Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/x5w8vb2O_EOVr5xUsGgUsPQ-Rq4.roa
File:                     x5w8vb2O_EOVr5xUsGgUsPQ-Rq4.roa (raw, json)
Hash identifier:          kWb2dI/P+M+94KubGloNoknVi57h1xd0Q3vfd6iX9KY=
Subject key identifier:   C7:9C:3C:BD:BD:8E:FC:43:95:AF:9C:54:B0:68:14:B0:F4:3E:46:AE
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01877A49FB85921189331081302F17092AE1
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/x5w8vb2O_EOVr5xUsGgUsPQ-Rq4.roa
Signing time:             Thu 13 Apr 2023 11:04:41 +0000
ROA not before:           Thu 13 Apr 2023 11:04:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:7a49:a618/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:7a:49:fb:85:92:11:89:33:10:81:30:2f:17:09:2a:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 13 11:04:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c79c3cbdbd8efc4395af9c54b06814b0f43e46ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:12:1c:44:af:8e:41:c5:5f:46:36:f1:bb:de:
                    06:ca:82:9d:33:fe:69:9d:42:65:bf:2f:db:92:51:
                    47:f7:dd:64:28:c9:62:cc:21:34:a0:d5:4c:c3:08:
                    3b:08:25:41:27:9f:16:53:e5:2d:84:6b:83:1a:b1:
                    e3:fd:a8:73:d2:bb:be:55:99:f4:64:8c:32:91:c8:
                    67:87:c2:be:2f:28:5f:18:24:73:ab:da:d9:ef:8d:
                    a5:59:6f:80:fe:90:64:23:f8:4e:eb:fd:3e:e0:b3:
                    1e:1f:af:a8:89:80:2b:a4:da:80:d8:39:61:30:1f:
                    63:be:2c:bf:d8:53:c1:b3:0e:45:5d:dc:38:80:28:
                    ae:f5:e2:a4:d2:6c:2e:db:2e:ce:a4:61:7b:fb:f0:
                    c4:d0:54:95:2b:46:65:33:25:3a:aa:c7:3c:20:e6:
                    b8:a8:ab:83:9a:9f:5a:b6:ef:0f:20:11:e6:09:43:
                    7b:a2:5e:d6:50:c0:1b:3b:61:b6:bc:f1:7f:72:1f:
                    f1:4e:a8:a4:e1:07:1a:54:c8:0d:35:a1:40:11:07:
                    af:49:3f:04:84:34:42:a4:e3:52:20:4f:3f:0d:df:
                    bc:8a:43:d8:1e:9b:11:1e:65:16:7f:96:04:7c:05:
                    46:2c:35:9f:8a:f2:92:ea:67:f1:b5:ff:56:dc:77:
                    75:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:9C:3C:BD:BD:8E:FC:43:95:AF:9C:54:B0:68:14:B0:F4:3E:46:AE
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/x5w8vb2O_EOVr5xUsGgUsPQ-Rq4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         aa:a4:0c:6f:3b:b7:0d:47:99:a8:d8:36:3f:91:a4:1c:0c:f3:
         0a:17:3e:90:7c:e1:f1:fe:0f:9a:fa:3b:ce:62:ef:06:43:0c:
         97:e7:80:5b:50:14:d4:33:97:2e:77:61:17:f5:d5:87:dd:2f:
         77:32:ec:fc:cf:a5:66:a0:2d:87:36:3c:e0:39:70:a7:a8:3d:
         2f:19:66:dc:33:fb:10:e8:81:cd:19:71:a9:37:b9:ce:47:6e:
         b3:63:45:6b:5a:97:b2:bb:8b:4a:c7:b0:f2:26:62:ca:32:00:
         66:5d:70:ea:0c:fe:6c:3a:d6:de:89:45:f9:a1:16:38:6c:47:
         2a:b5:fe:12:14:ac:92:40:b9:0c:00:54:1f:bf:49:ca:3a:3c:
         7c:c3:91:bb:cd:8e:70:de:a1:fb:b4:b3:7a:3e:3b:f6:34:8b:
         18:fa:28:fc:cc:60:2a:da:6f:0b:a1:6a:bb:93:8d:3b:32:4e:
         67:5b:35:dc:31:1c:88:f6:cd:fe:49:ac:67:55:bb:ad:75:51:
         c4:c0:eb:27:40:09:c1:c6:53:38:27:bb:ef:c9:42:fd:db:fd:
         5a:19:b5:34:36:55:78:df:7c:b8:d3:6b:e9:95:86:ee:f1:fd:
         ac:0d:49:63:2d:d7:43:73:e9:79:cd:01:b5:9a:99:66:dd:bf:
         f6:75:29:9c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYd6SfuFkhGJMxCBMC8XCSrhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDEzMTEwNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzljM2NiZGJkOGVmYzQzOTVhZjljNTRiMDY4MTRiMGY0M2U0NmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAghIcRK+OQcVfRjbxu94GyoKdM/5p
nUJlvy/bklFH991kKMlizCE0oNVMwwg7CCVBJ58WU+UthGuDGrHj/ahz0ru+VZn0
ZIwykchnh8K+LyhfGCRzq9rZ742lWW+A/pBkI/hO6/0+4LMeH6+oiYArpNqA2Dlh
MB9jviy/2FPBsw5FXdw4gCiu9eKk0mwu2y7OpGF7+/DE0FSVK0ZlMyU6qsc8IOa4
qKuDmp9atu8PIBHmCUN7ol7WUMAbO2G2vPF/ch/xTqik4QcaVMgNNaFAEQevST8E
hDRCpONSIE8/Dd+8ikPYHpsRHmUWf5YEfAVGLDWfivKS6mfxtf9W3Hd1zwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMecPL29jvxDla+cVLBoFLD0PkauMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEveDV3OHZiMk9fRU9WcjV4VXNHZ1VzUFEtUnE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKqkDG87tw1HmajYNj+R
pBwM8woXPpB84fH+D5r6O85i7wZDDJfngFtQFNQzly53YRf11YfdL3cy7PzPpWag
LYc2POA5cKeoPS8ZZtwz+xDogc0Zcak3uc5HbrNjRWtal7K7i0rHsPImYsoyAGZd
cOoM/mw61t6JRfmhFjhsRyq1/hIUrJJAuQwAVB+/Sco6PHzDkbvNjnDeofu0s3o+
O/Y0ixj6KPzMYCrabwuharuTjTsyTmdbNdwxHIj2zf5JrGdVu611UcTA6ydACcHG
Uzgnu+/JQv3b/VoZtTQ2VXjffLjTa+mVhu7x/awNSWMt10Nz6XnNAbWamWbdv/Z1
KZw=
-----END CERTIFICATE-----