Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/z5U8ezniB1SbzxnAGN1I-U0UrKM.roa
File:                     z5U8ezniB1SbzxnAGN1I-U0UrKM.roa (raw, json)
Hash identifier:          CRLaOwnZX3N1dGWdOarx6cvNigiXyZNf2lPHHiQZuRI=
Subject key identifier:   CF:95:3C:7B:39:E2:07:54:9B:CF:19:C0:18:DD:48:F9:4D:14:AC:A3
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018706E0C733BD88766FDFE0D20BBD59161B
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/z5U8ezniB1SbzxnAGN1I-U0UrKM.roa
Signing time:             Wed 22 Mar 2023 01:13:27 +0000
ROA not before:           Wed 22 Mar 2023 01:13:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:06:e0:c7:33:bd:88:76:6f:df:e0:d2:0b:bd:59:16:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 22 01:13:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cf953c7b39e207549bcf19c018dd48f94d14aca3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:c0:60:75:e3:22:dc:74:9b:bd:81:fd:95:1f:
                    db:20:8e:71:48:50:87:05:71:b2:f5:1b:e1:ae:a1:
                    4f:fd:4a:83:ac:60:7b:87:be:79:fe:48:1b:81:49:
                    b5:d6:e4:64:57:00:2a:eb:df:f0:3c:59:fc:b6:fe:
                    53:f0:be:3a:ba:4f:2f:42:12:fc:8a:0f:c1:a8:d2:
                    2f:6b:30:dd:fd:a2:c9:ed:7a:a0:37:9e:c1:27:a0:
                    4f:1a:9f:dd:55:98:d1:b9:da:44:08:32:b1:35:11:
                    0c:60:f7:3a:08:76:23:ab:7f:d3:18:07:d4:22:68:
                    a8:85:75:3c:1e:c2:2c:d9:2f:53:07:b3:28:47:f6:
                    f8:fa:de:0e:a7:3f:cd:29:f7:12:2f:28:01:32:79:
                    93:01:3b:6b:9b:b1:0f:12:1f:7b:8b:2a:a2:d2:92:
                    f6:43:ed:ab:12:b9:c2:cf:c7:c2:5d:56:98:4a:e9:
                    8c:e7:ab:0d:9a:02:80:d2:f2:3d:8f:25:9e:a6:f5:
                    67:4e:e3:36:dd:78:c6:9a:fa:d9:e5:c1:5d:74:b9:
                    70:d7:6a:df:db:ea:5e:a7:cc:3b:49:c5:65:62:85:
                    71:ac:16:c4:dc:b2:6b:da:c7:c0:bf:73:81:35:d8:
                    ca:b3:68:6f:0d:47:0d:0a:c8:8f:5a:a7:8d:8e:05:
                    5c:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:95:3C:7B:39:E2:07:54:9B:CF:19:C0:18:DD:48:F9:4D:14:AC:A3
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/z5U8ezniB1SbzxnAGN1I-U0UrKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:e4:c2:0b:bc:33:ad:79:e3:80:f8:d3:27:14:29:26:3f:0b:
         09:d1:1f:04:d3:17:f9:9f:70:62:c1:1d:50:d6:2f:5b:85:dc:
         a6:19:5c:78:10:ea:1a:f6:6b:25:0a:65:3a:f6:94:7a:9f:a2:
         c1:5f:67:98:6c:f2:5f:67:a2:34:84:db:67:a8:ca:e7:b9:44:
         49:5b:e4:65:73:bb:05:d4:82:55:81:d3:ae:86:71:f5:0f:86:
         d6:b5:dd:48:14:b2:9f:be:77:f4:6b:c3:29:68:7b:06:a8:09:
         e8:dc:02:34:48:f6:f5:31:1c:db:db:15:2c:cb:ab:fa:41:f9:
         4d:10:91:41:f8:4f:3d:2f:36:25:8e:c3:52:c1:99:32:ae:9c:
         23:2d:63:9e:3c:0d:f3:a0:da:7d:71:36:29:80:d4:29:e7:3d:
         1c:1c:15:77:92:59:c1:fd:3a:cd:f1:c7:0c:68:3a:42:59:0c:
         db:e2:91:44:49:55:19:1d:2e:02:79:15:e1:47:63:0f:40:a8:
         99:ca:a1:21:7b:89:5a:80:5a:23:b0:03:75:a8:06:f5:83:d9:
         cc:c6:eb:23:af:58:71:ec:5b:6a:e5:b0:ea:e3:96:25:f3:a5:
         fe:54:b5:c5:b0:39:ff:e9:a2:5b:7f:ea:7e:a2:ad:16:6d:ed:
         16:82:58:16
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcG4MczvYh2b9/g0gu9WRYbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzIyMDExMzI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjk1M2M3YjM5ZTIwNzU0OWJjZjE5YzAxOGRkNDhmOTRkMTRhY2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8BgdeMi3HSbvYH9lR/bII5xSFCH
BXGy9RvhrqFP/UqDrGB7h755/kgbgUm11uRkVwAq69/wPFn8tv5T8L46uk8vQhL8
ig/BqNIvazDd/aLJ7XqgN57BJ6BPGp/dVZjRudpECDKxNREMYPc6CHYjq3/TGAfU
ImiohXU8HsIs2S9TB7MoR/b4+t4Opz/NKfcSLygBMnmTATtrm7EPEh97iyqi0pL2
Q+2rErnCz8fCXVaYSumM56sNmgKA0vI9jyWepvVnTuM23XjGmvrZ5cFddLlw12rf
2+pep8w7ScVlYoVxrBbE3LJr2sfAv3OBNdjKs2hvDUcNCsiPWqeNjgVc5QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFM+VPHs54gdUm88ZwBjdSPlNFKyjMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvejVVOGV6bmlCMVNienhuQUdOMUktVTBVcktNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAbkwgu8M61544D40ycU
KSY/CwnRHwTTF/mfcGLBHVDWL1uF3KYZXHgQ6hr2ayUKZTr2lHqfosFfZ5hs8l9n
ojSE22eoyue5RElb5GVzuwXUglWB066GcfUPhta13UgUsp++d/RrwyloewaoCejc
AjRI9vUxHNvbFSzLq/pB+U0QkUH4Tz0vNiWOw1LBmTKunCMtY548DfOg2n1xNimA
1CnnPRwcFXeSWcH9Os3xxwxoOkJZDNvikURJVRkdLgJ5FeFHYw9AqJnKoSF7iVqA
WiOwA3WoBvWD2czG6yOvWHHsW2rlsOrjliXzpf5UtcWwOf/polt/6n6irRZt7RaC
WBY=
-----END CERTIFICATE-----