Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xG2u-KEc7rGDEgaTym9ze6WuD94.roa
File:                     xG2u-KEc7rGDEgaTym9ze6WuD94.roa (raw, json)
Hash identifier:          42d/PbUfl/l8BCBLsJFwQw7jr20SFy2mokBN0BPewtY=
Subject key identifier:   C4:6D:AE:F8:A1:1C:EE:B1:83:12:06:93:CA:6F:73:7B:A5:AE:0F:DE
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187C6B40E0B5FE075766ABB199419E513A2
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xG2u-KEc7rGDEgaTym9ze6WuD94.roa
Signing time:             Fri 28 Apr 2023 07:11:41 +0000
ROA not before:           Fri 28 Apr 2023 07:11:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:c6:b4:0e:0b:5f:e0:75:76:6a:bb:19:94:19:e5:13:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 28 07:11:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c46daef8a11ceeb183120693ca6f737ba5ae0fde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:94:c0:39:0f:b3:17:a6:51:9f:6e:86:63:18:
                    52:26:c3:92:46:36:e0:00:e5:06:d5:0a:d1:b7:2d:
                    f9:70:08:af:28:da:8a:e9:46:0e:6c:e2:98:b5:ff:
                    8e:9b:72:a0:50:d9:d0:55:99:dc:46:c2:3a:2f:ae:
                    b8:10:82:84:f5:ae:0a:47:8f:db:2f:0c:b2:fa:f8:
                    cf:ac:f1:bc:1e:7d:d0:92:fd:68:6a:bd:0f:3c:e1:
                    42:5c:36:68:dd:92:bf:eb:af:a7:c5:34:e6:91:96:
                    41:f7:33:c5:bf:86:ea:d0:f7:1b:be:23:87:f7:78:
                    e0:58:d2:3e:47:ad:7d:9a:3e:c4:c9:1b:4b:4c:e9:
                    b2:5e:6b:04:2d:86:4a:41:ea:f1:eb:f2:b4:59:63:
                    03:1d:ab:81:f2:00:8e:08:c7:a8:75:67:d2:a2:64:
                    47:97:5b:4c:9c:27:0c:e8:a0:cd:91:16:12:06:8a:
                    85:7d:85:31:ab:30:6f:a7:10:2c:31:8b:8b:38:ef:
                    75:67:01:cb:69:1c:35:23:35:e7:42:e7:9d:7c:7c:
                    8f:59:0f:93:32:63:3c:db:22:5b:84:45:56:cb:8f:
                    bf:79:8a:8a:fc:37:52:dc:78:45:5c:78:b2:91:5a:
                    69:5c:29:7a:fc:0f:8c:2e:c5:1e:21:ca:79:07:0a:
                    93:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:6D:AE:F8:A1:1C:EE:B1:83:12:06:93:CA:6F:73:7B:A5:AE:0F:DE
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xG2u-KEc7rGDEgaTym9ze6WuD94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         61:00:17:af:c9:ed:6e:d5:e7:38:ab:e6:2a:95:64:0e:a3:ca:
         65:2c:ae:0a:b6:48:e6:1f:35:f2:b0:d8:50:a7:df:f4:40:f4:
         64:0b:44:07:c6:32:f7:1b:e9:57:65:dc:67:91:25:c7:72:83:
         9d:1e:a8:0d:ca:50:6b:35:ad:35:72:37:91:82:58:e1:2c:72:
         dd:76:9a:0e:94:8a:fe:8b:81:f7:6c:46:40:cb:0e:98:6a:ec:
         ec:1c:d2:83:74:d8:d2:bc:ba:93:b7:b4:d9:a2:7a:eb:0d:e5:
         b0:b4:91:42:ac:51:1b:84:69:1d:03:aa:91:e2:52:ab:20:7e:
         b7:5f:4b:a1:0f:cd:a0:7f:bb:88:3a:e1:22:ee:ca:37:8e:6d:
         ff:75:08:0d:f7:67:9f:b6:fb:e4:95:7f:09:39:fc:b5:e2:f5:
         55:64:5e:93:9a:3d:94:ec:d5:c3:3f:f1:6a:4e:37:11:68:b9:
         65:c3:f8:39:ab:ba:3d:d9:ed:b9:ee:a8:26:4d:41:34:6e:2e:
         28:a6:ac:ad:b7:46:57:81:73:04:55:eb:90:a2:25:d1:7d:12:
         87:8c:a2:48:45:d2:2c:3e:9d:51:a8:2f:a1:66:c1:a4:f1:85:
         8d:d7:d4:49:55:23:a7:18:85:79:55:6a:94:ed:f0:17:d8:3a:
         2b:28:2d:45
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfGtA4LX+B1dmq7GZQZ5ROiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDI4MDcxMTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDZkYWVmOGExMWNlZWIxODMxMjA2OTNjYTZmNzM3YmE1YWUwZmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg5TAOQ+zF6ZRn26GYxhSJsOSRjbg
AOUG1QrRty35cAivKNqK6UYObOKYtf+Om3KgUNnQVZncRsI6L664EIKE9a4KR4/b
Lwyy+vjPrPG8Hn3Qkv1oar0PPOFCXDZo3ZK/66+nxTTmkZZB9zPFv4bq0PcbviOH
93jgWNI+R619mj7EyRtLTOmyXmsELYZKQerx6/K0WWMDHauB8gCOCMeodWfSomRH
l1tMnCcM6KDNkRYSBoqFfYUxqzBvpxAsMYuLOO91ZwHLaRw1IzXnQuedfHyPWQ+T
MmM82yJbhEVWy4+/eYqK/DdS3HhFXHiykVppXCl6/A+MLsUeIcp5BwqTFwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMRtrvihHO6xgxIGk8pvc3ulrg/eMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEveEcydS1LRWM3ckdERWdhVHltOXplNld1RDk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGEAF6/J7W7V5zir5iqV
ZA6jymUsrgq2SOYfNfKw2FCn3/RA9GQLRAfGMvcb6Vdl3GeRJcdyg50eqA3KUGs1
rTVyN5GCWOEsct12mg6Uiv6LgfdsRkDLDphq7Owc0oN02NK8upO3tNmieusN5bC0
kUKsURuEaR0DqpHiUqsgfrdfS6EPzaB/u4g64SLuyjeObf91CA33Z5+2++SVfwk5
/LXi9VVkXpOaPZTs1cM/8WpONxFouWXD+Dmruj3Z7bnuqCZNQTRuLiimrK23RleB
cwRV65CiJdF9EoeMokhF0iw+nVGoL6FmwaTxhY3X1ElVI6cYhXlVapTt8BfYOiso
LUU=
-----END CERTIFICATE-----