Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3JkVvNsDTeeFFDk3PJeuD6ptJHo.roa
File:                     3JkVvNsDTeeFFDk3PJeuD6ptJHo.roa (raw, json)
Hash identifier:          VpeH0sI1nnyQlm0bLtHqGV36ySrAcx3Ghk/7nD8/sp8=
Subject key identifier:   DC:99:15:BC:DB:03:4D:E7:85:14:39:37:3C:97:AE:0F:AA:6D:24:7A
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018776A9A4B7A4270A75BD56E3ECF25D034B
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3JkVvNsDTeeFFDk3PJeuD6ptJHo.roa
Signing time:             Wed 12 Apr 2023 18:10:41 +0000
ROA not before:           Wed 12 Apr 2023 18:10:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:76:a9:a4:b7:a4:27:0a:75:bd:56:e3:ec:f2:5d:03:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 12 18:10:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dc9915bcdb034de7851439373c97ae0faa6d247a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:8d:dd:60:c4:e7:57:ea:f9:4d:1e:7a:39:f6:
                    63:15:09:d9:ed:79:7a:b2:d3:38:fc:5a:a3:32:a5:
                    83:a9:60:6d:4e:b5:e4:16:df:ff:e1:75:3e:e1:46:
                    c7:dd:62:78:d7:24:88:04:79:5c:e3:b8:90:41:16:
                    a1:d5:2c:90:ff:98:68:d6:96:c8:05:dd:64:2c:b7:
                    64:ea:10:d5:1c:d9:ad:0d:8a:ec:17:89:22:5c:73:
                    ff:e6:dd:fe:b4:3f:43:a9:15:15:d7:06:b6:f4:78:
                    fc:69:b5:81:02:f2:c4:66:02:5c:f8:ae:49:69:e8:
                    bc:97:8a:a4:b1:6e:68:ba:75:2d:df:65:d5:03:88:
                    16:45:32:3c:ff:12:98:87:95:92:18:7a:20:07:ae:
                    a2:f2:85:58:24:8b:c8:fc:52:e7:1e:1a:b9:c0:b5:
                    6c:42:a4:b6:6c:a5:95:23:a7:6e:37:87:34:a3:ec:
                    46:f4:b0:5e:0c:8c:d5:06:0a:27:31:c7:1e:32:63:
                    eb:8a:94:b0:c5:9d:91:af:62:57:41:b8:f9:7e:8e:
                    f1:96:4a:72:0e:05:6d:25:5b:59:a8:ba:ef:78:47:
                    36:c7:76:92:fe:d3:5c:5a:4b:3f:20:7e:96:6e:cb:
                    de:df:7c:1b:fa:59:98:eb:96:d9:b2:55:b1:9a:83:
                    e3:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:99:15:BC:DB:03:4D:E7:85:14:39:37:3C:97:AE:0F:AA:6D:24:7A
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3JkVvNsDTeeFFDk3PJeuD6ptJHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:f7:65:6d:b9:ce:15:6e:3c:59:49:12:bf:a0:d9:34:15:92:
         6d:d1:a5:2f:f6:2f:b7:e9:f5:8a:7d:d4:71:51:96:54:25:b1:
         28:5a:c3:24:64:9f:fd:9e:2a:56:88:f5:b9:07:26:b7:54:d4:
         14:04:32:dd:a7:c3:d6:0b:fa:e4:29:0a:c6:ef:8d:d8:a8:91:
         49:b2:b3:b8:83:6a:c0:f9:38:e3:3c:c3:11:33:ca:c5:7f:ed:
         b2:79:f6:97:98:d9:e4:f9:5c:6e:60:11:bf:49:ab:63:8b:dc:
         01:46:94:53:a4:98:76:46:a6:9d:7d:2a:cb:fb:ba:c8:dc:69:
         36:01:0a:73:37:b9:df:9d:f4:43:27:60:80:d2:6a:30:0d:bf:
         10:d4:70:90:26:13:b9:2e:13:a2:b0:27:5f:a7:6b:62:96:10:
         4c:a8:70:15:f9:a7:09:c5:85:ef:22:86:d9:a5:cf:4e:b2:e1:
         3c:31:82:07:9b:be:7f:64:73:e5:ee:f0:ba:66:cf:88:b9:09:
         c0:1d:8c:60:b3:3d:b5:44:b2:be:7a:6e:4a:64:bc:1a:c9:66:
         6e:f1:dd:6d:ff:1e:f0:53:e6:0e:3c:dd:95:fc:7a:01:96:92:
         6e:98:e4:dc:c9:79:a3:f6:3a:27:70:8f:80:3a:06:22:7b:5b:
         6c:15:fe:0e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYd2qaS3pCcKdb1W4+zyXQNLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDEyMTgxMDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzk5MTViY2RiMDM0ZGU3ODUxNDM5MzczYzk3YWUwZmFhNmQyNDdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx43dYMTnV+r5TR56OfZjFQnZ7Xl6
stM4/FqjMqWDqWBtTrXkFt//4XU+4UbH3WJ41ySIBHlc47iQQRah1SyQ/5ho1pbI
Bd1kLLdk6hDVHNmtDYrsF4kiXHP/5t3+tD9DqRUV1wa29Hj8abWBAvLEZgJc+K5J
aei8l4qksW5ounUt32XVA4gWRTI8/xKYh5WSGHogB66i8oVYJIvI/FLnHhq5wLVs
QqS2bKWVI6duN4c0o+xG9LBeDIzVBgonMcceMmPripSwxZ2Rr2JXQbj5fo7xlkpy
DgVtJVtZqLrveEc2x3aS/tNcWks/IH6Wbsve33wb+lmY65bZslWxmoPjbQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNyZFbzbA03nhRQ5NzyXrg+qbSR6MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvM0prVnZOc0RUZWVGRkRrM1BKZXVENnB0SkhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFH3ZW25zhVuPFlJEr+g
2TQVkm3RpS/2L7fp9Yp91HFRllQlsShawyRkn/2eKlaI9bkHJrdU1BQEMt2nw9YL
+uQpCsbvjdiokUmys7iDasD5OOM8wxEzysV/7bJ59peY2eT5XG5gEb9Jq2OL3AFG
lFOkmHZGpp19Ksv7usjcaTYBCnM3ud+d9EMnYIDSajANvxDUcJAmE7kuE6KwJ1+n
a2KWEEyocBX5pwnFhe8ihtmlz06y4Twxggebvn9kc+Xu8Lpmz4i5CcAdjGCzPbVE
sr56bkpkvBrJZm7x3W3/HvBT5g483ZX8egGWkm6Y5NzJeaP2Oidwj4A6BiJ7W2wV
/g4=
-----END CERTIFICATE-----