Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3Pou9EFq8PoKkNfkwWaVLDCrsmQ.roa
File:                     3Pou9EFq8PoKkNfkwWaVLDCrsmQ.roa (raw, json)
Hash identifier:          c4zrMCMPJ3/zjk9poD67ofa/1qepD3y+RS977WqS+Tg=
Subject key identifier:   DC:FA:2E:F4:41:6A:F0:FA:0A:90:D7:E4:C1:66:95:2C:30:AB:B2:64
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018786C358B6390D2E363AE3574397930C03
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3Pou9EFq8PoKkNfkwWaVLDCrsmQ.roa
Signing time:             Sat 15 Apr 2023 21:12:41 +0000
ROA not before:           Sat 15 Apr 2023 21:12:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:86:c3:58:b6:39:0d:2e:36:3a:e3:57:43:97:93:0c:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 15 21:12:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dcfa2ef4416af0fa0a90d7e4c166952c30abb264
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:7b:ca:19:95:61:7b:11:07:49:6f:ea:90:30:
                    e0:51:3f:e6:7b:91:67:30:45:42:2f:2b:f6:22:6e:
                    2a:cf:ee:54:b0:69:2d:fc:15:6d:4f:93:90:88:18:
                    3e:26:fb:6b:f3:b5:4b:00:69:fc:19:d0:ee:3f:4a:
                    34:4b:6b:a5:90:f2:52:d3:1a:7f:66:65:3b:3b:8c:
                    ae:54:14:76:05:3a:f3:0d:2a:fa:d9:6f:52:30:f3:
                    65:11:4b:65:52:a7:55:57:18:f6:5b:eb:4d:d9:c3:
                    61:65:d6:a5:d8:9a:68:4f:75:95:19:0d:85:ca:92:
                    e8:5d:45:ea:7e:97:f4:c8:20:66:a3:e0:1a:43:1e:
                    61:cf:9b:67:80:62:e5:0a:8a:fc:c3:3e:4f:b1:b4:
                    75:8f:32:8f:b4:83:4c:c4:30:ca:77:ba:58:2f:dc:
                    b0:4c:0c:52:17:72:2d:76:8d:7c:22:ef:bf:37:64:
                    b9:76:a9:43:40:a2:cf:af:51:87:d9:f8:eb:17:8c:
                    01:f5:a8:04:67:f0:4a:78:c5:66:ff:95:05:e1:d7:
                    0a:2c:86:e9:82:27:95:2c:b1:84:e0:e5:05:ad:cb:
                    5f:ec:93:ac:b9:dc:61:dd:87:a9:44:f7:12:9f:2d:
                    67:f8:92:18:eb:e9:15:e1:29:04:65:da:5d:3a:b6:
                    9a:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:FA:2E:F4:41:6A:F0:FA:0A:90:D7:E4:C1:66:95:2C:30:AB:B2:64
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3Pou9EFq8PoKkNfkwWaVLDCrsmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:f0:e5:eb:61:87:cc:c5:c0:31:b3:be:a6:c2:2c:90:e5:c7:
         ab:09:d9:6f:b5:53:3a:bd:0f:7f:1c:66:dc:69:d2:c4:ac:85:
         04:a5:12:c1:9c:eb:a7:2d:d3:2c:54:69:7a:c0:f4:0b:9b:51:
         8c:27:fe:a7:06:1e:2e:18:61:58:62:8e:bf:df:aa:4d:13:3a:
         bc:70:4d:44:b6:b9:fc:de:31:41:dd:3b:de:4c:cf:52:a5:3f:
         95:91:55:c0:2d:96:98:50:35:9b:b0:e8:a8:6b:b3:a2:82:28:
         b3:ee:c0:8b:b3:bb:5f:af:4b:da:bd:88:a7:f1:38:d0:d6:4a:
         c0:f8:37:09:9b:8d:26:c1:59:a9:fa:41:39:7a:88:1e:73:92:
         8e:29:6f:63:14:0e:19:b9:23:b8:a1:49:36:fa:96:4b:6b:4a:
         54:c2:22:72:31:ac:33:86:2f:dc:2a:cc:aa:d5:d1:23:2c:9a:
         94:1f:20:9f:f1:95:55:0d:28:f3:16:52:10:ce:21:a0:50:12:
         48:c7:cb:9f:a2:37:ca:e2:a6:6f:38:99:90:f2:17:4f:f9:f6:
         72:83:dc:5a:c1:a4:86:15:a3:7e:09:8a:14:fb:0b:47:c3:b7:
         f3:96:c1:41:62:9d:31:e6:d6:f7:55:cb:47:db:5e:49:2e:54:
         f1:68:84:a5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYeGw1i2OQ0uNjrjV0OXkwwDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDE1MjExMjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2ZhMmVmNDQxNmFmMGZhMGE5MGQ3ZTRjMTY2OTUyYzMwYWJiMjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi3vKGZVhexEHSW/qkDDgUT/me5Fn
MEVCLyv2Im4qz+5UsGkt/BVtT5OQiBg+Jvtr87VLAGn8GdDuP0o0S2ulkPJS0xp/
ZmU7O4yuVBR2BTrzDSr62W9SMPNlEUtlUqdVVxj2W+tN2cNhZdal2JpoT3WVGQ2F
ypLoXUXqfpf0yCBmo+AaQx5hz5tngGLlCor8wz5PsbR1jzKPtINMxDDKd7pYL9yw
TAxSF3Itdo18Iu+/N2S5dqlDQKLPr1GH2fjrF4wB9agEZ/BKeMVm/5UF4dcKLIbp
gieVLLGE4OUFrctf7JOsudxh3YepRPcSny1n+JIY6+kV4SkEZdpdOraa7QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNz6LvRBavD6CpDX5MFmlSwwq7JkMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvM1BvdTlFRnE4UG9La05ma3dXYVZMRENyc21RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAArw5ethh8zFwDGzvqbC
LJDlx6sJ2W+1Uzq9D38cZtxp0sSshQSlEsGc66ct0yxUaXrA9AubUYwn/qcGHi4Y
YVhijr/fqk0TOrxwTUS2ufzeMUHdO95Mz1KlP5WRVcAtlphQNZuw6Khrs6KCKLPu
wIuzu1+vS9q9iKfxONDWSsD4NwmbjSbBWan6QTl6iB5zko4pb2MUDhm5I7ihSTb6
lktrSlTCInIxrDOGL9wqzKrV0SMsmpQfIJ/xlVUNKPMWUhDOIaBQEkjHy5+iN8ri
pm84mZDyF0/59nKD3FrBpIYVo34JihT7C0fDt/OWwUFinTHm1vdVy0fbXkkuVPFo
hKU=
-----END CERTIFICATE-----