Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/4BBhHYwjYRWaC1hX3Uw1rTpgyRg.roa
File:                     4BBhHYwjYRWaC1hX3Uw1rTpgyRg.roa (raw, json)
Hash identifier:          54e/+SrI//VfZ96VAih4xLRsHOTU+hPCuiDVv5EkMMg=
Subject key identifier:   E0:10:61:1D:8C:23:61:15:9A:0B:58:57:DD:4C:35:AD:3A:60:C9:18
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018850063896ABAD212753B377A7926BA213
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/4BBhHYwjYRWaC1hX3Uw1rTpgyRg.roa
Signing time:             Wed 24 May 2023 23:09:24 +0000
ROA not before:           Wed 24 May 2023 23:09:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:50:06:38:96:ab:ad:21:27:53:b3:77:a7:92:6b:a2:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 24 23:09:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e010611d8c2361159a0b5857dd4c35ad3a60c918
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:b0:38:ac:35:f8:6b:e5:84:6c:cf:47:c7:00:
                    5d:6a:24:8e:56:27:88:0b:81:82:cf:dc:80:ce:d9:
                    51:43:2f:1f:20:2c:f0:b7:42:68:ab:14:e0:eb:4b:
                    ca:ae:bc:b3:6f:d4:0c:92:12:df:59:8f:bf:de:46:
                    4d:dc:d3:6a:58:e4:31:91:d5:15:bf:ec:72:69:b6:
                    26:1c:01:23:db:05:4b:86:1d:96:16:9f:54:44:91:
                    ff:08:67:0f:cf:df:d8:f1:05:24:a4:d5:e9:b2:3e:
                    a4:dc:60:33:67:d4:33:93:0a:4f:f4:eb:bf:dd:4a:
                    dd:5b:e3:ef:0d:68:12:b8:3a:fb:55:82:d5:29:c7:
                    ef:a0:77:54:1f:d4:22:c5:67:70:2b:35:e6:dd:4d:
                    27:46:41:bd:3d:70:02:6f:13:84:86:83:34:6b:ff:
                    29:36:ef:64:01:ed:57:08:8d:9b:d5:a0:51:31:10:
                    1f:64:88:85:a0:08:64:9e:f1:a1:8e:26:9e:ca:1f:
                    9c:55:c3:85:0a:6a:60:5f:c8:45:9b:e0:5a:c2:81:
                    a0:43:85:4b:f7:c8:2b:3f:bb:07:be:89:d1:96:1c:
                    8c:70:25:d7:63:01:05:9e:b2:1f:94:00:17:5a:d1:
                    8c:7f:6d:f8:7e:34:6b:aa:5b:25:c3:3a:ff:b3:d7:
                    8c:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:10:61:1D:8C:23:61:15:9A:0B:58:57:DD:4C:35:AD:3A:60:C9:18
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/4BBhHYwjYRWaC1hX3Uw1rTpgyRg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         34:b5:6e:35:8b:19:7f:c9:00:a6:6e:09:90:e5:8b:42:9d:e1:
         66:55:06:5a:f9:6e:2b:b8:f3:d5:92:51:08:37:6a:ff:47:14:
         8e:7e:1b:be:c9:c2:32:92:66:c2:56:1c:32:ff:75:be:db:a2:
         ba:12:bb:0a:34:10:e2:92:7a:42:6c:2e:0a:83:30:fd:76:21:
         d9:37:71:60:5c:b2:9c:9f:7b:bd:91:8c:5d:60:bd:03:65:22:
         07:e8:74:de:2e:c3:6d:11:1d:a4:66:1a:6a:33:56:a1:2c:b2:
         47:9a:43:6e:03:78:17:b7:dd:26:c9:65:52:6d:9f:f3:c8:45:
         ea:00:5f:50:be:2e:d4:b9:1d:04:be:af:a2:18:ca:28:9a:0e:
         d6:89:21:9a:f5:60:0d:c4:1b:3f:bb:6e:70:67:d2:5b:0a:7d:
         0b:3e:4b:12:07:e8:70:2f:bf:08:cd:a5:1d:d1:b0:5e:d4:03:
         d8:5e:30:09:20:e4:f4:4e:fb:70:37:c0:15:3e:ea:51:d1:d5:
         aa:9a:bd:35:bb:56:6f:b8:25:35:09:b8:6c:0d:59:87:41:fb:
         f6:04:f9:24:51:25:42:f2:74:b8:17:24:59:fa:a1:3b:c7:d8:
         67:59:6c:f0:cb:42:70:60:74:84:f2:b6:ef:a9:62:58:f9:a6:
         76:67:63:55
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhQBjiWq60hJ1Ozd6eSa6ITMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTI0MjMwOTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDEwNjExZDhjMjM2MTE1OWEwYjU4NTdkZDRjMzVhZDNhNjBjOTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhbA4rDX4a+WEbM9HxwBdaiSOVieI
C4GCz9yAztlRQy8fICzwt0JoqxTg60vKrryzb9QMkhLfWY+/3kZN3NNqWOQxkdUV
v+xyabYmHAEj2wVLhh2WFp9URJH/CGcPz9/Y8QUkpNXpsj6k3GAzZ9QzkwpP9Ou/
3UrdW+PvDWgSuDr7VYLVKcfvoHdUH9QixWdwKzXm3U0nRkG9PXACbxOEhoM0a/8p
Nu9kAe1XCI2b1aBRMRAfZIiFoAhknvGhjiaeyh+cVcOFCmpgX8hFm+BawoGgQ4VL
98grP7sHvonRlhyMcCXXYwEFnrIflAAXWtGMf234fjRrqlslwzr/s9eMLQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOAQYR2MI2EVmgtYV91MNa06YMkYMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNEJCaEhZd2pZUldhQzFoWDNVdzFyVHBneVJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADS1bjWLGX/JAKZuCZDl
i0Kd4WZVBlr5biu489WSUQg3av9HFI5+G77JwjKSZsJWHDL/db7boroSuwo0EOKS
ekJsLgqDMP12Idk3cWBcspyfe72RjF1gvQNlIgfodN4uw20RHaRmGmozVqEsskea
Q24DeBe33SbJZVJtn/PIReoAX1C+LtS5HQS+r6IYyiiaDtaJIZr1YA3EGz+7bnBn
0lsKfQs+SxIH6HAvvwjNpR3RsF7UA9heMAkg5PRO+3A3wBU+6lHR1aqavTW7Vm+4
JTUJuGwNWYdB+/YE+SRRJULydLgXJFn6oTvH2GdZbPDLQnBgdITytu+pYlj5pnZn
Y1U=
-----END CERTIFICATE-----