Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ztfDKKKkBt8j0R-4S31cIQEvfFQ.roa
File:                     ztfDKKKkBt8j0R-4S31cIQEvfFQ.roa (raw, json)
Hash identifier:          etcz6zURkU6PVw3Xlrv/Zimt9aXKSFPcIyWMqIWqUqE=
Subject key identifier:   CE:D7:C3:28:A2:A4:06:DF:23:D1:1F:B8:4B:7D:5C:21:01:2F:7C:54
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01877E632DA5C88BAD3A014E0225A3D85EF0
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ztfDKKKkBt8j0R-4S31cIQEvfFQ.roa
Signing time:             Fri 14 Apr 2023 06:10:41 +0000
ROA not before:           Fri 14 Apr 2023 06:10:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:7e:63:2d:a5:c8:8b:ad:3a:01:4e:02:25:a3:d8:5e:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 14 06:10:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ced7c328a2a406df23d11fb84b7d5c21012f7c54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:0b:0e:db:d7:ca:04:b0:4c:7d:99:ea:72:a1:
                    b1:75:dd:7f:4d:b0:7b:40:8a:da:39:37:36:fe:01:
                    60:e9:6c:5d:a1:c4:74:da:8c:f2:fa:4a:d5:6a:e5:
                    7c:82:da:79:48:f4:8c:e7:fa:d0:8b:28:a9:7f:72:
                    1f:26:44:a2:43:e5:01:cc:7f:0b:b4:30:c3:8b:e2:
                    a5:f3:23:db:47:b9:48:67:32:19:c1:86:8d:32:d8:
                    fb:57:b1:a9:c8:46:8c:aa:a1:43:96:60:e0:5e:5f:
                    2e:fa:1d:19:72:bf:e6:12:b6:ed:84:fb:3f:47:a2:
                    9a:1c:a7:00:62:59:71:63:48:90:89:13:43:4f:7f:
                    9c:f8:78:ec:51:9f:26:57:41:b8:26:eb:e4:ab:e4:
                    b7:b8:68:b1:4f:c5:b1:c5:9b:72:07:0f:5a:50:55:
                    a1:01:20:be:2d:05:0e:75:3f:c0:32:e1:a4:60:48:
                    8d:88:41:23:0e:46:8b:ea:64:7b:e1:d5:9c:64:9b:
                    a2:6f:af:73:b0:df:71:d0:68:71:ee:27:f2:2e:2c:
                    d5:04:d5:f1:3f:08:8d:17:4b:f2:55:44:41:bb:88:
                    5a:91:6d:e0:77:b0:68:34:6b:b4:12:42:2b:ac:ca:
                    ca:a7:99:4d:6e:b0:1a:b0:f0:4c:92:4e:8e:74:81:
                    0c:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:D7:C3:28:A2:A4:06:DF:23:D1:1F:B8:4B:7D:5C:21:01:2F:7C:54
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ztfDKKKkBt8j0R-4S31cIQEvfFQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         14:d6:e1:47:58:11:e7:e6:b1:c6:16:5f:e1:9e:32:21:26:78:
         81:2b:3d:39:b2:50:80:55:b4:4c:7f:49:dc:1c:35:30:2e:4a:
         a3:2f:fb:ec:00:97:71:dd:7b:06:d1:70:e0:97:a2:1e:ac:a2:
         6d:1b:6d:62:fe:9f:67:77:10:8b:ac:a0:6a:cf:07:76:39:90:
         4d:81:6f:90:b3:83:43:eb:81:69:88:96:dc:1c:c2:1c:fc:b2:
         ab:0f:b2:41:f9:b5:ed:77:cc:49:43:5a:7c:b2:0c:11:43:93:
         6e:65:82:fa:d2:de:78:be:fe:f0:20:e2:ae:75:2c:35:13:1e:
         98:58:7a:22:40:bd:19:83:8d:6a:12:08:fb:05:ae:58:83:d6:
         67:49:0d:98:a4:8c:97:94:1a:68:2f:d3:97:1b:1f:41:4c:80:
         ee:d5:7b:9e:97:85:23:cb:ed:2d:5a:0d:a1:4b:ff:a5:96:ba:
         27:14:b8:63:5f:a5:81:8d:d3:60:b5:a4:9a:c0:8c:ad:da:b5:
         11:57:a6:d4:c8:e0:a4:64:58:7d:89:85:a5:4c:02:67:5a:d2:
         49:e9:8f:7f:30:b7:c0:ad:65:8b:3c:aa:08:39:45:11:99:e5:
         6f:6a:2e:70:47:5f:21:b6:d9:b2:83:1e:93:25:5e:ed:b9:98:
         85:e9:d2:fc
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYd+Yy2lyIutOgFOAiWj2F7wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDE0MDYxMDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWQ3YzMyOGEyYTQwNmRmMjNkMTFmYjg0YjdkNWMyMTAxMmY3YzU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkgsO29fKBLBMfZnqcqGxdd1/TbB7
QIraOTc2/gFg6WxdocR02ozy+krVauV8gtp5SPSM5/rQiyipf3IfJkSiQ+UBzH8L
tDDDi+Kl8yPbR7lIZzIZwYaNMtj7V7GpyEaMqqFDlmDgXl8u+h0Zcr/mErbthPs/
R6KaHKcAYllxY0iQiRNDT3+c+HjsUZ8mV0G4Juvkq+S3uGixT8WxxZtyBw9aUFWh
ASC+LQUOdT/AMuGkYEiNiEEjDkaL6mR74dWcZJuib69zsN9x0Ghx7ifyLizVBNXx
PwiNF0vyVURBu4hakW3gd7BoNGu0EkIrrMrKp5lNbrAasPBMkk6OdIEMjwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFM7XwyiipAbfI9EfuEt9XCEBL3xUMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvenRmREtLS2tCdDhqMFItNFMzMWNJUUV2ZkZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABTW4UdYEefmscYWX+Ge
MiEmeIErPTmyUIBVtEx/SdwcNTAuSqMv++wAl3HdewbRcOCXoh6som0bbWL+n2d3
EIusoGrPB3Y5kE2Bb5Czg0PrgWmIltwcwhz8sqsPskH5te13zElDWnyyDBFDk25l
gvrS3ni+/vAg4q51LDUTHphYeiJAvRmDjWoSCPsFrliD1mdJDZikjJeUGmgv05cb
H0FMgO7Ve56XhSPL7S1aDaFL/6WWuicUuGNfpYGN02C1pJrAjK3atRFXptTI4KRk
WH2JhaVMAmda0knpj38wt8CtZYs8qgg5RRGZ5W9qLnBHXyG22bKDHpMlXu25mIXp
0vw=
-----END CERTIFICATE-----