Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/yZywq_JygUjIphUZTmOUyjp1zU0.roa
File:                     yZywq_JygUjIphUZTmOUyjp1zU0.roa (raw, json)
Hash identifier:          KEzXumEma6Q0W2VuJnmoYDcWLRAl5fm2YKHaldTBtzI=
Subject key identifier:   C9:9C:B0:AB:F2:72:81:48:C8:A6:15:19:4E:63:94:CA:3A:75:CD:4D
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01872FA8927C582607C24BCC8B00220F91D2
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/yZywq_JygUjIphUZTmOUyjp1zU0.roa
Signing time:             Wed 29 Mar 2023 23:16:29 +0000
ROA not before:           Wed 29 Mar 2023 23:16:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:2f:a8:92:7c:58:26:07:c2:4b:cc:8b:00:22:0f:91:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 29 23:16:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c99cb0abf2728148c8a615194e6394ca3a75cd4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:75:f5:d6:e5:ff:bb:d3:7c:e4:9c:34:0a:5d:
                    89:0f:87:d4:67:c7:88:39:fa:a5:6c:d6:4a:de:00:
                    61:18:c7:00:f1:06:bf:96:c9:0f:47:90:b4:ad:a8:
                    64:4b:d1:89:6f:4f:86:44:66:f5:15:bf:10:9d:36:
                    d6:b0:59:41:64:9a:90:21:22:40:92:44:f5:76:5b:
                    de:d5:1e:81:9e:73:a1:36:f3:c0:57:c5:c6:f3:9b:
                    90:e5:a7:e6:fa:fb:b2:be:1a:e6:4a:fc:31:ab:3a:
                    c8:0d:8d:a4:e0:ff:5c:55:b6:a6:ad:ac:c6:5a:d7:
                    d2:e3:f4:08:14:82:bf:20:c6:d2:5e:c3:bb:f1:e8:
                    0a:83:a7:f2:69:c0:97:29:70:42:8b:37:2e:2c:d4:
                    85:3e:2b:bc:a6:4c:d2:b1:26:fa:9e:ba:2b:8c:5c:
                    03:15:19:17:b6:f1:3d:86:af:df:eb:d3:33:d4:55:
                    80:aa:4e:29:dd:c0:cf:b2:4b:e5:2c:93:c3:50:e3:
                    67:54:1e:d9:b8:63:2f:d7:a3:10:48:91:ef:55:d6:
                    7f:eb:b3:96:62:d0:0e:b9:fa:e0:11:96:17:c4:f5:
                    95:6e:f7:39:3b:c7:03:64:44:01:c3:33:f4:99:9f:
                    68:7f:ad:ef:71:6e:78:2c:51:e8:82:8b:c6:21:75:
                    df:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:9C:B0:AB:F2:72:81:48:C8:A6:15:19:4E:63:94:CA:3A:75:CD:4D
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/yZywq_JygUjIphUZTmOUyjp1zU0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         af:c1:02:7f:95:2c:a0:86:3f:01:6c:a1:b9:9a:e3:98:55:7d:
         4a:c4:1c:a5:01:0b:f3:31:90:44:b7:51:60:92:ba:41:ac:b1:
         f4:ea:3f:20:b6:78:3e:af:c3:ce:0f:3f:68:54:cf:8a:e4:10:
         a7:da:e5:02:44:6a:c4:b5:da:fa:1b:57:ac:6d:7d:9c:fc:3e:
         a3:4c:12:51:7b:62:8c:37:58:dc:66:33:40:01:e5:1f:32:e9:
         d0:00:6c:d3:1e:fa:25:00:f4:51:24:fe:63:ef:6d:41:9a:47:
         02:0b:61:e7:e1:6d:f0:84:e5:73:65:50:67:72:e9:68:f4:3c:
         16:85:44:7c:d6:64:71:cd:1d:b7:09:43:5e:0a:84:96:2e:0d:
         28:ce:0f:e5:95:30:a5:42:22:ed:c8:62:fb:eb:44:36:a7:b2:
         71:25:62:52:ce:38:62:c7:f2:26:9e:ee:0f:93:be:fe:cb:c4:
         20:a4:a9:f2:41:97:14:88:42:12:3c:d0:95:b7:0e:48:78:d4:
         c0:57:4a:b3:40:0c:6a:a3:5e:2e:5f:09:73:a1:46:57:b2:1e:
         bb:f1:49:61:8f:47:d8:c0:c4:99:1d:1b:55:e1:a7:ee:0d:7e:
         c9:0f:d5:43:4a:43:f6:86:f0:b1:18:27:aa:97:d3:86:74:2d:
         e2:87:98:30
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcvqJJ8WCYHwkvMiwAiD5HSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI5MjMxNjI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTljYjBhYmYyNzI4MTQ4YzhhNjE1MTk0ZTYzOTRjYTNhNzVjZDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiXX11uX/u9N85Jw0Cl2JD4fUZ8eI
OfqlbNZK3gBhGMcA8Qa/lskPR5C0rahkS9GJb0+GRGb1Fb8QnTbWsFlBZJqQISJA
kkT1dlve1R6BnnOhNvPAV8XG85uQ5afm+vuyvhrmSvwxqzrIDY2k4P9cVbamrazG
WtfS4/QIFIK/IMbSXsO78egKg6fyacCXKXBCizcuLNSFPiu8pkzSsSb6nrorjFwD
FRkXtvE9hq/f69Mz1FWAqk4p3cDPskvlLJPDUONnVB7ZuGMv16MQSJHvVdZ/67OW
YtAOufrgEZYXxPWVbvc5O8cDZEQBwzP0mZ9of63vcW54LFHogovGIXXf6QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMmcsKvycoFIyKYVGU5jlMo6dc1NMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEveVp5d3FfSnlnVWpJcGhVWlRtT1V5anAxelUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAK/BAn+VLKCGPwFsobma
45hVfUrEHKUBC/MxkES3UWCSukGssfTqPyC2eD6vw84PP2hUz4rkEKfa5QJEasS1
2vobV6xtfZz8PqNMElF7Yow3WNxmM0AB5R8y6dAAbNMe+iUA9FEk/mPvbUGaRwIL
YefhbfCE5XNlUGdy6Wj0PBaFRHzWZHHNHbcJQ14KhJYuDSjOD+WVMKVCIu3IYvvr
RDansnElYlLOOGLH8iae7g+Tvv7LxCCkqfJBlxSIQhI80JW3Dkh41MBXSrNADGqj
Xi5fCXOhRleyHrvxSWGPR9jAxJkdG1Xhp+4NfskP1UNKQ/aG8LEYJ6qX04Z0LeKH
mDA=
-----END CERTIFICATE-----