Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/yhowCzgdhkhXtSYbe8sM8DP9e8M.roa
File:                     yhowCzgdhkhXtSYbe8sM8DP9e8M.roa (raw, json)
Hash identifier:          j9LUQBScOBRWLV5CHRC6IMnJFgSbGrnd6Cf3Dn+iQ8M=
Subject key identifier:   CA:1A:30:0B:38:1D:86:48:57:B5:26:1B:7B:CB:0C:F0:33:FD:7B:C3
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188315B1AFA59F85E41596BB161FEC7FFC8
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/yhowCzgdhkhXtSYbe8sM8DP9e8M.roa
Signing time:             Fri 19 May 2023 00:13:54 +0000
ROA not before:           Fri 19 May 2023 00:13:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:31:5b:1a:fa:59:f8:5e:41:59:6b:b1:61:fe:c7:ff:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 19 00:13:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ca1a300b381d864857b5261b7bcb0cf033fd7bc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:3e:88:e5:ca:f7:11:09:5b:9b:83:00:80:90:
                    70:76:34:8e:b2:c7:45:76:4b:fc:2d:ed:e7:7a:6b:
                    af:f0:f2:fb:93:da:87:06:4d:37:7d:67:e0:69:33:
                    1a:43:ef:fe:a5:54:69:2e:73:b4:7b:e2:4a:c0:bc:
                    42:75:53:a0:2b:1b:6c:a2:a3:28:80:d4:53:ea:5c:
                    1b:5c:9f:ed:69:37:b3:81:10:8d:b5:18:db:bd:68:
                    c0:1b:43:b4:cf:61:5e:44:16:25:1e:64:5f:af:f9:
                    52:f3:9a:09:1b:c2:9d:a2:d4:8e:c6:f3:ce:cd:0b:
                    da:1a:97:8d:c2:dd:be:b7:0f:3d:3a:18:66:02:a7:
                    e8:4a:e6:33:0f:6b:43:4f:53:1a:fc:77:82:ca:42:
                    3b:98:52:ee:7b:00:bc:80:5f:52:fc:c7:ee:d2:92:
                    88:7f:b7:35:f9:3b:54:4d:a8:ce:f2:58:19:4c:d6:
                    27:a4:72:fe:21:44:ca:33:da:25:f8:5b:0f:b0:ac:
                    b8:2c:c4:ae:97:68:57:4d:81:a2:af:e7:e2:08:cd:
                    16:14:4c:66:06:1b:79:15:45:69:e0:fc:7e:f3:03:
                    c1:39:3a:bb:ca:ff:90:6a:c9:6d:23:09:1e:ea:96:
                    ad:90:c0:c8:d1:7e:26:11:d5:74:2d:58:bf:53:2c:
                    8f:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:1A:30:0B:38:1D:86:48:57:B5:26:1B:7B:CB:0C:F0:33:FD:7B:C3
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/yhowCzgdhkhXtSYbe8sM8DP9e8M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:ef:cb:78:44:e9:99:2f:e9:2b:33:1e:a1:1e:58:e3:23:9a:
         54:2b:db:53:e2:92:60:e0:1d:c1:10:33:21:cd:fd:61:75:4a:
         3a:b0:aa:be:26:d6:9b:04:6a:2e:9f:d2:ca:b2:15:15:68:16:
         6a:78:97:8b:59:1f:c1:ae:d7:34:36:db:2f:19:76:b3:81:2d:
         98:62:47:91:6b:35:4d:20:78:ba:a4:25:f5:42:22:41:78:59:
         ca:19:ba:e7:1d:a8:5e:5d:55:33:34:38:67:df:65:6f:e5:b2:
         3d:2e:4a:d7:48:0d:e3:f4:dd:6f:e0:2d:0b:50:e4:13:42:f5:
         e8:ff:8f:6e:0b:57:09:ed:0d:d0:d5:ce:aa:e9:61:af:ee:34:
         da:6a:8d:b8:ae:6f:35:86:42:14:ff:b3:f2:6b:1c:4e:32:e3:
         1f:15:90:bf:ae:2c:83:62:84:c0:b8:bf:79:fa:cd:de:a3:ef:
         7b:5a:6f:7e:70:2b:11:93:ba:7a:51:73:c5:81:dd:d2:d2:08:
         4e:a9:71:d2:4a:bd:1e:5f:79:fc:1e:9b:5d:82:fe:b5:a8:b9:
         84:64:cc:b8:a4:2b:ee:75:8b:e4:42:04:95:3b:bb:ed:09:cb:
         56:1e:e0:8f:62:84:2a:18:73:32:fd:6c:25:6c:df:7f:ae:84:
         0f:64:02:fd
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgxWxr6WfheQVlrsWH+x//IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTE5MDAxMzU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTFhMzAwYjM4MWQ4NjQ4NTdiNTI2MWI3YmNiMGNmMDMzZmQ3YmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwT6I5cr3EQlbm4MAgJBwdjSOssdF
dkv8Le3nemuv8PL7k9qHBk03fWfgaTMaQ+/+pVRpLnO0e+JKwLxCdVOgKxtsoqMo
gNRT6lwbXJ/taTezgRCNtRjbvWjAG0O0z2FeRBYlHmRfr/lS85oJG8KdotSOxvPO
zQvaGpeNwt2+tw89OhhmAqfoSuYzD2tDT1Ma/HeCykI7mFLuewC8gF9S/Mfu0pKI
f7c1+TtUTajO8lgZTNYnpHL+IUTKM9ol+FsPsKy4LMSul2hXTYGir+fiCM0WFExm
Bht5FUVp4Px+8wPBOTq7yv+QasltIwke6patkMDI0X4mEdV0LVi/UyyPVQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMoaMAs4HYZIV7UmG3vLDPAz/XvDMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEveWhvd0N6Z2Roa2hYdFNZYmU4c004RFA5ZThNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHDvy3hE6Zkv6SszHqEe
WOMjmlQr21PikmDgHcEQMyHN/WF1Sjqwqr4m1psEai6f0sqyFRVoFmp4l4tZH8Gu
1zQ22y8ZdrOBLZhiR5FrNU0geLqkJfVCIkF4WcoZuucdqF5dVTM0OGffZW/lsj0u
StdIDeP03W/gLQtQ5BNC9ej/j24LVwntDdDVzqrpYa/uNNpqjbiubzWGQhT/s/Jr
HE4y4x8VkL+uLINihMC4v3n6zd6j73tab35wKxGTunpRc8WB3dLSCE6pcdJKvR5f
efwem12C/rWouYRkzLikK+51i+RCBJU7u+0Jy1Ye4I9ihCoYczL9bCVs33+uhA9k
Av0=
-----END CERTIFICATE-----