Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xtVt-aRIr9_iWDTok5vyYxr0f5o.roa
File:                     xtVt-aRIr9_iWDTok5vyYxr0f5o.roa (raw, json)
Hash identifier:          Payoxw8Qjlj3sogC/GOZOknhcaStfMDgL07Xfcc2jMY=
Subject key identifier:   C6:D5:6D:F9:A4:48:AF:DF:E2:58:34:E8:93:9B:F2:63:1A:F4:7F:9A
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187427FF438D3AF1BCC076FB02557534320
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xtVt-aRIr9_iWDTok5vyYxr0f5o.roa
Signing time:             Sun 02 Apr 2023 15:04:54 +0000
ROA not before:           Sun 02 Apr 2023 15:04:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:427f:89d2/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:42:7f:f4:38:d3:af:1b:cc:07:6f:b0:25:57:53:43:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  2 15:04:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c6d56df9a448afdfe25834e8939bf2631af47f9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:bf:25:6a:3a:8d:e5:e5:8c:c5:5a:de:43:b0:
                    bb:37:08:0b:d6:c3:45:39:2f:2d:1d:89:e3:e0:a4:
                    48:cf:02:4c:8f:bb:4b:49:39:33:b1:a3:56:bf:83:
                    21:e1:65:df:0f:b5:e5:90:53:1e:f3:b4:ba:a5:6f:
                    6b:d4:ec:c3:03:da:2b:05:d3:a4:ae:2e:38:8c:21:
                    8a:37:54:e9:b1:89:e3:1b:98:84:e7:25:aa:db:7a:
                    e0:48:84:02:82:61:83:76:63:8f:0d:11:a1:e6:38:
                    e1:df:fa:3d:00:7d:1f:f7:3e:b0:09:1d:83:bd:49:
                    fc:25:2d:52:ee:4a:74:37:1a:7f:de:a8:25:e0:df:
                    29:a8:53:db:05:26:c8:9c:de:4a:86:f8:49:d1:70:
                    9d:8e:ec:28:28:29:39:33:1d:cc:03:29:10:e0:97:
                    21:1b:74:98:49:4e:6b:d5:90:e4:ca:92:7c:69:8b:
                    e4:32:44:41:67:9f:44:0b:5b:7d:53:ac:9b:67:00:
                    89:22:b4:86:8d:90:f8:08:0f:07:9a:1d:33:0b:e9:
                    35:47:de:7c:ed:a1:c0:62:a9:e9:a3:de:32:a9:e1:
                    be:9f:d3:c3:6b:1f:dc:be:2b:aa:e6:13:c8:7e:d8:
                    d1:b5:7b:e5:b2:36:8b:57:59:d9:56:02:0a:c0:1d:
                    52:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:D5:6D:F9:A4:48:AF:DF:E2:58:34:E8:93:9B:F2:63:1A:F4:7F:9A
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xtVt-aRIr9_iWDTok5vyYxr0f5o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:27:11:3a:93:78:5a:a4:01:77:53:4a:be:7d:e7:a4:e1:6c:
         bb:37:a2:95:a7:49:de:1c:29:fb:0e:82:dd:76:57:be:79:82:
         8a:ba:ce:f1:0c:a9:02:46:4b:38:10:c7:5d:94:73:6c:ec:ee:
         68:c9:f4:a9:2d:93:9c:2d:3e:21:22:6b:7a:80:a3:96:d1:d2:
         d9:9c:fa:14:0b:e7:62:5f:31:c5:49:f4:ac:27:31:f4:b5:98:
         4a:4d:06:77:6f:fb:e5:2c:fa:85:82:fe:54:01:93:97:4f:79:
         ee:58:d8:af:09:be:2c:71:12:cb:e3:fc:d0:5e:6e:b0:51:be:
         9e:5b:f7:df:ac:c0:08:2b:23:c7:45:cf:f0:fc:8d:69:4f:a5:
         9e:73:c2:30:bd:5a:ae:43:e8:79:9e:57:23:21:18:41:67:99:
         61:26:1e:c5:10:8a:fc:af:e1:f8:85:78:71:28:51:3e:14:59:
         ae:26:b4:65:7d:35:07:e1:ae:c4:ac:6b:78:24:f8:d4:27:e9:
         6a:8a:8d:b5:26:d0:bb:3d:9e:25:ec:ef:7e:df:d9:60:d7:ee:
         9b:7e:70:52:c1:e5:38:20:12:f9:cb:ab:89:f1:93:7e:c2:a5:
         52:60:f0:04:4d:c9:3f:52:bd:a6:e2:f7:51:04:bb:44:49:b6:
         81:ee:08:e6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdCf/Q4068bzAdvsCVXU0MgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDAyMTUwNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmQ1NmRmOWE0NDhhZmRmZTI1ODM0ZTg5MzliZjI2MzFhZjQ3ZjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkL8lajqN5eWMxVreQ7C7NwgL1sNF
OS8tHYnj4KRIzwJMj7tLSTkzsaNWv4Mh4WXfD7XlkFMe87S6pW9r1OzDA9orBdOk
ri44jCGKN1TpsYnjG5iE5yWq23rgSIQCgmGDdmOPDRGh5jjh3/o9AH0f9z6wCR2D
vUn8JS1S7kp0Nxp/3qgl4N8pqFPbBSbInN5KhvhJ0XCdjuwoKCk5Mx3MAykQ4Jch
G3SYSU5r1ZDkypJ8aYvkMkRBZ59EC1t9U6ybZwCJIrSGjZD4CA8Hmh0zC+k1R958
7aHAYqnpo94yqeG+n9PDax/cviuq5hPIftjRtXvlsjaLV1nZVgIKwB1ShQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMbVbfmkSK/f4lg06JOb8mMa9H+aMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEveHRWdC1hUklyOV9pV0RUb2s1dnlZeHIwZjVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHsnETqTeFqkAXdTSr59
56ThbLs3opWnSd4cKfsOgt12V755goq6zvEMqQJGSzgQx12Uc2zs7mjJ9Kktk5wt
PiEia3qAo5bR0tmc+hQL52JfMcVJ9KwnMfS1mEpNBndv++Us+oWC/lQBk5dPee5Y
2K8JvixxEsvj/NBebrBRvp5b99+swAgrI8dFz/D8jWlPpZ5zwjC9Wq5D6HmeVyMh
GEFnmWEmHsUQivyv4fiFeHEoUT4UWa4mtGV9NQfhrsSsa3gk+NQn6WqKjbUm0Ls9
niXs737f2WDX7pt+cFLB5TggEvnLq4nxk37CpVJg8ARNyT9Svabi91EEu0RJtoHu
COY=
-----END CERTIFICATE-----