Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/A-WkdDmLFxbP46Bjw8bEdHsQvbQ.roa
File:                     A-WkdDmLFxbP46Bjw8bEdHsQvbQ.roa (raw, json)
Hash identifier:          AWUzfhguDORqRIAtHBC2DfHsBB16dQTHSPYIHP0tDac=
Subject key identifier:   03:E5:A4:74:39:8B:17:16:CF:E3:A0:63:C3:C6:C4:74:7B:10:BD:B4
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187A915A8DF43339777750C98C3B20EC682
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/A-WkdDmLFxbP46Bjw8bEdHsQvbQ.roa
Signing time:             Sat 22 Apr 2023 13:09:41 +0000
ROA not before:           Sat 22 Apr 2023 13:09:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:a9:15:a8:df:43:33:97:77:75:0c:98:c3:b2:0e:c6:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 22 13:09:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=03e5a474398b1716cfe3a063c3c6c4747b10bdb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ac:cc:bd:7e:71:85:84:40:56:1b:7d:4e:f0:
                    c8:0b:c1:1c:21:77:01:cf:0e:a3:36:9c:cb:da:10:
                    ff:2e:89:cd:20:d5:04:fa:c3:e8:77:f4:4b:f5:de:
                    83:61:4e:88:e9:09:cf:d1:5b:ea:0a:c1:70:e6:97:
                    2f:83:fa:b8:f9:e2:5e:2e:27:d2:76:dc:7f:43:7b:
                    ae:3b:76:be:b8:67:ec:75:0e:10:0f:e8:19:4e:71:
                    3f:d9:60:bd:79:e3:1a:2c:a3:4e:97:cd:f4:97:4b:
                    53:e9:a6:aa:f5:11:f6:95:85:34:d3:6a:63:74:5c:
                    70:3e:9a:8d:4a:11:d0:6b:bd:99:25:6b:fe:e1:42:
                    7b:08:07:00:da:c9:c6:0f:60:1a:17:54:86:c3:e1:
                    50:8b:8e:fc:f4:c6:ae:f4:61:53:eb:f2:3c:7f:45:
                    0e:4d:4b:32:73:26:a0:90:3b:e1:18:c2:ef:b4:0d:
                    bb:2d:12:21:31:97:22:df:8a:4e:c1:07:f4:c3:ef:
                    09:58:7e:77:7a:37:70:55:e3:67:c5:cb:3c:35:b8:
                    8e:47:de:5e:6d:26:9c:1f:3c:10:d1:f6:7d:3c:7a:
                    a6:31:43:6a:05:54:58:ef:ce:9a:7d:1a:7e:62:4c:
                    f8:75:de:bc:27:17:a8:dd:98:4d:6a:60:ec:83:6f:
                    70:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:E5:A4:74:39:8B:17:16:CF:E3:A0:63:C3:C6:C4:74:7B:10:BD:B4
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/A-WkdDmLFxbP46Bjw8bEdHsQvbQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         1b:9b:22:87:06:61:64:fd:8d:5d:f3:b3:bf:39:5d:74:3d:c7:
         f6:1a:8a:39:d7:86:df:08:6a:44:0b:f7:6f:6b:95:d7:da:58:
         5e:1b:7b:39:d0:47:9c:ce:01:39:3a:a4:62:8a:36:a6:cb:5f:
         bf:56:2a:76:21:b7:bc:e4:97:75:86:64:a0:de:aa:51:59:21:
         77:ff:4e:eb:67:a1:a6:3d:b1:11:ab:05:c3:59:40:9a:28:74:
         4f:24:8c:c3:1b:26:bf:b6:79:a6:93:51:27:ec:f7:d5:e7:2b:
         2a:60:2c:f2:1e:d1:e8:13:c6:da:6a:cf:a3:64:84:2b:55:ce:
         1c:d8:37:79:ac:5f:fd:f2:3e:6e:4f:eb:1a:bc:cd:f0:39:06:
         89:80:92:7d:b6:f3:68:9e:e0:95:4a:01:93:a8:ae:bc:b4:46:
         41:70:5a:33:fc:e6:9c:60:fd:d0:6c:f1:3b:d2:26:4c:0a:f5:
         93:49:02:42:f9:5a:97:93:94:7d:23:a7:59:33:8f:d2:e1:7a:
         3b:37:d2:e7:c3:b0:6e:7c:17:c5:6f:9c:d0:28:9a:54:f0:4d:
         45:03:17:9c:8e:28:06:bb:40:24:9d:05:f3:22:a5:db:a3:2d:
         81:11:26:3c:92:39:ec:e3:b6:4c:e0:1a:7a:88:84:be:74:bd:
         d6:5f:9d:54
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYepFajfQzOXd3UMmMOyDsaCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDIyMTMwOTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2U1YTQ3NDM5OGIxNzE2Y2ZlM2EwNjNjM2M2YzQ3NDdiMTBiZGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6zMvX5xhYRAVht9TvDIC8EcIXcB
zw6jNpzL2hD/LonNINUE+sPod/RL9d6DYU6I6QnP0VvqCsFw5pcvg/q4+eJeLifS
dtx/Q3uuO3a+uGfsdQ4QD+gZTnE/2WC9eeMaLKNOl830l0tT6aaq9RH2lYU002pj
dFxwPpqNShHQa72ZJWv+4UJ7CAcA2snGD2AaF1SGw+FQi4789Mau9GFT6/I8f0UO
TUsycyagkDvhGMLvtA27LRIhMZci34pOwQf0w+8JWH53ejdwVeNnxcs8NbiOR95e
bSacHzwQ0fZ9PHqmMUNqBVRY786afRp+Ykz4dd68Jxeo3ZhNamDsg29w6QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAPlpHQ5ixcWz+OgY8PGxHR7EL20MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQS1Xa2REbUxGeGJQNDZCanc4YkVkSHNRdmJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABubIocGYWT9jV3zs785
XXQ9x/YaijnXht8IakQL929rldfaWF4beznQR5zOATk6pGKKNqbLX79WKnYht7zk
l3WGZKDeqlFZIXf/TutnoaY9sRGrBcNZQJoodE8kjMMbJr+2eaaTUSfs99XnKypg
LPIe0egTxtpqz6NkhCtVzhzYN3msX/3yPm5P6xq8zfA5BomAkn2282ie4JVKAZOo
rry0RkFwWjP85pxg/dBs8TvSJkwK9ZNJAkL5WpeTlH0jp1kzj9Lhejs30ufDsG58
F8VvnNAomlTwTUUDF5yOKAa7QCSdBfMipdujLYERJjySOezjtkzgGnqIhL50vdZf
nVQ=
-----END CERTIFICATE-----