Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/yGuWJZWJ0HRvTJXWq_wETjpcJ80.roa
File:                     yGuWJZWJ0HRvTJXWq_wETjpcJ80.roa (raw, json)
Hash identifier:          +gcNzKVfXybP9tIh4Jn3noLPD4ClphJrwNo2dNmo+0o=
Subject key identifier:   C8:6B:96:25:95:89:D0:74:6F:4C:95:D6:AB:FC:04:4E:3A:5C:27:CD
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01872934F5D169C5706ED7E5F41AC8825A65
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/yGuWJZWJ0HRvTJXWq_wETjpcJ80.roa
Signing time:             Tue 28 Mar 2023 17:12:29 +0000
ROA not before:           Tue 28 Mar 2023 17:12:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:29:34:f5:d1:69:c5:70:6e:d7:e5:f4:1a:c8:82:5a:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 28 17:12:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c86b96259589d0746f4c95d6abfc044e3a5c27cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:70:b5:a8:f7:22:12:7d:db:15:22:a3:9f:f6:
                    f6:fd:9a:43:30:e0:d7:f3:34:c8:53:df:4d:7b:a3:
                    70:56:a7:c5:67:8b:e3:f7:52:30:93:68:cc:4d:41:
                    11:a2:09:72:d8:1a:ad:35:53:81:65:89:ee:11:34:
                    af:5a:cb:c8:6e:2b:22:6e:4b:b8:9a:c3:5c:66:22:
                    6b:ea:c1:ad:a6:bd:9e:fa:7f:89:bb:1c:56:87:24:
                    e9:40:73:58:cc:50:f5:2d:92:e8:de:9e:fa:b6:2e:
                    9b:e4:78:c3:82:84:d8:c7:72:c5:7f:fd:04:1d:ed:
                    e9:a9:ee:3d:8f:5e:7f:8a:d1:7a:4d:b7:13:a5:73:
                    f5:6b:2c:ce:eb:29:ae:3d:cc:b3:31:19:e8:09:02:
                    f9:a5:af:a5:e5:45:0c:07:a8:a2:df:55:ab:e3:1d:
                    50:10:de:b6:1b:f0:10:36:6f:94:de:9a:84:54:a0:
                    f2:cf:ee:53:6a:a3:f6:75:ca:7f:09:0d:56:54:73:
                    eb:dd:dd:6c:3f:af:a3:15:ad:ba:59:c6:76:12:7d:
                    24:f8:4a:42:79:4e:73:ba:60:8e:1e:44:b0:41:29:
                    16:62:7a:b6:fc:3a:44:6d:b5:5a:22:4d:88:e3:63:
                    49:aa:6c:4b:6a:b6:2c:c0:82:04:dc:25:d8:84:25:
                    d7:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:6B:96:25:95:89:D0:74:6F:4C:95:D6:AB:FC:04:4E:3A:5C:27:CD
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/yGuWJZWJ0HRvTJXWq_wETjpcJ80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         81:89:57:76:97:1d:08:33:e2:ab:54:09:df:75:9a:1c:4f:46:
         75:49:96:a1:df:5a:6c:9a:da:b5:92:02:e8:d0:21:51:f9:aa:
         19:3d:ad:65:d9:81:f9:f1:03:39:4e:cc:34:6c:00:f8:bf:fc:
         55:df:cf:c5:e2:b5:9c:ca:ee:75:d1:89:64:dd:b1:b0:38:ec:
         63:69:8f:ee:e8:95:eb:86:ba:eb:94:73:10:54:84:2d:9a:c1:
         08:77:60:d5:ce:e4:9f:49:73:2c:e0:28:41:ab:62:7b:9a:77:
         a0:48:26:ea:51:42:f6:f7:3e:93:a8:66:5b:51:cc:fc:5c:29:
         cc:db:62:44:03:fe:ab:b4:a9:5f:e3:f0:37:60:fe:7f:92:6d:
         9a:5e:06:ae:fd:2d:ed:d5:c9:86:1c:81:09:bb:b2:c2:a1:b6:
         52:c4:3f:2c:fe:ea:09:49:5a:40:94:59:68:02:e6:5d:22:18:
         40:6d:80:43:37:d3:d4:e7:35:62:30:dd:c2:97:c3:0f:af:1b:
         0f:e7:a9:78:69:80:ba:6b:3f:fa:5c:74:74:52:54:91:4b:79:
         bf:68:2a:2d:c9:8a:42:24:2c:7d:8a:fd:d1:d1:26:2a:e9:14:
         5d:58:03:d2:8c:2e:bc:54:b8:5c:84:bd:75:45:f9:e0:47:0f:
         1c:fb:7d:85
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcpNPXRacVwbtfl9BrIglplMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI4MTcxMjI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODZiOTYyNTk1ODlkMDc0NmY0Yzk1ZDZhYmZjMDQ0ZTNhNWMyN2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXC1qPciEn3bFSKjn/b2/ZpDMODX
8zTIU99Ne6NwVqfFZ4vj91Iwk2jMTUERogly2BqtNVOBZYnuETSvWsvIbisibku4
msNcZiJr6sGtpr2e+n+JuxxWhyTpQHNYzFD1LZLo3p76ti6b5HjDgoTYx3LFf/0E
He3pqe49j15/itF6TbcTpXP1ayzO6ymuPcyzMRnoCQL5pa+l5UUMB6ii31Wr4x1Q
EN62G/AQNm+U3pqEVKDyz+5TaqP2dcp/CQ1WVHPr3d1sP6+jFa26WcZ2En0k+EpC
eU5zumCOHkSwQSkWYnq2/DpEbbVaIk2I42NJqmxLarYswIIE3CXYhCXXywIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMhrliWVidB0b0yV1qv8BE46XCfNMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEveUd1V0paV0owSFJ2VEpYV3Ffd0VUanBjSjgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIGJV3aXHQgz4qtUCd91
mhxPRnVJlqHfWmya2rWSAujQIVH5qhk9rWXZgfnxAzlOzDRsAPi//FXfz8XitZzK
7nXRiWTdsbA47GNpj+7oleuGuuuUcxBUhC2awQh3YNXO5J9JcyzgKEGrYnuad6BI
JupRQvb3PpOoZltRzPxcKczbYkQD/qu0qV/j8Ddg/n+SbZpeBq79Le3VyYYcgQm7
ssKhtlLEPyz+6glJWkCUWWgC5l0iGEBtgEM309TnNWIw3cKXww+vGw/nqXhpgLpr
P/pcdHRSVJFLeb9oKi3JikIkLH2K/dHRJirpFF1YA9KMLrxUuFyEvXVF+eBHDxz7
fYU=
-----END CERTIFICATE-----