Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/y1sxtPJbPcyHSsWOZjYNgn89wQs.roa
File:                     y1sxtPJbPcyHSsWOZjYNgn89wQs.roa (raw, json)
Hash identifier:          pShc4dR0Wg6TjUNQzP0v6ckWlzgKVS/ytgxzss3wEXo=
Subject key identifier:   CB:5B:31:B4:F2:5B:3D:CC:87:4A:C5:8E:66:36:0D:82:7F:3D:C1:0B
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187C8A9C31A9F65F3CB1BF6A098CAA762C0
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/y1sxtPJbPcyHSsWOZjYNgn89wQs.roa
Signing time:             Fri 28 Apr 2023 16:19:41 +0000
ROA not before:           Fri 28 Apr 2023 16:19:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:c8:a9:c3:1a:9f:65:f3:cb:1b:f6:a0:98:ca:a7:62:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 28 16:19:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cb5b31b4f25b3dcc874ac58e66360d827f3dc10b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:2f:7b:48:a8:88:e4:98:ad:ed:33:cb:bf:a3:
                    ce:9d:d4:ac:29:2d:fd:7a:2a:01:2a:fc:62:07:fb:
                    3e:30:bd:80:0f:dd:aa:6e:91:1d:2a:77:08:16:1c:
                    66:cb:64:6b:ec:be:91:a0:5d:21:14:ad:77:12:fd:
                    23:28:87:76:0b:d8:1f:ba:bd:2a:11:41:fc:fa:48:
                    5b:70:5b:e2:8e:f1:e9:7d:b8:8f:ab:03:2e:e2:10:
                    1c:ea:57:a7:c3:49:72:db:ed:13:f2:9c:99:5e:ea:
                    ee:73:86:6a:9e:e6:f1:bc:ce:c3:37:40:42:2a:41:
                    96:fd:21:63:20:81:80:a1:24:b2:f6:1c:5e:36:d9:
                    07:6f:71:a5:5b:0b:0f:b5:03:7d:55:a5:c6:56:e5:
                    b8:ea:ad:1d:16:cf:a8:f5:82:96:67:05:d2:77:c7:
                    ae:40:dc:e1:23:68:8c:be:5d:44:2b:be:6e:12:fc:
                    c2:f5:ee:52:ed:b5:45:bb:ca:f3:db:8c:4c:3c:42:
                    a3:4b:da:6c:17:11:48:d7:d4:83:f3:e7:0c:81:e8:
                    06:2b:61:f4:47:ed:1b:ce:c9:be:34:d7:02:77:15:
                    b1:a3:ad:41:18:b6:af:07:16:36:0b:95:e0:6d:96:
                    41:21:47:d6:22:14:b7:db:2f:16:24:f6:62:e3:8e:
                    c3:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:5B:31:B4:F2:5B:3D:CC:87:4A:C5:8E:66:36:0D:82:7F:3D:C1:0B
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/y1sxtPJbPcyHSsWOZjYNgn89wQs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:6a:7f:94:a2:2b:1d:3b:c9:ff:7e:56:43:99:0e:53:4f:11:
         9b:1c:b5:4d:f8:c9:38:9e:49:4a:0b:14:16:e2:be:df:fe:26:
         ba:d5:2b:b5:dc:27:e8:03:a2:cc:4b:84:0a:45:59:93:e1:aa:
         4d:ac:ca:aa:d6:e5:4a:dc:bc:da:02:40:d5:98:16:36:41:af:
         4e:7c:90:5b:56:56:82:78:3a:09:e9:3d:73:66:d2:eb:d0:9f:
         ec:cc:26:4f:c9:9d:95:56:b0:45:31:01:88:0a:24:f1:ac:db:
         0b:ed:40:27:a7:f2:74:39:8a:c6:a1:46:f2:b1:4b:37:ee:26:
         ec:e5:0f:23:6b:8e:f7:54:43:a9:ee:90:7f:0a:9d:26:fa:7c:
         68:bb:bf:94:35:d8:f2:2b:12:bf:38:33:bd:9c:c4:98:a8:e2:
         95:19:7f:fd:34:94:12:50:81:ae:03:be:19:40:11:f8:b3:bc:
         ff:c9:30:35:ca:90:e1:66:92:e4:2f:24:93:71:71:54:59:c2:
         d0:c1:d4:63:d9:95:2e:fd:20:21:18:98:e1:93:88:10:f2:02:
         72:7e:b6:89:7e:a3:3a:0a:9a:cd:3d:5d:e4:e4:1d:d7:6f:da:
         91:a3:cb:9c:77:e7:6a:dd:1f:6a:45:dd:7f:9b:0d:31:8c:db:
         ae:33:30:de
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfIqcMan2Xzyxv2oJjKp2LAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDI4MTYxOTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjViMzFiNGYyNWIzZGNjODc0YWM1OGU2NjM2MGQ4MjdmM2RjMTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiC97SKiI5Jit7TPLv6POndSsKS39
eioBKvxiB/s+ML2AD92qbpEdKncIFhxmy2Rr7L6RoF0hFK13Ev0jKId2C9gfur0q
EUH8+khbcFvijvHpfbiPqwMu4hAc6lenw0ly2+0T8pyZXuruc4ZqnubxvM7DN0BC
KkGW/SFjIIGAoSSy9hxeNtkHb3GlWwsPtQN9VaXGVuW46q0dFs+o9YKWZwXSd8eu
QNzhI2iMvl1EK75uEvzC9e5S7bVFu8rz24xMPEKjS9psFxFI19SD8+cMgegGK2H0
R+0bzsm+NNcCdxWxo61BGLavBxY2C5XgbZZBIUfWIhS32y8WJPZi447DPwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMtbMbTyWz3Mh0rFjmY2DYJ/PcELMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEveTFzeHRQSmJQY3lIU3NXT1pqWU5nbjg5d1FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGBqf5SiKx07yf9+VkOZ
DlNPEZsctU34yTieSUoLFBbivt/+JrrVK7XcJ+gDosxLhApFWZPhqk2syqrW5Urc
vNoCQNWYFjZBr058kFtWVoJ4OgnpPXNm0uvQn+zMJk/JnZVWsEUxAYgKJPGs2wvt
QCen8nQ5isahRvKxSzfuJuzlDyNrjvdUQ6nukH8KnSb6fGi7v5Q12PIrEr84M72c
xJio4pUZf/00lBJQga4DvhlAEfizvP/JMDXKkOFmkuQvJJNxcVRZwtDB1GPZlS79
ICEYmOGTiBDyAnJ+tol+ozoKms09XeTkHddv2pGjy5x352rdH2pF3X+bDTGM264z
MN4=
-----END CERTIFICATE-----