Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/yzP2SZR1QW1vTATPnWUphhxCvPU.roa
File:                     yzP2SZR1QW1vTATPnWUphhxCvPU.roa (raw, json)
Hash identifier:          0epB/KHFIE1OHaSxC+9P3tq0NZXcL9ZjZNeOe25muBE=
Subject key identifier:   CB:33:F6:49:94:75:41:6D:6F:4C:04:CF:9D:65:29:86:1C:42:BC:F5
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018749CBA0C13F175D653B0190A185DADA0C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/yzP2SZR1QW1vTATPnWUphhxCvPU.roa
Signing time:             Tue 04 Apr 2023 01:04:54 +0000
ROA not before:           Tue 04 Apr 2023 01:04:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:187:49cb:78a8/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:49:cb:a0:c1:3f:17:5d:65:3b:01:90:a1:85:da:da:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  4 01:04:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cb33f6499475416d6f4c04cf9d6529861c42bcf5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:99:56:ee:e7:f5:bd:4f:c2:43:02:7f:91:75:
                    c5:95:f9:71:58:4d:58:9c:f0:f6:49:54:84:ec:2e:
                    5c:86:4d:f5:4d:b4:ed:54:2a:23:cb:34:1e:22:e7:
                    52:3f:2c:0f:f8:4c:8b:f7:df:c7:41:70:7e:f8:bb:
                    a5:29:ec:8d:0f:59:51:5c:ef:93:31:54:ed:99:52:
                    75:9c:52:07:a4:af:44:54:d7:ef:cc:7f:3c:92:3d:
                    b9:7b:66:f4:4c:dc:69:89:ff:77:59:40:60:ef:48:
                    8a:4c:14:96:43:9a:19:02:1c:16:12:d9:fd:11:6b:
                    bf:a7:11:04:1a:13:c5:78:ab:15:34:23:a1:10:6c:
                    ee:4a:9f:b7:80:a1:7e:0a:5f:a5:15:49:17:61:d9:
                    2f:30:11:bc:04:d0:32:ba:55:49:4a:98:f4:ff:df:
                    c4:62:7a:1e:27:71:55:73:e2:cb:7b:83:ca:bc:3f:
                    dc:3d:03:c1:4f:94:a4:4c:8c:3a:87:59:84:3b:b1:
                    2e:35:42:46:af:28:b9:b4:6a:c2:fb:15:6d:b1:23:
                    d4:6c:b1:f1:d2:c1:7b:b5:06:97:bc:e1:ee:0d:41:
                    02:09:9d:8a:ab:70:96:9d:67:b1:26:b8:27:7c:29:
                    7e:b9:fa:7c:11:fe:06:72:17:0e:64:ef:96:96:70:
                    ad:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:33:F6:49:94:75:41:6D:6F:4C:04:CF:9D:65:29:86:1C:42:BC:F5
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/yzP2SZR1QW1vTATPnWUphhxCvPU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a7:d8:4e:6f:da:48:fa:ec:ff:d3:7f:36:fd:f3:19:0b:33:a9:
         a6:2a:ad:20:be:88:3f:54:1c:ef:3c:2f:f1:14:d2:d2:ad:2a:
         d9:cb:59:0c:b6:1f:97:d3:8b:13:45:ba:d5:fb:ae:5d:26:a5:
         39:ba:52:d6:69:65:c9:b3:c5:38:53:43:a8:bb:9f:79:05:2b:
         1c:39:f7:3c:2f:c7:5e:77:2a:49:db:63:2a:fe:9d:47:5d:1c:
         7f:7f:26:97:95:48:7d:6d:96:08:b7:c2:41:a5:57:1c:56:d1:
         55:02:d4:b1:19:a4:5c:8a:eb:fe:5f:3a:82:e2:5d:b0:e0:5b:
         bd:c6:a4:0a:fa:34:b3:fc:25:25:39:09:02:66:3f:d4:ad:ad:
         06:dc:93:ad:41:df:bb:ce:5b:b8:c8:fc:20:41:d1:6b:0c:24:
         43:83:39:cb:07:ee:99:3b:d2:4c:56:d7:a6:b5:bc:e4:a5:92:
         69:8d:eb:10:25:3d:8a:f4:85:5f:c1:9b:93:24:c8:11:48:1c:
         c2:71:a2:43:48:cc:1f:2f:61:3e:60:70:03:57:f5:73:52:5e:
         79:d3:c5:c3:dc:7d:7f:b4:49:36:40:bd:c8:50:ea:fa:e8:01:
         b9:30:a8:16:ee:2d:5a:62:0e:6e:ad:94:95:a2:bf:20:2e:c8:
         ea:68:7b:ef
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdJy6DBPxddZTsBkKGF2toMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDA0MDEwNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjMzZjY0OTk0NzU0MTZkNmY0YzA0Y2Y5ZDY1Mjk4NjFjNDJiY2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZlW7uf1vU/CQwJ/kXXFlflxWE1Y
nPD2SVSE7C5chk31TbTtVCojyzQeIudSPywP+EyL99/HQXB++LulKeyND1lRXO+T
MVTtmVJ1nFIHpK9EVNfvzH88kj25e2b0TNxpif93WUBg70iKTBSWQ5oZAhwWEtn9
EWu/pxEEGhPFeKsVNCOhEGzuSp+3gKF+Cl+lFUkXYdkvMBG8BNAyulVJSpj0/9/E
YnoeJ3FVc+LLe4PKvD/cPQPBT5SkTIw6h1mEO7EuNUJGryi5tGrC+xVtsSPUbLHx
0sF7tQaXvOHuDUECCZ2Kq3CWnWexJrgnfCl+ufp8Ef4GchcOZO+WlnCtLwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMsz9kmUdUFtb0wEz51lKYYcQrz1MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEveXpQMlNaUjFRVzF2VEFUUG5XVXBoaHhDdlBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKfYTm/aSPrs/9N/Nv3z
GQszqaYqrSC+iD9UHO88L/EU0tKtKtnLWQy2H5fTixNFutX7rl0mpTm6UtZpZcmz
xThTQ6i7n3kFKxw59zwvx153KknbYyr+nUddHH9/JpeVSH1tlgi3wkGlVxxW0VUC
1LEZpFyK6/5fOoLiXbDgW73GpAr6NLP8JSU5CQJmP9StrQbck61B37vOW7jI/CBB
0WsMJEODOcsH7pk70kxW16a1vOSlkmmN6xAlPYr0hV/Bm5MkyBFIHMJxokNIzB8v
YT5gcANX9XNSXnnTxcPcfX+0STZAvchQ6vroAbkwqBbuLVpiDm6tlJWivyAuyOpo
e+8=
-----END CERTIFICATE-----