Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xzEAdtxHudCZTUPUA87YO7irhG0.roa
File:                     xzEAdtxHudCZTUPUA87YO7irhG0.roa (raw, json)
Hash identifier:          L4uJgETWdeH4o4qDRuNPmnvLIcbZhJ8XE0A3tDx7YlE=
Subject key identifier:   C7:31:00:76:DC:47:B9:D0:99:4D:43:D4:03:CE:D8:3B:B8:AB:84:6D
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187982124D126A3095A410EAE88250C5970
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xzEAdtxHudCZTUPUA87YO7irhG0.roa
Signing time:             Wed 19 Apr 2023 06:08:41 +0000
ROA not before:           Wed 19 Apr 2023 06:08:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:98:21:24:d1:26:a3:09:5a:41:0e:ae:88:25:0c:59:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 19 06:08:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c7310076dc47b9d0994d43d403ced83bb8ab846d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:04:93:b6:9b:b1:7a:ac:cc:9a:b6:fe:62:1e:
                    ae:f3:b8:f2:2f:45:cd:43:97:56:70:fb:f4:1f:38:
                    ea:5b:37:df:a6:75:18:62:0a:42:96:1e:71:00:38:
                    20:33:cf:90:25:9c:e1:c2:89:8a:ed:00:65:0b:73:
                    41:4e:ec:46:8b:13:b5:d0:51:88:d1:08:f8:74:f4:
                    6d:ef:bc:c4:b8:51:fd:d1:5c:5d:17:93:76:ca:a8:
                    ba:6d:b8:57:cf:71:f3:7c:8c:f0:45:e0:e7:38:3c:
                    16:ed:69:08:b6:8a:e4:d6:1f:a2:8c:5e:5a:c7:e6:
                    17:79:40:01:99:8f:34:99:6b:66:1f:37:a0:51:6d:
                    57:68:9e:7b:6c:25:e4:5d:e4:d8:f9:6f:a7:5d:a5:
                    ab:cd:61:4b:3d:96:91:dc:9e:d7:43:d7:95:98:43:
                    c4:ae:cb:3f:25:37:b0:8f:9c:01:a3:64:f0:1f:75:
                    0d:88:70:09:82:57:e7:08:b9:5d:03:50:7f:9f:75:
                    cc:53:da:4b:31:7d:c9:8a:50:a3:5c:e7:d9:33:ff:
                    af:c5:9c:85:63:07:0f:17:c9:18:44:98:ef:cc:ec:
                    af:6c:fb:18:62:04:fb:8a:eb:5b:5f:8f:83:8a:b6:
                    2b:a5:13:75:f8:c4:0e:ec:d0:7c:9c:89:9d:b6:9c:
                    49:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:31:00:76:DC:47:B9:D0:99:4D:43:D4:03:CE:D8:3B:B8:AB:84:6D
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xzEAdtxHudCZTUPUA87YO7irhG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         b3:e4:27:c0:b3:24:b0:8d:5c:8f:30:d8:70:d4:01:19:3b:4c:
         25:f8:9f:b1:5f:f3:12:64:a1:3c:4b:47:95:af:90:d3:69:24:
         ad:3f:84:ab:66:87:be:27:a8:3d:3b:aa:84:40:e4:4f:2b:3f:
         c8:35:ed:e4:e1:f5:1f:76:45:b9:3a:bd:2f:0e:d6:e4:a0:30:
         b6:a2:41:e4:26:34:0c:40:c2:08:00:b4:df:0c:cb:21:dd:f8:
         79:eb:4b:33:2b:f1:95:a5:74:c5:37:e6:0f:f3:30:38:b3:d2:
         77:f8:dc:f8:1a:65:0e:86:f7:c7:ad:25:57:9a:37:21:80:ef:
         9c:77:68:44:8c:0e:b1:38:1a:84:10:ee:f4:cd:aa:7b:d3:b4:
         15:01:a0:c9:c1:64:42:9a:f7:23:03:93:9a:19:cc:fc:1a:4a:
         19:86:72:d9:21:56:ad:2d:67:ff:68:ae:81:7d:3d:a2:6c:9e:
         3f:e8:09:39:e6:33:91:89:eb:4d:c3:be:3a:d1:2f:b6:ca:f6:
         11:d4:a1:d8:89:ff:11:1e:a4:fa:83:37:ee:45:bc:5a:78:f1:
         e7:c2:e4:a6:4b:f6:1e:0b:19:48:6b:0a:eb:af:a0:0e:bf:26:
         3b:a0:e7:e1:2e:23:5c:0c:2f:2a:97:56:a8:5e:56:86:dc:df:
         e9:99:a2:75
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYeYISTRJqMJWkEOroglDFlwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDE5MDYwODQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzMxMDA3NmRjNDdiOWQwOTk0ZDQzZDQwM2NlZDgzYmI4YWI4NDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlQSTtpuxeqzMmrb+Yh6u87jyL0XN
Q5dWcPv0HzjqWzffpnUYYgpClh5xADggM8+QJZzhwomK7QBlC3NBTuxGixO10FGI
0Qj4dPRt77zEuFH90VxdF5N2yqi6bbhXz3HzfIzwReDnODwW7WkItork1h+ijF5a
x+YXeUABmY80mWtmHzegUW1XaJ57bCXkXeTY+W+nXaWrzWFLPZaR3J7XQ9eVmEPE
rss/JTewj5wBo2TwH3UNiHAJglfnCLldA1B/n3XMU9pLMX3JilCjXOfZM/+vxZyF
YwcPF8kYRJjvzOyvbPsYYgT7iutbX4+DirYrpRN1+MQO7NB8nImdtpxJ5wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMcxAHbcR7nQmU1D1APO2Du4q4RtMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEveHpFQWR0eEh1ZENaVFVQVUE4N1lPN2lyaEcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBALPkJ8CzJLCNXI8w2HDU
ARk7TCX4n7Ff8xJkoTxLR5WvkNNpJK0/hKtmh74nqD07qoRA5E8rP8g17eTh9R92
Rbk6vS8O1uSgMLaiQeQmNAxAwggAtN8MyyHd+HnrSzMr8ZWldMU35g/zMDiz0nf4
3PgaZQ6G98etJVeaNyGA75x3aESMDrE4GoQQ7vTNqnvTtBUBoMnBZEKa9yMDk5oZ
zPwaShmGctkhVq0tZ/9oroF9PaJsnj/oCTnmM5GJ603DvjrRL7bK9hHUodiJ/xEe
pPqDN+5FvFp48efC5KZL9h4LGUhrCuuvoA6/Jjug5+EuI1wMLyqXVqheVobc3+mZ
onU=
-----END CERTIFICATE-----