Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/8fkaMepF2AhwsArFhLV6ALPn1T0.roa
File:                     8fkaMepF2AhwsArFhLV6ALPn1T0.roa (raw, json)
Hash identifier:          6mdxyE1ZsRsxDPRztLXyeEk1R/q25dAcV/3NuHD6JDE=
Subject key identifier:   F1:F9:1A:31:EA:45:D8:08:70:B0:0A:C5:84:B5:7A:00:B3:E7:D5:3D
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187F49961E5DE260B2596EE57771EE0BC29
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/8fkaMepF2AhwsArFhLV6ALPn1T0.roa
Signing time:             Sun 07 May 2023 05:05:05 +0000
ROA not before:           Sun 07 May 2023 05:05:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:187:f498:785c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:f4:99:61:e5:de:26:0b:25:96:ee:57:77:1e:e0:bc:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  7 05:05:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f1f91a31ea45d80870b00ac584b57a00b3e7d53d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:bc:36:ec:d5:b8:28:cd:ca:8e:01:7b:1c:33:
                    3b:9d:ef:c3:2a:cc:b6:92:a9:59:71:5f:2d:08:bf:
                    fc:1e:ed:70:85:26:31:5d:30:17:99:05:b4:92:9f:
                    71:fb:f1:e3:a5:85:6f:bf:09:b5:ba:aa:69:aa:62:
                    8a:3b:97:67:5a:66:cb:d3:3f:f8:68:0a:36:7d:7b:
                    5f:8c:c6:d0:ef:2b:d3:3c:32:aa:9f:20:ff:6b:f8:
                    34:5a:ac:07:77:cd:40:75:24:dc:ac:fa:a3:83:b2:
                    31:c4:5d:d4:40:7c:ac:23:37:a0:3a:b5:20:bb:f9:
                    c1:54:82:19:12:40:c9:2a:f9:f8:ae:1c:5e:6a:d0:
                    02:47:77:9b:52:c6:1b:12:99:47:d2:8f:a2:23:66:
                    37:fc:49:b2:67:ca:7d:c6:99:05:e4:a7:16:a9:95:
                    5a:1f:ab:6a:1d:8b:39:e7:02:f2:11:44:6b:2a:0d:
                    76:d5:c7:fb:61:ef:80:62:2f:f6:38:d8:11:99:72:
                    fa:98:3b:ee:5d:71:c4:40:9c:51:44:c9:ab:ce:22:
                    36:9b:13:62:a0:19:6d:40:be:81:6a:84:0a:6f:a9:
                    2e:e5:c1:1f:34:bf:42:43:79:6a:da:31:c7:61:21:
                    3e:2d:4f:2d:c5:30:63:1b:a7:0a:56:7b:2e:21:08:
                    5b:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:F9:1A:31:EA:45:D8:08:70:B0:0A:C5:84:B5:7A:00:B3:E7:D5:3D
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/8fkaMepF2AhwsArFhLV6ALPn1T0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         b5:21:8b:33:73:f7:2d:31:2a:28:29:4d:c3:e8:90:ea:9a:c7:
         df:03:17:9d:56:d5:64:7e:96:df:37:ca:98:66:21:49:13:50:
         c9:02:73:d3:44:67:19:c6:be:48:4d:11:67:ce:f6:72:88:6a:
         ad:9f:8e:c5:7d:5e:c6:8e:6a:32:58:6e:51:dc:15:45:a0:d1:
         bc:ad:61:78:14:d9:53:72:7c:be:48:2d:2c:b2:1a:7b:0b:7e:
         40:64:1e:f2:63:26:99:c1:5c:c3:86:bc:6c:70:97:13:ba:c4:
         b9:1c:45:2d:97:e1:be:48:a4:fe:5c:ca:9f:a1:57:67:dc:16:
         6d:f2:96:d5:b9:94:4a:a8:52:88:fc:20:3f:26:44:f5:77:59:
         d8:3c:e0:fc:21:a3:97:2f:d6:c9:78:14:55:6e:a4:54:22:00:
         6a:03:6c:53:44:0c:3b:fd:36:38:e8:7c:77:96:b7:a7:65:b1:
         e0:4f:ce:52:8b:cf:2b:26:74:6a:5b:0e:b0:4a:85:81:bb:7c:
         80:77:0d:9b:9c:90:07:af:9f:d9:f5:2c:9b:b0:af:b9:19:34:
         22:da:46:ff:31:58:79:1d:d3:1d:0a:37:2c:56:37:18:51:f0:
         59:9e:9a:fd:5f:db:22:9f:c3:0e:13:0e:59:05:a8:5f:69:d8:
         0d:f6:1c:32
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYf0mWHl3iYLJZbuV3ce4LwpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA3MDUwNTA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWY5MWEzMWVhNDVkODA4NzBiMDBhYzU4NGI1N2EwMGIzZTdkNTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbw27NW4KM3KjgF7HDM7ne/DKsy2
kqlZcV8tCL/8Hu1whSYxXTAXmQW0kp9x+/HjpYVvvwm1uqppqmKKO5dnWmbL0z/4
aAo2fXtfjMbQ7yvTPDKqnyD/a/g0WqwHd81AdSTcrPqjg7IxxF3UQHysIzegOrUg
u/nBVIIZEkDJKvn4rhxeatACR3ebUsYbEplH0o+iI2Y3/EmyZ8p9xpkF5KcWqZVa
H6tqHYs55wLyEURrKg121cf7Ye+AYi/2ONgRmXL6mDvuXXHEQJxRRMmrziI2mxNi
oBltQL6BaoQKb6ku5cEfNL9CQ3lq2jHHYSE+LU8txTBjG6cKVnsuIQhb8wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPH5GjHqRdgIcLAKxYS1egCz59U9MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvOGZrYU1lcEYyQWh3c0FyRmhMVjZBTFBuMVQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBALUhizNz9y0xKigpTcPo
kOqax98DF51W1WR+lt83yphmIUkTUMkCc9NEZxnGvkhNEWfO9nKIaq2fjsV9XsaO
ajJYblHcFUWg0bytYXgU2VNyfL5ILSyyGnsLfkBkHvJjJpnBXMOGvGxwlxO6xLkc
RS2X4b5IpP5cyp+hV2fcFm3yltW5lEqoUoj8ID8mRPV3Wdg84Pwho5cv1sl4FFVu
pFQiAGoDbFNEDDv9NjjofHeWt6dlseBPzlKLzysmdGpbDrBKhYG7fIB3DZuckAev
n9n1LJuwr7kZNCLaRv8xWHkd0x0KNyxWNxhR8Fmemv1f2yKfww4TDlkFqF9p2A32
HDI=
-----END CERTIFICATE-----