:fe:d9:fb:34:ef:f7:a6:3d:07:
         d2:11:69:26:ce:c8:d3:65:16:5e:29:94:aa:16:1c:5a:f7:75:
         4a:13:a1:21
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYg8SlbdKnasmRyLtRB46p2iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTIxMDMxMTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjFjOTA4ZjIzNjk2ZWQ2MDI1ZjQ3MjQ4YTk0M2U3YmZhZTY4YmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAggCSHUDsQzBIk/+iOy/3+rvr0rwD
qIVQgpL3KUCMRwXQyWZBZ0Ek9YHP/wwFLuGdOW2JK+sGLXSLTjhYGzhGws8AIWeR
B2uJLTEj33GBxcayFHjwmKihzuoMc2R+6/vnfukgS6n8BWD+cI5+hNdaOqVFNqqj
pAxARid+7ZMg+woHPJhXctysLzeW3Pqfgyr9c8VjsUH2mu29xGtlFPMjRXe+bWOw
VjKAOpaylHhJNxPcumOSJYrD7GJHWNZ7Y4AhpymH1PgC4Sxzfmqzfouw8ZrjMc5h
zfqc8WlUA8lrbKUjuoUiM/lrBeYrZTIAPQTTi76HXaq8ViQOaQh6fS4v+QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFL8ckI8jaW7WAl9HJIqUPnv65ou3MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvdnh5UWp5TnBidFlDWDBja2lwUS1lX3JtaTdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAVS5rPzhPuVmk1tjZHG
LL22yhH6GOrEQ3QpMSBvar/rTQ5r46Tjy9fOA9OxWW00NFsl25NitJfXWHzfCtI+
qkWF4P9H0VV4ZDkFzXTROC5wt7r3e3qMnEorwDafVi2RjVbMf9HmvYm6IyZMnILl
/+e8P9IliW+AGA+ZrYLnF3XYQGNqg83uQk/mWDezESB6Jy58aJ285UzDfhPY9zl+
6Mn+VQSxjlaTwJjgY5N5ZWa+7v67mmBuBxnsix1usa9sENDsCDvxDVCj3v7kvs21
lL0N7iEKDgES5A9xKefeOl6rZ/7Z+zTv96Y9B9IRaSbOyNNlFl4plKoWHFr3dUoT
oSE=
-----END CERTIFICATE-----