Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/x47HqfVm19OdstD5HS4BC4_NKoA.roa
File:                     x47HqfVm19OdstD5HS4BC4_NKoA.roa (raw, json)
Hash identifier:          or9nGyY5X7ug6DPlFFRDzjyxcFcRD72Pc78K51W4Rso=
Subject key identifier:   C7:8E:C7:A9:F5:66:D7:D3:9D:B2:D0:F9:1D:2E:01:0B:8F:CD:2A:80
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018801EBC7F8F96CA7BD5CCD942B9C2C5A49
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/x47HqfVm19OdstD5HS4BC4_NKoA.roa
Signing time:             Tue 09 May 2023 19:10:09 +0000
ROA not before:           Tue 09 May 2023 19:10:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:01:eb:c7:f8:f9:6c:a7:bd:5c:cd:94:2b:9c:2c:5a:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  9 19:10:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c78ec7a9f566d7d39db2d0f91d2e010b8fcd2a80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:77:5f:91:b3:52:69:04:7d:92:94:c5:cd:64:
                    d6:5d:d4:2f:8b:37:3e:87:c2:17:79:1c:cd:b7:7d:
                    f3:03:54:03:d1:8a:11:d5:6c:f1:d5:91:f1:de:f4:
                    05:da:e0:25:ba:f5:34:c6:a8:f2:2b:28:eb:85:09:
                    4e:ed:3f:22:c1:f1:75:c6:75:d1:30:c3:c3:2b:c5:
                    58:63:27:ab:06:7d:36:fe:55:0e:35:6c:47:59:64:
                    74:b7:47:43:e2:c4:a2:8e:bc:ca:9f:b0:0b:a4:51:
                    89:00:80:18:99:09:39:51:d6:7d:c3:36:b5:b5:e2:
                    66:a4:56:fc:1c:55:38:63:c5:6b:6a:e3:e8:0a:45:
                    02:74:bd:a3:aa:ef:51:30:70:93:d2:46:fe:c8:d2:
                    7b:2e:86:3d:9d:98:37:f1:71:5b:2e:c7:b7:6e:06:
                    ed:89:4d:6a:c1:e3:fd:67:af:b8:7c:2d:4e:c1:96:
                    ef:08:8d:84:b5:46:80:26:30:66:0e:a7:82:79:bd:
                    64:04:51:78:b9:0f:b0:fa:6e:c9:51:d1:38:64:95:
                    a4:dc:77:7c:a0:d1:10:16:b1:97:63:9a:7c:52:d5:
                    b2:02:ec:c1:c9:14:28:5b:61:d9:86:60:b5:af:e3:
                    2c:6c:41:c4:c8:e1:67:cc:10:e3:d6:16:0e:32:93:
                    d3:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:8E:C7:A9:F5:66:D7:D3:9D:B2:D0:F9:1D:2E:01:0B:8F:CD:2A:80
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/x47HqfVm19OdstD5HS4BC4_NKoA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         48:7b:20:25:7c:c5:c6:61:d6:a9:53:b2:6b:9f:10:78:2e:55:
         65:a7:c8:bb:c6:de:46:77:a7:c7:da:cc:56:78:0c:8c:bc:4d:
         10:5b:3d:62:5d:f6:e1:8b:05:96:df:72:44:44:31:74:78:d2:
         a0:9d:82:00:3a:01:57:1c:52:c7:51:59:5b:15:61:8c:ef:85:
         c3:b6:49:c9:15:54:6d:23:c8:63:c1:7d:d1:49:cf:19:f9:98:
         32:c0:4a:af:26:0b:0c:9c:62:e4:d2:50:9b:27:da:36:92:f0:
         45:85:56:e3:c6:df:81:ab:72:66:6d:05:6e:1c:6b:95:87:e4:
         45:ec:f4:bb:b9:f7:59:1e:c4:43:d7:8d:95:b7:ac:95:45:31:
         2c:2d:b6:aa:26:fd:5e:02:7f:0e:7a:5c:55:d6:83:d0:a0:21:
         01:20:dc:6e:bf:4b:24:be:09:05:71:f2:39:e8:4d:71:f6:0b:
         91:65:ff:da:1b:f3:47:72:dc:06:a8:49:5a:c4:c5:b5:55:dc:
         42:8b:b0:b0:fe:f4:51:81:88:61:fe:c5:2f:eb:1b:f3:c4:8c:
         4f:65:e4:a4:67:ab:9c:96:84:fd:0c:f5:b6:ce:7e:19:b2:54:
         0e:cf:0c:a9:8b:7f:c4:c8:f7:e6:c8:d6:a4:86:d6:d4:27:63:
         74:e7:48:32
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgB68f4+WynvVzNlCucLFpJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA5MTkxMDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzhlYzdhOWY1NjZkN2QzOWRiMmQwZjkxZDJlMDEwYjhmY2QyYTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgHdfkbNSaQR9kpTFzWTWXdQvizc+
h8IXeRzNt33zA1QD0YoR1Wzx1ZHx3vQF2uAluvU0xqjyKyjrhQlO7T8iwfF1xnXR
MMPDK8VYYyerBn02/lUONWxHWWR0t0dD4sSijrzKn7ALpFGJAIAYmQk5UdZ9wza1
teJmpFb8HFU4Y8VrauPoCkUCdL2jqu9RMHCT0kb+yNJ7LoY9nZg38XFbLse3bgbt
iU1qweP9Z6+4fC1OwZbvCI2EtUaAJjBmDqeCeb1kBFF4uQ+w+m7JUdE4ZJWk3Hd8
oNEQFrGXY5p8UtWyAuzByRQoW2HZhmC1r+MsbEHEyOFnzBDj1hYOMpPTjQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMeOx6n1ZtfTnbLQ+R0uAQuPzSqAMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEveDQ3SHFmVm0xOU9kc3RENUhTNEJDNF9OS29BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEh7ICV8xcZh1qlTsmuf
EHguVWWnyLvG3kZ3p8fazFZ4DIy8TRBbPWJd9uGLBZbfckREMXR40qCdggA6AVcc
UsdRWVsVYYzvhcO2SckVVG0jyGPBfdFJzxn5mDLASq8mCwycYuTSUJsn2jaS8EWF
VuPG34GrcmZtBW4ca5WH5EXs9Lu591kexEPXjZW3rJVFMSwttqom/V4Cfw56XFXW
g9CgIQEg3G6/SyS+CQVx8jnoTXH2C5Fl/9ob80dy3AaoSVrExbVV3EKLsLD+9FGB
iGH+xS/rG/PEjE9l5KRnq5yWhP0M9bbOfhmyVA7PDKmLf8TI9+bI1qSG1tQnY3Tn
SDI=
-----END CERTIFICATE-----