Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xfOk1MQgSVnNKtZWmsJ0McpRcfE.roa
File:                     xfOk1MQgSVnNKtZWmsJ0McpRcfE.roa (raw, json)
Hash identifier:          Nnoas7FCox6IYtzYP3mH+2crmBkWzlm/b6fQX/oKWkQ=
Subject key identifier:   C5:F3:A4:D4:C4:20:49:59:CD:2A:D6:56:9A:C2:74:31:CA:51:71:F1
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186F76577229BF1F33E24A105BABCE55051
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xfOk1MQgSVnNKtZWmsJ0McpRcfE.roa
Signing time:             Sun 19 Mar 2023 01:04:27 +0000
ROA not before:           Sun 19 Mar 2023 01:04:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:f765:651c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:f7:65:77:22:9b:f1:f3:3e:24:a1:05:ba:bc:e5:50:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 19 01:04:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c5f3a4d4c4204959cd2ad6569ac27431ca5171f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:23:b8:a1:93:af:19:f5:97:d3:2a:34:e6:11:
                    72:0c:98:c2:21:8c:76:4e:48:9e:d8:30:28:d7:ab:
                    a7:6f:f2:c7:bb:01:78:f0:f7:77:bd:d1:b6:c3:42:
                    4f:54:54:f2:ed:82:53:7d:af:7a:11:bc:aa:b1:8e:
                    18:ab:4c:ed:81:45:30:e2:60:b2:87:c7:54:7c:34:
                    7f:9a:c3:40:53:22:08:f0:02:4e:46:d2:a4:3b:ec:
                    34:53:10:f2:7a:84:76:b0:53:5d:17:44:34:4b:b1:
                    65:38:ab:75:1d:0c:f7:86:87:62:06:77:42:60:49:
                    aa:7e:3a:96:b6:3f:64:df:31:74:d6:c5:40:d2:5f:
                    56:f8:e8:25:28:15:68:75:ef:b3:19:61:ed:74:e4:
                    ea:c4:5f:ae:a8:9e:28:cc:b5:a2:82:77:08:33:bd:
                    b7:1e:50:f6:2d:1c:bf:20:c4:5f:6d:2c:51:5e:84:
                    18:5b:08:69:98:da:5a:86:ef:63:ed:e1:69:dc:13:
                    14:f2:ff:e6:28:48:3c:a9:df:68:6c:17:fc:3f:c8:
                    22:5b:3b:86:8d:cf:89:11:7c:31:cc:01:69:ba:15:
                    ee:d1:b0:b0:63:5b:72:bf:39:3c:e8:87:a0:73:86:
                    ce:f5:bc:fa:78:e3:c3:f0:13:6b:5b:8e:17:4e:4d:
                    08:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:F3:A4:D4:C4:20:49:59:CD:2A:D6:56:9A:C2:74:31:CA:51:71:F1
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xfOk1MQgSVnNKtZWmsJ0McpRcfE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:fe:af:54:56:b1:ae:2c:a2:25:91:52:f0:62:62:0a:36:b6:
         2e:3b:5c:7e:04:88:8f:20:86:15:a6:e4:d2:e1:37:ea:2f:69:
         9e:21:3d:9d:29:ea:98:e5:5a:a6:85:0e:e7:a4:f1:9e:c5:1e:
         b2:49:73:98:ad:49:50:b4:07:bd:de:4b:7a:66:9a:08:d2:36:
         7f:cc:53:de:23:49:46:66:7f:cf:5c:ae:13:43:71:a5:86:a3:
         22:16:6c:74:7c:ef:e9:4a:0c:e9:c3:c8:3c:f3:a2:47:a5:d7:
         4c:85:c4:2d:78:64:bd:ce:64:fd:1a:0f:16:94:82:bf:d8:2f:
         1f:ad:ce:5e:d2:c2:84:7f:6c:bc:d2:52:8a:3f:d2:bf:11:ab:
         c3:f6:7a:ca:84:4c:6c:ca:3e:22:62:bf:dd:4b:4e:83:fc:b4:
         a7:2a:df:10:08:0e:a7:1a:1d:10:39:8d:52:96:3e:fb:ec:9e:
         cb:06:12:67:d7:17:a6:a5:cd:85:00:02:4b:1f:86:b0:35:68:
         99:fa:7d:33:44:40:ed:8b:24:5a:bd:1d:6f:6c:ea:29:30:b7:
         6a:11:6a:9b:c9:92:37:9b:7a:0a:ae:f9:95:78:a7:9f:ed:e1:
         14:ac:a5:8b:f2:4a:cd:1b:b6:1a:9b:11:6d:3a:16:1e:d0:0d:
         6f:18:eb:4e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYb3ZXcim/HzPiShBbq85VBRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzE5MDEwNDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWYzYTRkNGM0MjA0OTU5Y2QyYWQ2NTY5YWMyNzQzMWNhNTE3MWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsiO4oZOvGfWX0yo05hFyDJjCIYx2
Tkie2DAo16unb/LHuwF48Pd3vdG2w0JPVFTy7YJTfa96EbyqsY4Yq0ztgUUw4mCy
h8dUfDR/msNAUyII8AJORtKkO+w0UxDyeoR2sFNdF0Q0S7FlOKt1HQz3hodiBndC
YEmqfjqWtj9k3zF01sVA0l9W+OglKBVode+zGWHtdOTqxF+uqJ4ozLWigncIM723
HlD2LRy/IMRfbSxRXoQYWwhpmNpahu9j7eFp3BMU8v/mKEg8qd9obBf8P8giWzuG
jc+JEXwxzAFpuhXu0bCwY1tyvzk86Iegc4bO9bz6eOPD8BNrW44XTk0IrQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMXzpNTEIElZzSrWVprCdDHKUXHxMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEveGZPazFNUWdTVm5OS3RaV21zSjBNY3BSY2ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAI3+r1RWsa4soiWRUvBi
Ygo2ti47XH4EiI8ghhWm5NLhN+ovaZ4hPZ0p6pjlWqaFDuek8Z7FHrJJc5itSVC0
B73eS3pmmgjSNn/MU94jSUZmf89crhNDcaWGoyIWbHR87+lKDOnDyDzzokel10yF
xC14ZL3OZP0aDxaUgr/YLx+tzl7SwoR/bLzSUoo/0r8Rq8P2esqETGzKPiJiv91L
ToP8tKcq3xAIDqcaHRA5jVKWPvvsnssGEmfXF6alzYUAAksfhrA1aJn6fTNEQO2L
JFq9HW9s6ikwt2oRapvJkjebegqu+ZV4p5/t4RSspYvySs0bthqbEW06Fh7QDW8Y
604=
-----END CERTIFICATE-----