Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xQfIdwRM4jw4RnTFzOQ2uQR-vQ0.roa
File:                     xQfIdwRM4jw4RnTFzOQ2uQR-vQ0.roa (raw, json)
Hash identifier:          mfhxymPjcbisFgaOMtIXzEfKUfekqMNQb7+xRbBRNzo=
Subject key identifier:   C5:07:C8:77:04:4C:E2:3C:38:46:74:C5:CC:E4:36:B9:04:7E:BD:0D
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187AE37705EE25148443C1CD7C49D85E1F1
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xQfIdwRM4jw4RnTFzOQ2uQR-vQ0.roa
Signing time:             Sun 23 Apr 2023 13:04:41 +0000
ROA not before:           Sun 23 Apr 2023 13:04:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:187:ae37:2c8/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:ae:37:70:5e:e2:51:48:44:3c:1c:d7:c4:9d:85:e1:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 23 13:04:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c507c877044ce23c384674c5cce436b9047ebd0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:4b:c4:50:ea:b7:9b:89:5b:86:f6:dc:c5:0c:
                    98:c6:38:79:1a:81:3a:fe:99:cc:3e:e2:43:3a:9f:
                    b8:88:0f:a1:53:b2:e0:24:40:fd:ae:6d:e9:5f:73:
                    62:b7:16:bf:c8:ef:55:b8:96:cb:05:87:4a:f8:05:
                    5d:63:47:75:5a:b7:3a:e5:e0:94:04:67:b4:d6:9f:
                    5e:91:c1:64:20:b3:dd:28:bd:8b:d3:ea:7e:48:ab:
                    76:ff:b3:bb:89:63:b7:cd:f8:53:40:15:6f:d9:ca:
                    47:50:97:8f:db:10:06:62:05:fa:a3:d5:98:90:a7:
                    21:7e:bf:4f:76:be:37:65:89:50:40:51:7b:6e:79:
                    61:b4:10:e8:77:81:f0:93:f5:1e:1c:3e:32:1f:df:
                    38:5f:b0:09:49:d0:f8:ff:82:f1:e3:2c:33:8d:30:
                    98:b4:88:c0:40:40:56:fb:08:21:20:f9:ba:93:2e:
                    fe:53:35:b8:af:66:e9:41:c6:b9:dc:3e:28:6e:94:
                    19:56:0a:07:a3:87:77:9a:9a:de:c3:3d:65:54:90:
                    fb:c7:1d:89:85:bf:a5:fd:08:ee:d8:2e:4c:01:be:
                    9a:f6:10:aa:fd:df:91:6a:fb:4e:26:1b:ae:d6:51:
                    e1:ce:e0:6c:ea:12:68:9d:73:ed:38:58:27:25:d9:
                    5e:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:07:C8:77:04:4C:E2:3C:38:46:74:C5:CC:E4:36:B9:04:7E:BD:0D
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xQfIdwRM4jw4RnTFzOQ2uQR-vQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         33:ff:e2:2d:7a:bc:00:fb:56:95:1e:65:76:d3:4b:9a:8b:02:
         25:bc:2e:1a:ba:f9:c4:4e:62:91:34:3b:7c:f0:24:54:0c:29:
         ef:86:1e:d4:19:dc:14:c5:8c:a5:94:de:fd:1c:9d:b5:e2:0a:
         b6:7e:75:d3:d3:f7:8c:e8:3b:38:da:ad:1b:81:2d:5e:01:7c:
         0e:2e:f3:63:cf:48:61:aa:b1:dc:8b:cf:41:74:3c:a7:27:ba:
         06:8e:23:00:ac:68:ec:a9:3b:92:a4:b9:8c:ae:7d:56:0b:68:
         21:57:e3:2a:2c:6c:e1:04:04:8b:27:87:69:3f:11:7f:3c:2e:
         26:54:57:3d:ee:65:6d:cd:44:b0:6c:30:4f:bb:68:ff:e3:33:
         9b:94:b0:74:4a:b8:c3:40:23:81:7f:7f:c1:d8:38:d3:54:ac:
         de:59:4a:c5:6f:90:d3:ee:11:e1:b8:83:c7:8c:9b:0b:35:91:
         14:eb:df:eb:b3:c0:db:c9:ce:b4:9d:07:82:5d:ec:65:4a:ce:
         0a:0a:c9:77:49:07:26:40:70:99:57:c4:17:1e:04:29:8e:cb:
         d2:c9:a5:df:dd:bc:a8:44:87:ee:ad:3d:c9:52:23:01:bd:1c:
         bc:7d:56:8d:9f:7a:63:d2:25:db:91:d2:8d:f2:d6:8d:f4:39:
         49:71:bb:ca
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYeuN3Be4lFIRDwc18SdheHxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDIzMTMwNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTA3Yzg3NzA0NGNlMjNjMzg0Njc0YzVjY2U0MzZiOTA0N2ViZDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUvEUOq3m4lbhvbcxQyYxjh5GoE6
/pnMPuJDOp+4iA+hU7LgJED9rm3pX3Nitxa/yO9VuJbLBYdK+AVdY0d1Wrc65eCU
BGe01p9ekcFkILPdKL2L0+p+SKt2/7O7iWO3zfhTQBVv2cpHUJeP2xAGYgX6o9WY
kKchfr9Pdr43ZYlQQFF7bnlhtBDod4Hwk/UeHD4yH984X7AJSdD4/4Lx4ywzjTCY
tIjAQEBW+wghIPm6ky7+UzW4r2bpQca53D4obpQZVgoHo4d3mprewz1lVJD7xx2J
hb+l/Qju2C5MAb6a9hCq/d+RavtOJhuu1lHhzuBs6hJonXPtOFgnJdlejwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMUHyHcETOI8OEZ0xczkNrkEfr0NMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEveFFmSWR3Uk00anc0Um5URnpPUTJ1UVItdlEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADP/4i16vAD7VpUeZXbT
S5qLAiW8Lhq6+cROYpE0O3zwJFQMKe+GHtQZ3BTFjKWU3v0cnbXiCrZ+ddPT94zo
OzjarRuBLV4BfA4u82PPSGGqsdyLz0F0PKcnugaOIwCsaOypO5KkuYyufVYLaCFX
4yosbOEEBIsnh2k/EX88LiZUVz3uZW3NRLBsME+7aP/jM5uUsHRKuMNAI4F/f8HY
ONNUrN5ZSsVvkNPuEeG4g8eMmws1kRTr3+uzwNvJzrSdB4Jd7GVKzgoKyXdJByZA
cJlXxBceBCmOy9LJpd/dvKhEh+6tPclSIwG9HLx9Vo2femPSJduR0o3y1o30OUlx
u8o=
-----END CERTIFICATE-----