Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2X1BgF1b_TOYFcavTP6h_JsvLh4.roa
File:                     2X1BgF1b_TOYFcavTP6h_JsvLh4.roa (raw, json)
Hash identifier:          mG2LuejQuNEyxmfcmZV8T2TgBgOuyAVifKTvwMW9yNg=
Subject key identifier:   D9:7D:41:80:5D:5B:FD:33:98:15:C6:AF:4C:FE:A1:FC:9B:2F:2E:1E
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01875B6B29668CF7B5E518BA5F5BF1A4CC7D
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2X1BgF1b_TOYFcavTP6h_JsvLh4.roa
Signing time:             Fri 07 Apr 2023 11:12:42 +0000
ROA not before:           Fri 07 Apr 2023 11:12:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:5b:6b:29:66:8c:f7:b5:e5:18:ba:5f:5b:f1:a4:cc:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  7 11:12:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d97d41805d5bfd339815c6af4cfea1fc9b2f2e1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:1a:0f:d6:57:0d:cc:c0:85:32:e2:10:d3:37:
                    d9:4e:d3:e7:cc:72:f7:60:a3:b7:26:09:f2:ea:2f:
                    0d:d4:08:e4:04:5c:7d:18:43:ca:a7:af:54:14:5d:
                    f9:d9:07:a7:99:2f:c6:bf:e1:77:94:1c:f3:c3:f3:
                    3e:17:80:8c:56:ac:dd:5c:49:7d:4b:71:35:25:4f:
                    b7:7a:b5:34:93:1e:17:3c:1d:71:6a:0d:53:6e:0a:
                    dc:ef:6d:5c:d6:12:53:f1:58:a4:1a:df:7c:93:2f:
                    be:eb:7b:0d:28:ad:09:f3:48:3d:16:ea:f1:1e:77:
                    d2:a4:93:a1:11:16:54:3e:bc:aa:e7:54:6a:d0:5f:
                    4d:e4:b0:f1:23:b4:66:a2:6a:0e:99:e8:b2:7c:02:
                    f5:a7:a5:7d:3d:bf:59:4f:a9:ba:e4:0a:17:1e:f0:
                    a7:f0:d2:c1:27:81:2d:30:bb:7c:fb:9f:9e:0c:ae:
                    d8:dd:fa:0b:c5:52:ad:3e:8f:72:34:4b:03:cd:ff:
                    b7:53:6f:9c:62:be:f2:54:a2:13:fb:52:7b:b9:0a:
                    ef:d0:8d:92:2a:63:f4:ed:82:8c:de:ef:31:01:63:
                    68:5f:9b:a5:be:d5:2c:07:66:eb:29:a7:ba:e3:5a:
                    34:67:59:ca:74:03:bc:a4:03:71:3b:ca:90:7d:c7:
                    84:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:7D:41:80:5D:5B:FD:33:98:15:C6:AF:4C:FE:A1:FC:9B:2F:2E:1E
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2X1BgF1b_TOYFcavTP6h_JsvLh4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         98:fd:55:75:f6:2a:e7:0b:bf:99:be:3e:a4:e7:3d:f9:f1:7a:
         87:0c:a7:66:a4:6b:6e:3c:fd:5a:8a:f9:61:87:50:c8:e5:c3:
         3a:ee:b6:2b:ea:a4:8d:39:0a:96:8a:15:9d:f8:ff:28:a1:8e:
         5f:25:bd:76:c4:4e:ae:05:4d:d2:fa:a8:db:a6:a6:dd:27:f2:
         f2:6d:04:6e:c0:cb:8c:34:4d:2f:81:69:d5:f4:a0:91:12:6b:
         ef:52:1a:33:fc:53:4b:72:eb:53:a8:fb:45:3c:38:40:e5:22:
         b6:52:22:9c:e3:9d:e0:63:b7:63:66:ea:7e:7c:39:c2:69:77:
         2c:22:9a:12:fa:37:dc:0f:66:65:6c:69:cc:98:5d:60:6c:7a:
         82:d3:f4:b7:d2:5c:cb:1d:13:27:69:df:28:a7:ed:b0:2e:14:
         b7:33:11:e8:3c:d0:16:8a:27:0b:18:b4:b6:21:ed:38:83:78:
         28:84:21:6e:83:1a:82:fd:f6:f4:64:d9:2d:00:d5:17:10:ea:
         9c:85:97:f6:7d:99:3b:d4:78:5f:57:fb:2e:56:d5:ef:db:3c:
         fa:58:cc:db:16:e1:90:c6:aa:11:d6:b6:e1:b0:6e:a9:ca:fd:
         51:06:ee:55:8f:85:fe:7a:74:e7:fe:39:79:b4:58:f7:de:f7:
         07:8b:c4:ab
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdbaylmjPe15Ri6X1vxpMx9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDA3MTExMjQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTdkNDE4MDVkNWJmZDMzOTgxNWM2YWY0Y2ZlYTFmYzliMmYyZTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhhoP1lcNzMCFMuIQ0zfZTtPnzHL3
YKO3Jgny6i8N1AjkBFx9GEPKp69UFF352QenmS/Gv+F3lBzzw/M+F4CMVqzdXEl9
S3E1JU+3erU0kx4XPB1xag1Tbgrc721c1hJT8VikGt98ky++63sNKK0J80g9Furx
HnfSpJOhERZUPryq51Rq0F9N5LDxI7RmomoOmeiyfAL1p6V9Pb9ZT6m65AoXHvCn
8NLBJ4EtMLt8+5+eDK7Y3foLxVKtPo9yNEsDzf+3U2+cYr7yVKIT+1J7uQrv0I2S
KmP07YKM3u8xAWNoX5ulvtUsB2brKae641o0Z1nKdAO8pANxO8qQfceE4QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNl9QYBdW/0zmBXGr0z+ofybLy4eMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMlgxQmdGMWJfVE9ZRmNhdlRQNmhfSnN2TGg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJj9VXX2KucLv5m+PqTn
PfnxeocMp2aka248/VqK+WGHUMjlwzrutivqpI05CpaKFZ34/yihjl8lvXbETq4F
TdL6qNumpt0n8vJtBG7Ay4w0TS+BadX0oJESa+9SGjP8U0ty61Oo+0U8OEDlIrZS
IpzjneBjt2Nm6n58OcJpdywimhL6N9wPZmVsacyYXWBseoLT9LfSXMsdEydp3yin
7bAuFLczEeg80BaKJwsYtLYh7TiDeCiEIW6DGoL99vRk2S0A1RcQ6pyFl/Z9mTvU
eF9X+y5W1e/bPPpYzNsW4ZDGqhHWtuGwbqnK/VEG7lWPhf56dOf+OXm0WPfe9weL
xKs=
-----END CERTIFICATE-----