Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-h34n0aWLCCDkssdhQVPbhMqA9s.roa
File:                     1-h34n0aWLCCDkssdhQVPbhMqA9s.roa (raw, json)
Hash identifier:          OleaWfJnfaPF7oBsgZY8WTaDY54KEbGvb1Itg/atN4g=
Subject key identifier:   FA:1D:F8:9F:46:96:2C:20:83:92:CB:1D:85:05:4F:6E:13:2A:03:DB
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186ECE92406A57BE3DEC133656056E5D9F1
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-h34n0aWLCCDkssdhQVPbhMqA9s.roa
Signing time:             Fri 17 Mar 2023 00:12:27 +0000
ROA not before:           Fri 17 Mar 2023 00:12:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:ec:e9:24:06:a5:7b:e3:de:c1:33:65:60:56:e5:d9:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 17 00:12:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fa1df89f46962c208392cb1d85054f6e132a03db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:34:37:4b:a2:82:10:d1:91:e6:06:a2:0e:f5:
                    06:4d:a6:d0:d4:44:0d:40:a0:9b:89:0d:43:96:af:
                    a8:75:9f:e5:db:99:ae:60:5f:77:8a:61:b3:6b:9b:
                    e1:07:61:b5:31:0b:fa:81:dc:26:c1:ed:57:e5:1f:
                    c8:65:97:86:ae:3d:e9:31:83:2f:de:ef:b7:d7:78:
                    2d:8d:e3:cb:8e:da:d5:24:10:4e:8c:1e:38:1b:5a:
                    88:5f:b6:b2:04:7c:fa:a8:23:51:00:73:68:f6:6b:
                    b7:66:5b:cb:14:0c:cb:da:00:29:e4:6e:8c:46:49:
                    60:32:9f:09:97:e4:78:9b:aa:05:34:a8:98:07:16:
                    a2:1b:13:7e:e4:3d:d5:e6:28:ec:70:d6:3b:e4:c8:
                    22:82:46:06:14:60:bf:20:9a:9e:af:73:31:93:de:
                    93:a0:23:d4:aa:b8:ad:7b:c5:da:73:94:85:c5:95:
                    7a:4e:9f:4e:96:0b:e5:5a:fd:fc:36:b6:72:e2:81:
                    f6:3e:89:22:b7:d8:c7:34:fd:de:5b:40:84:b3:a9:
                    95:eb:7c:8d:4a:5d:74:e2:60:ec:14:b5:b4:11:67:
                    ce:f5:f9:c9:7b:44:a0:75:99:99:39:7c:72:b9:0a:
                    4f:30:8a:04:e7:c0:f7:4f:d4:12:58:cd:33:f0:00:
                    07:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:1D:F8:9F:46:96:2C:20:83:92:CB:1D:85:05:4F:6E:13:2A:03:DB
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-h34n0aWLCCDkssdhQVPbhMqA9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2a:a3:d7:1a:70:81:46:d7:0f:37:bd:51:0e:54:ec:3a:9c:69:
         08:cd:25:7b:c2:9d:26:e7:08:7f:2f:6d:7b:c0:be:67:8c:f0:
         65:ca:f1:ed:7d:df:56:07:84:de:e5:b4:8d:25:b7:d3:d2:fa:
         f4:e2:3a:53:58:93:89:1c:22:3b:93:a4:65:5b:7f:39:c8:8d:
         c7:47:e1:95:9f:de:cd:78:e0:b5:35:d9:33:3f:55:64:9b:99:
         b4:b8:c4:43:83:47:ae:7a:a4:55:1d:29:a0:21:ae:a1:6a:22:
         df:14:b8:4e:5c:61:69:b1:cf:07:65:94:60:29:69:e3:f3:d7:
         2b:b2:90:c2:5f:5a:4d:8b:37:25:02:cd:60:c9:d8:cb:6a:8b:
         51:99:64:85:a6:a7:3b:17:66:5b:41:ee:28:d6:f5:cc:c6:74:
         64:42:55:47:a5:43:fc:0e:ca:47:fd:cb:f4:77:42:5a:44:06:
         a3:e1:96:a6:c5:3b:c3:71:3d:20:ea:f2:32:5a:a9:8f:d2:e1:
         cf:03:15:81:d7:16:cc:15:61:e8:bc:b5:69:e6:ec:21:28:a9:
         c2:f8:bb:ac:cb:be:7c:ec:99:49:bf:5a:a8:d3:a5:da:2a:98:
         8b:9d:30:97:e6:22:cf:c1:68:3c:26:9b:5f:7e:5c:ae:a9:04:
         60:07:99:b8
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYbs6SQGpXvj3sEzZWBW5dnxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzE3MDAxMjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTFkZjg5ZjQ2OTYyYzIwODM5MmNiMWQ4NTA1NGY2ZTEzMmEwM2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTQ3S6KCENGR5gaiDvUGTabQ1EQN
QKCbiQ1Dlq+odZ/l25muYF93imGza5vhB2G1MQv6gdwmwe1X5R/IZZeGrj3pMYMv
3u+313gtjePLjtrVJBBOjB44G1qIX7ayBHz6qCNRAHNo9mu3ZlvLFAzL2gAp5G6M
RklgMp8Jl+R4m6oFNKiYBxaiGxN+5D3V5ijscNY75MgigkYGFGC/IJqer3Mxk96T
oCPUqrite8Xac5SFxZV6Tp9OlgvlWv38NrZy4oH2Pokit9jHNP3eW0CEs6mV63yN
Sl104mDsFLW0EWfO9fnJe0SgdZmZOXxyuQpPMIoE58D3T9QSWM0z8AAHSQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPod+J9Gliwgg5LLHYUFT24TKgPbMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMS1oMzRuMGFXTENDRGtzc2RoUVZQYmhNcUE5cy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNWUvNzk4NDQ3LTIxZjQtNDVhYi05OWRjLTFhYmUzYWMxMGFh
Ni8xL2NnUjc0VnNuV1FMYzloZmNQUTRXM0I4d2dDSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAwBggrBgEFBQcBBwEB/wQhMB8wDAQCAAEwBgMEA8EAGDAP
BAIAAjAJAwcAIAEGfABkMA0GCSqGSIb3DQEBCwUAA4IBAQAqo9cacIFG1w83vVEO
VOw6nGkIzSV7wp0m5wh/L217wL5njPBlyvHtfd9WB4Te5bSNJbfT0vr04jpTWJOJ
HCI7k6RlW385yI3HR+GVn97NeOC1NdkzP1Vkm5m0uMRDg0eueqRVHSmgIa6haiLf
FLhOXGFpsc8HZZRgKWnj89crspDCX1pNizclAs1gydjLaotRmWSFpqc7F2ZbQe4o
1vXMxnRkQlVHpUP8DspH/cv0d0JaRAaj4ZamxTvDcT0g6vIyWqmP0uHPAxWB1xbM
FWHovLVp5uwhKKnC+Lusy7587JlJv1qo06XaKpiLnTCX5iLPwWg8JptfflyuqQRg
B5m4
-----END CERTIFICATE-----