Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/zOCtA5A7tLbQ0NGSjB6QSHTCs9U.roa
File:                     zOCtA5A7tLbQ0NGSjB6QSHTCs9U.roa (raw, json)
Hash identifier:          QnqwCUOd+xe0KAZ4Cnc8ETcWebDnRgVckk22jA9VcNU=
Subject key identifier:   CC:E0:AD:03:90:3B:B4:B6:D0:D0:D1:92:8C:1E:90:48:74:C2:B3:D5
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186E0E40C868814F8361186B0F4E6C726F2
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/zOCtA5A7tLbQ0NGSjB6QSHTCs9U.roa
Signing time:             Tue 14 Mar 2023 16:11:27 +0000
ROA not before:           Tue 14 Mar 2023 16:11:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:e0:e4:0c:86:88:14:f8:36:11:86:b0:f4:e6:c7:26:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 14 16:11:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cce0ad03903bb4b6d0d0d1928c1e904874c2b3d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:10:01:1b:b1:20:37:11:a4:75:cf:6f:61:68:
                    f4:ea:46:1d:21:a1:f7:ee:f8:2b:85:75:38:40:8d:
                    67:7b:8c:9f:fd:bf:18:a8:59:9d:9b:c7:58:96:48:
                    b7:cd:e3:22:13:3d:9a:1a:34:3e:86:42:44:14:33:
                    f5:a0:e4:7b:32:8d:43:9a:19:a6:7e:86:83:d4:4e:
                    c8:db:67:24:41:92:8f:ee:31:a8:b0:0e:25:a7:23:
                    15:6c:12:cc:e2:8d:24:97:30:30:a3:84:a4:3b:73:
                    5c:29:e6:70:38:5a:23:f6:c5:f2:cd:c4:aa:f9:57:
                    11:6e:08:26:f1:5b:26:77:07:62:fa:9a:68:58:1c:
                    7e:99:08:d4:e6:77:c9:17:ae:23:45:96:2e:03:65:
                    f7:f8:5e:45:6a:7b:64:61:9f:0c:47:18:be:2d:bd:
                    45:fd:50:04:12:30:48:8d:58:50:51:97:17:a2:2d:
                    9c:7a:9a:7f:e8:c7:33:03:b4:01:7a:ad:49:c0:1c:
                    78:c4:af:bd:e1:a3:ba:62:fc:9c:43:bb:4c:0b:69:
                    69:40:b0:61:cb:97:86:b5:19:60:aa:d3:88:31:6d:
                    87:bc:a0:ef:dd:90:77:6f:5f:23:d7:6d:9b:39:b0:
                    b0:18:ef:4e:ab:f9:00:93:76:8e:7f:94:ae:56:49:
                    48:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:E0:AD:03:90:3B:B4:B6:D0:D0:D1:92:8C:1E:90:48:74:C2:B3:D5
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/zOCtA5A7tLbQ0NGSjB6QSHTCs9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         b2:46:5a:b4:48:ae:af:b1:be:4b:ba:6c:fb:f8:b9:14:85:19:
         e9:b2:f1:b7:23:37:74:07:6f:77:5d:b4:52:0e:86:25:26:be:
         a2:7c:f4:9e:c3:2b:a3:3a:8b:89:ed:98:cc:1c:5b:b6:cd:58:
         54:1c:16:2c:a5:a0:5f:8a:1b:39:72:95:04:86:5b:c3:9e:59:
         a1:cd:53:a4:bf:4f:66:16:47:16:53:60:4e:d2:0c:09:11:45:
         91:41:12:cf:04:33:a8:4c:96:c5:10:81:be:4e:59:ed:a1:24:
         30:49:0e:a2:f6:35:6c:17:48:48:ce:39:73:02:e2:54:98:75:
         82:83:ee:78:2c:a2:46:bc:5c:ff:57:91:6c:75:20:13:f3:0a:
         1b:b3:ea:cd:4c:bd:68:53:8e:db:4d:2d:b6:92:14:dc:ea:d8:
         c9:7b:30:39:3a:9a:d9:a5:44:fe:e9:90:ff:be:48:b9:73:0a:
         a3:53:7f:1e:4e:4d:6e:04:41:70:f0:8a:21:1d:fd:36:98:6b:
         ce:ae:48:15:ac:7d:6a:d2:93:13:42:7b:86:3f:6c:f4:ec:db:
         af:4d:22:ec:f6:59:64:b5:bc:05:43:c5:d4:63:3b:5f:6b:d8:
         51:bb:df:a5:3b:09:de:ec:f1:aa:60:61:11:e1:06:7b:2c:ab:
         a7:4f:0a:60
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbg5AyGiBT4NhGGsPTmxybyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzE0MTYxMTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2UwYWQwMzkwM2JiNGI2ZDBkMGQxOTI4YzFlOTA0ODc0YzJiM2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAshABG7EgNxGkdc9vYWj06kYdIaH3
7vgrhXU4QI1ne4yf/b8YqFmdm8dYlki3zeMiEz2aGjQ+hkJEFDP1oOR7Mo1Dmhmm
foaD1E7I22ckQZKP7jGosA4lpyMVbBLM4o0klzAwo4SkO3NcKeZwOFoj9sXyzcSq
+VcRbggm8Vsmdwdi+ppoWBx+mQjU5nfJF64jRZYuA2X3+F5FantkYZ8MRxi+Lb1F
/VAEEjBIjVhQUZcXoi2cepp/6MczA7QBeq1JwBx4xK+94aO6YvycQ7tMC2lpQLBh
y5eGtRlgqtOIMW2HvKDv3ZB3b18j122bObCwGO9Oq/kAk3aOf5SuVklIDwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMzgrQOQO7S20NDRkowekEh0wrPVMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvek9DdEE1QTd0TGJRME5HU2pCNlFTSFRDczlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBALJGWrRIrq+xvku6bPv4
uRSFGemy8bcjN3QHb3ddtFIOhiUmvqJ89J7DK6M6i4ntmMwcW7bNWFQcFiyloF+K
GzlylQSGW8OeWaHNU6S/T2YWRxZTYE7SDAkRRZFBEs8EM6hMlsUQgb5OWe2hJDBJ
DqL2NWwXSEjOOXMC4lSYdYKD7ngsoka8XP9XkWx1IBPzChuz6s1MvWhTjttNLbaS
FNzq2Ml7MDk6mtmlRP7pkP++SLlzCqNTfx5OTW4EQXDwiiEd/TaYa86uSBWsfWrS
kxNCe4Y/bPTs269NIuz2WWS1vAVDxdRjO19r2FG736U7Cd7s8apgYRHhBnssq6dP
CmA=
-----END CERTIFICATE-----