Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/9K7QrQ86HGCcIYtrlo6WGihkVks.roa
File:                     9K7QrQ86HGCcIYtrlo6WGihkVks.roa (raw, json)
Hash identifier:          3+L9NolqwqVo4Cr8qBCR0mppCatt6B6rrd9ClsBGl10=
Subject key identifier:   F4:AE:D0:AD:0F:3A:1C:60:9C:21:8B:6B:96:8E:96:1A:28:64:56:4B
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187AF876FCBA34B87CB41AA2047C09E663F
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/9K7QrQ86HGCcIYtrlo6WGihkVks.roa
Signing time:             Sun 23 Apr 2023 19:11:41 +0000
ROA not before:           Sun 23 Apr 2023 19:11:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:af:87:6f:cb:a3:4b:87:cb:41:aa:20:47:c0:9e:66:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 23 19:11:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f4aed0ad0f3a1c609c218b6b968e961a2864564b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:f3:89:f2:d2:89:97:03:55:b6:34:6f:43:eb:
                    5f:56:c5:ea:a8:ac:3e:de:80:1c:64:e6:7c:75:35:
                    d4:fc:54:c8:89:bc:2b:45:52:0d:56:0f:c3:32:b4:
                    f4:5d:38:76:c6:e2:28:2a:13:1d:09:39:af:2b:48:
                    18:e5:c7:63:fe:ec:ea:bd:d5:36:fb:85:ac:bd:ea:
                    75:5a:df:f0:8c:40:01:2a:99:18:4d:59:95:1a:ad:
                    58:b1:bf:e5:d7:6f:61:fc:20:7d:94:64:fc:b3:84:
                    88:cc:c2:31:30:1b:4e:4b:6e:fd:9c:db:fb:d5:e7:
                    61:3a:02:d5:ae:9e:67:61:a2:5a:fc:d3:31:73:3d:
                    5b:4e:e4:96:65:4b:29:c5:4a:eb:4c:f2:9a:54:1a:
                    09:aa:41:bb:0c:43:61:c9:a4:54:0a:58:0d:c1:6c:
                    48:53:fc:9e:4a:6a:e9:f1:6e:3a:b2:16:2f:ec:cc:
                    2d:f0:d4:a9:c8:30:f0:77:80:5f:c8:8b:6f:27:aa:
                    1b:32:d7:9b:fa:16:60:2f:a5:26:3a:92:5e:5b:78:
                    4b:e5:01:d0:98:2e:6a:27:ef:d9:fd:d4:e0:1c:76:
                    82:b7:33:a7:3c:ea:af:b7:39:53:c0:27:72:5a:60:
                    e1:ff:a7:d2:cc:e0:5d:42:e8:dc:7b:bb:30:b1:07:
                    76:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:AE:D0:AD:0F:3A:1C:60:9C:21:8B:6B:96:8E:96:1A:28:64:56:4B
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/9K7QrQ86HGCcIYtrlo6WGihkVks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         26:73:3f:f4:db:f5:7d:66:31:73:af:01:ac:60:8e:d7:8e:0d:
         60:66:db:a4:47:72:f8:e4:6e:c6:b0:b4:28:f4:c1:10:d0:eb:
         76:e0:48:81:f0:5c:25:ee:dd:0b:1a:4b:ce:d9:f2:05:b7:10:
         4d:36:04:b9:d1:73:58:41:0e:24:43:17:33:fe:e9:96:e6:15:
         46:96:5f:b0:d4:a7:d2:cc:2a:3c:f8:d5:85:3c:b3:80:2e:3d:
         6e:ae:11:92:b5:28:34:d9:5d:8e:b6:fc:cd:b9:38:d3:82:0f:
         26:a9:5e:db:cd:24:a7:d5:10:e2:63:c8:e2:b0:82:1b:e1:cc:
         b0:20:b3:a4:a6:24:40:ef:f1:8d:71:25:18:de:d4:d3:ae:d1:
         97:38:c5:46:7e:21:80:4a:02:53:bc:d5:16:30:73:39:1f:26:
         72:23:03:d2:e7:39:a8:f2:9c:1c:60:96:1c:2a:bc:b8:de:a9:
         6a:b8:ca:32:f1:d8:3d:35:4a:be:b7:1f:53:83:73:1e:e7:03:
         15:ca:16:fd:6b:7a:fe:0e:f5:48:9b:a7:94:d1:e6:6e:9b:45:
         ce:1b:9d:94:d0:c0:98:b8:2f:9b:38:30:2a:85:fe:41:4f:07:
         11:4e:c4:89:82:cf:84:ae:57:a7:1a:55:86:d8:38:78:08:7a:
         d5:b8:fe:5e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYevh2/Lo0uHy0GqIEfAnmY/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDIzMTkxMTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGFlZDBhZDBmM2ExYzYwOWMyMThiNmI5NjhlOTYxYTI4NjQ1NjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/OJ8tKJlwNVtjRvQ+tfVsXqqKw+
3oAcZOZ8dTXU/FTIibwrRVINVg/DMrT0XTh2xuIoKhMdCTmvK0gY5cdj/uzqvdU2
+4Wsvep1Wt/wjEABKpkYTVmVGq1Ysb/l129h/CB9lGT8s4SIzMIxMBtOS279nNv7
1edhOgLVrp5nYaJa/NMxcz1bTuSWZUspxUrrTPKaVBoJqkG7DENhyaRUClgNwWxI
U/yeSmrp8W46shYv7Mwt8NSpyDDwd4BfyItvJ6obMteb+hZgL6UmOpJeW3hL5QHQ
mC5qJ+/Z/dTgHHaCtzOnPOqvtzlTwCdyWmDh/6fSzOBdQujce7swsQd2awIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPSu0K0POhxgnCGLa5aOlhooZFZLMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvOUs3UXJRODZIR0NjSVl0cmxvNldHaWhrVmtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACZzP/Tb9X1mMXOvAaxg
jteODWBm26RHcvjkbsawtCj0wRDQ63bgSIHwXCXu3QsaS87Z8gW3EE02BLnRc1hB
DiRDFzP+6ZbmFUaWX7DUp9LMKjz41YU8s4AuPW6uEZK1KDTZXY62/M25ONOCDyap
XtvNJKfVEOJjyOKwghvhzLAgs6SmJEDv8Y1xJRje1NOu0Zc4xUZ+IYBKAlO81RYw
czkfJnIjA9LnOajynBxglhwqvLjeqWq4yjLx2D01Sr63H1ODcx7nAxXKFv1rev4O
9Uibp5TR5m6bRc4bnZTQwJi4L5s4MCqF/kFPBxFOxImCz4SuV6caVYbYOHgIetW4
/l4=
-----END CERTIFICATE-----