Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/y304HFhp5Xf2Pb9rKQhzZK8h8Dw.roa
File:                     y304HFhp5Xf2Pb9rKQhzZK8h8Dw.roa (raw, json)
Hash identifier:          I3N90lylXtOYhyHfr90Fe4jjpaasFBbUIuiIchboESo=
Subject key identifier:   CB:7D:38:1C:58:69:E5:77:F6:3D:BF:6B:29:08:73:64:AF:21:F0:3C
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018704BD4BD1B08F9991D3898084AAD40AE0
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/y304HFhp5Xf2Pb9rKQhzZK8h8Dw.roa
Signing time:             Tue 21 Mar 2023 15:15:27 +0000
ROA not before:           Tue 21 Mar 2023 15:15:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:04:bd:4b:d1:b0:8f:99:91:d3:89:80:84:aa:d4:0a:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 21 15:15:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cb7d381c5869e577f63dbf6b29087364af21f03c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:9a:c1:c6:83:c2:36:1c:6d:a9:65:00:7a:09:
                    1d:93:7a:dd:d9:e3:5d:6f:d3:40:52:a4:d2:39:0d:
                    a5:f0:e7:77:78:65:ec:32:6d:2e:8d:6b:18:92:f1:
                    5a:ef:37:3f:80:a3:5b:45:70:21:ac:c2:09:b8:2f:
                    3f:88:15:3e:19:61:ac:50:b3:07:48:32:f1:6e:8d:
                    4f:8f:66:59:9c:71:f0:cd:5b:5b:21:36:a7:a1:41:
                    2e:f9:d7:dd:67:74:47:d7:ef:a3:f8:7f:92:a2:25:
                    16:63:c1:41:50:6c:ae:60:39:36:22:40:03:24:a1:
                    ac:a6:0e:f6:b3:df:96:84:3c:06:e5:ae:95:4e:3e:
                    8b:f5:9a:15:db:b0:63:53:ce:00:09:22:e2:1d:1a:
                    7d:47:de:83:54:ff:66:60:33:d2:f6:7d:92:7a:60:
                    f0:69:1c:a5:16:0a:63:c0:a3:8f:3e:bd:bf:78:7f:
                    99:e8:6f:cf:e1:3e:2a:d2:82:2d:80:63:df:d8:51:
                    47:b7:c2:1e:99:5c:e2:a9:c0:54:c2:ca:01:40:74:
                    14:78:96:e8:0a:cb:e9:1a:18:87:52:83:b8:d8:b3:
                    0a:37:62:db:ec:c4:0a:5b:67:26:bb:7b:47:c0:98:
                    17:c8:d9:7d:c2:10:00:7e:9a:68:e1:60:48:94:b7:
                    4d:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:7D:38:1C:58:69:E5:77:F6:3D:BF:6B:29:08:73:64:AF:21:F0:3C
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/y304HFhp5Xf2Pb9rKQhzZK8h8Dw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:2d:90:eb:73:b2:8d:2a:62:bc:6c:33:a6:b2:d6:c8:93:d3:
         30:9b:6c:09:8d:cd:bf:b0:74:35:4d:f6:16:a5:49:40:10:85:
         03:bf:3e:28:54:4a:ba:70:c0:53:47:5d:d7:ae:4a:17:0a:56:
         b9:a8:a5:ee:fa:c0:7b:54:41:80:09:9f:ee:20:12:b2:8c:35:
         24:bf:b8:70:29:93:59:a1:a8:13:43:e7:d1:93:56:9c:9f:56:
         2e:e1:c7:54:37:6f:da:aa:6a:04:52:97:c2:7c:e0:7a:95:9f:
         77:29:3f:db:75:05:90:95:f8:b2:a0:5d:38:a1:97:de:d5:b1:
         25:30:e8:b9:92:f9:08:ba:9b:fd:05:a5:21:88:06:67:f5:dd:
         fe:92:46:28:16:2c:7c:dc:9b:7c:ca:03:8c:ab:e5:4b:c3:81:
         8a:1a:88:91:4d:a9:8b:8e:0f:0a:30:39:b4:cf:e5:0b:7a:a0:
         0e:b5:14:bb:cf:4d:f4:4a:42:f2:25:e7:8d:28:ed:fa:0e:45:
         fa:39:22:e5:03:6c:5e:10:c0:01:fa:c6:24:4c:5e:f7:79:6f:
         fc:b3:49:72:a9:bc:ce:33:ab:4f:1c:06:27:1b:82:32:62:13:
         b8:60:60:d9:1b:ff:b9:1c:fa:7a:47:b1:cf:b8:26:2b:6f:2e:
         7d:e8:fe:f9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcEvUvRsI+ZkdOJgISq1ArgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzIxMTUxNTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjdkMzgxYzU4NjllNTc3ZjYzZGJmNmIyOTA4NzM2NGFmMjFmMDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2prBxoPCNhxtqWUAegkdk3rd2eNd
b9NAUqTSOQ2l8Od3eGXsMm0ujWsYkvFa7zc/gKNbRXAhrMIJuC8/iBU+GWGsULMH
SDLxbo1Pj2ZZnHHwzVtbITanoUEu+dfdZ3RH1++j+H+SoiUWY8FBUGyuYDk2IkAD
JKGspg72s9+WhDwG5a6VTj6L9ZoV27BjU84ACSLiHRp9R96DVP9mYDPS9n2SemDw
aRylFgpjwKOPPr2/eH+Z6G/P4T4q0oItgGPf2FFHt8IemVziqcBUwsoBQHQUeJbo
CsvpGhiHUoO42LMKN2Lb7MQKW2cmu3tHwJgXyNl9whAAfppo4WBIlLdNqQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMt9OBxYaeV39j2/aykIc2SvIfA8MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEveTMwNEhGaHA1WGYyUGI5cktRaHpaSzhoOER3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACItkOtzso0qYrxsM6ay
1siT0zCbbAmNzb+wdDVN9halSUAQhQO/PihUSrpwwFNHXdeuShcKVrmope76wHtU
QYAJn+4gErKMNSS/uHApk1mhqBND59GTVpyfVi7hx1Q3b9qqagRSl8J84HqVn3cp
P9t1BZCV+LKgXTihl97VsSUw6LmS+Qi6m/0FpSGIBmf13f6SRigWLHzcm3zKA4yr
5UvDgYoaiJFNqYuODwowObTP5Qt6oA61FLvPTfRKQvIl540o7foORfo5IuUDbF4Q
wAH6xiRMXvd5b/yzSXKpvM4zq08cBicbgjJiE7hgYNkb/7kc+npHsc+4JitvLn3o
/vk=
-----END CERTIFICATE-----