Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/BJsDFs07yFWJoVla_P6h_2LfC9w.roa
File:                     BJsDFs07yFWJoVla_P6h_2LfC9w.roa (raw, json)
Hash identifier:          /LuBPE8a+x3GLMKAbpC65g5QGgHnsXo4nSOigPCo4lE=
Subject key identifier:   04:9B:03:16:CD:3B:C8:55:89:A1:59:5A:FC:FE:A1:FF:62:DF:0B:DC
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187529D534DFA60BD5A401363CE2831A2BA
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/BJsDFs07yFWJoVla_P6h_2LfC9w.roa
Signing time:             Wed 05 Apr 2023 18:10:54 +0000
ROA not before:           Wed 05 Apr 2023 18:10:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:52:9d:53:4d:fa:60:bd:5a:40:13:63:ce:28:31:a2:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  5 18:10:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=049b0316cd3bc85589a1595afcfea1ff62df0bdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:60:94:0f:74:c8:89:ea:09:6a:af:5e:08:dd:
                    63:45:28:3d:9c:b1:2b:05:7b:5f:63:61:1c:4b:61:
                    76:e0:99:46:fe:19:74:fc:be:91:7e:bf:5b:0e:ff:
                    2f:ef:93:ce:1b:f7:a9:f3:9a:38:82:6c:ac:9e:7d:
                    8f:1b:93:a5:5e:47:fc:22:96:ba:9a:8e:7d:9d:6a:
                    f9:b1:89:9e:27:86:61:42:ae:c9:70:f5:15:80:73:
                    18:a9:8b:9d:42:2e:af:5a:9f:54:20:1c:57:7e:ae:
                    d9:09:10:51:87:77:21:67:fb:9b:eb:46:8f:a6:27:
                    f5:7b:5e:9e:b9:af:61:03:4e:1a:6f:46:e2:20:fe:
                    85:01:76:9d:2a:23:5d:3b:fa:b7:3a:39:e9:50:ba:
                    d3:f8:43:c8:e1:51:a1:ad:31:7b:32:d1:88:c1:aa:
                    3b:55:82:21:8b:d4:49:86:d6:a8:d1:81:67:08:52:
                    42:79:7b:1e:07:89:45:bf:b8:87:24:e1:a3:24:43:
                    42:8c:46:ed:2e:6b:0e:66:31:52:90:c2:0b:1a:68:
                    a2:48:7c:06:4e:0e:e7:06:93:ad:6a:d8:f1:d0:86:
                    76:3d:45:3d:13:6c:fd:88:f6:c1:23:90:64:d9:01:
                    78:5d:36:9e:bc:63:47:d1:ea:88:d5:a2:14:2a:97:
                    cf:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:9B:03:16:CD:3B:C8:55:89:A1:59:5A:FC:FE:A1:FF:62:DF:0B:DC
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/BJsDFs07yFWJoVla_P6h_2LfC9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         79:a3:17:45:cd:ce:11:fc:6d:c7:c2:f0:a6:16:c0:33:df:72:
         fc:ed:cc:14:0a:40:98:51:69:33:8f:2e:af:7e:31:6e:c2:1e:
         d9:65:49:38:dd:8e:5b:ce:28:9b:ed:b1:6a:17:cd:aa:73:8f:
         36:31:bc:7d:e7:28:08:02:59:ee:fa:9f:63:57:79:ac:a2:f8:
         47:b8:79:9a:eb:81:ad:89:b8:19:06:e9:26:83:a1:0c:58:be:
         5b:7e:81:16:be:db:01:76:e7:cc:9e:4d:7d:91:b0:83:c1:6e:
         07:15:6e:55:fb:54:3b:c3:c2:f8:01:7b:73:9f:c4:f3:dc:58:
         3d:48:f3:73:d3:4c:71:c2:6d:2d:28:a2:f4:86:c7:f5:52:4a:
         69:84:fa:6c:08:d6:7a:88:3b:06:60:64:3a:03:ec:4e:d6:1d:
         01:59:c0:61:7e:35:16:96:07:74:bf:b9:39:f6:b4:92:a1:5d:
         3a:53:e1:7d:0d:8a:49:49:c0:4a:b1:70:5b:d2:c1:7f:27:32:
         a6:03:de:8b:0d:ba:1b:d5:71:f7:0b:04:81:f9:71:79:6d:75:
         a8:ea:c4:9f:48:ec:e5:99:eb:ac:40:1a:c6:31:eb:f3:d8:ae:
         a2:97:b1:f5:1f:d2:c9:30:f9:83:4b:f1:2e:d9:8e:f3:61:e4:
         88:f4:d2:61
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdSnVNN+mC9WkATY84oMaK6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDA1MTgxMDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDliMDMxNmNkM2JjODU1ODlhMTU5NWFmY2ZlYTFmZjYyZGYwYmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWCUD3TIieoJaq9eCN1jRSg9nLEr
BXtfY2EcS2F24JlG/hl0/L6Rfr9bDv8v75POG/ep85o4gmysnn2PG5OlXkf8Ipa6
mo59nWr5sYmeJ4ZhQq7JcPUVgHMYqYudQi6vWp9UIBxXfq7ZCRBRh3chZ/ub60aP
pif1e16eua9hA04ab0biIP6FAXadKiNdO/q3OjnpULrT+EPI4VGhrTF7MtGIwao7
VYIhi9RJhtao0YFnCFJCeXseB4lFv7iHJOGjJENCjEbtLmsOZjFSkMILGmiiSHwG
Tg7nBpOtatjx0IZ2PUU9E2z9iPbBI5Bk2QF4XTaevGNH0eqI1aIUKpfPPwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFASbAxbNO8hViaFZWvz+of9i3wvcMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQkpzREZzMDd5RldKb1ZsYV9QNmhfMkxmQzl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHmjF0XNzhH8bcfC8KYW
wDPfcvztzBQKQJhRaTOPLq9+MW7CHtllSTjdjlvOKJvtsWoXzapzjzYxvH3nKAgC
We76n2NXeayi+Ee4eZrrga2JuBkG6SaDoQxYvlt+gRa+2wF258yeTX2RsIPBbgcV
blX7VDvDwvgBe3OfxPPcWD1I83PTTHHCbS0oovSGx/VSSmmE+mwI1nqIOwZgZDoD
7E7WHQFZwGF+NRaWB3S/uTn2tJKhXTpT4X0NiklJwEqxcFvSwX8nMqYD3osNuhvV
cfcLBIH5cXltdajqxJ9I7OWZ66xAGsYx6/PYrqKXsfUf0skw+YNL8S7ZjvNh5Ij0
0mE=
-----END CERTIFICATE-----