Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CJDXlSQYYg7-389m5vqagMiqA0s.roa
File:                     CJDXlSQYYg7-389m5vqagMiqA0s.roa (raw, json)
Hash identifier:          yi3nSi6dBoNeY77eMAKOBZYEtSfMnMpUAa1lcU1CkA4=
Subject key identifier:   08:90:D7:95:24:18:62:0E:FE:DF:CF:66:E6:FA:9A:80:C8:AA:03:4B
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187CF45ACD6DDA4760540666055362028E2
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CJDXlSQYYg7-389m5vqagMiqA0s.roa
Signing time:             Sat 29 Apr 2023 23:07:42 +0000
ROA not before:           Sat 29 Apr 2023 23:07:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:cf:45:ac:d6:dd:a4:76:05:40:66:60:55:36:20:28:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 29 23:07:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0890d7952418620efedfcf66e6fa9a80c8aa034b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:d4:65:cf:e3:43:38:6f:86:a2:ee:49:3f:4c:
                    2a:86:ea:73:d7:64:74:d4:69:71:bc:6c:d9:16:a4:
                    84:8b:3b:c6:f4:a3:f8:9f:ec:69:03:34:94:07:49:
                    30:d5:db:57:25:18:c2:21:1e:84:01:f2:30:6f:97:
                    44:d0:c9:33:81:30:12:cf:0d:2b:dc:61:cb:5c:f0:
                    9a:8b:aa:d5:98:d5:61:8c:41:a5:c6:92:42:65:62:
                    c6:2c:0b:fb:c0:0b:4f:de:b3:2e:c6:b3:68:be:d7:
                    43:be:d8:95:c0:b4:14:c0:4c:44:e7:44:94:6f:09:
                    61:4a:7e:26:fc:2f:6d:f5:bf:ef:69:0e:a9:5f:0a:
                    c3:b0:8a:eb:8a:16:58:1b:6b:0d:2f:4b:f9:12:ec:
                    d7:3c:26:18:2c:18:f5:ca:2a:db:5c:6f:03:21:20:
                    2d:97:2b:a2:14:c5:37:33:b1:1c:4a:23:3b:7f:a2:
                    9b:da:2e:99:fa:f1:a1:62:8b:c5:c0:32:2d:ad:d6:
                    d4:b4:13:b1:e2:a1:92:5b:cc:e6:64:99:53:05:bc:
                    87:3f:af:76:f9:d6:13:23:9d:24:12:0b:84:bf:53:
                    b4:3f:71:40:9b:db:b1:d2:3a:4e:be:45:44:ac:c1:
                    9a:c7:06:d2:45:3a:a0:8d:97:af:9e:79:cf:22:57:
                    59:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:90:D7:95:24:18:62:0E:FE:DF:CF:66:E6:FA:9A:80:C8:AA:03:4B
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CJDXlSQYYg7-389m5vqagMiqA0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         6b:95:d2:da:b5:aa:f3:8d:d7:fb:cf:07:c2:d0:9b:f9:b2:8c:
         3b:8f:8c:a3:b0:c4:a1:c7:0b:e4:ad:65:9c:61:e0:94:f3:2a:
         10:f7:00:20:12:5b:1a:2a:61:78:3f:3e:f4:4f:e1:4e:38:f6:
         dd:0e:93:fa:e8:f7:a2:52:44:20:f9:f3:11:92:54:38:31:8d:
         0a:c9:4a:2a:30:ec:97:47:34:93:af:76:64:34:25:8f:b0:72:
         85:e4:fc:80:54:dc:e8:bc:6a:67:7d:ae:3c:34:dc:0d:d1:70:
         4f:c1:24:56:66:89:ad:0c:28:1b:75:d3:24:fa:b9:d5:df:3e:
         dc:c1:83:76:70:e2:57:46:bb:73:32:ea:3c:29:0b:97:54:d4:
         bd:81:00:9b:fb:94:4d:3e:f2:69:d0:3c:0b:db:fa:14:e3:d5:
         42:08:27:9c:2d:a9:f9:eb:0c:28:8a:7c:f0:4a:ec:aa:9a:0b:
         98:63:f6:51:f6:fb:bf:b8:55:b2:16:5c:e0:24:09:54:19:1f:
         18:2d:b6:e1:96:48:2b:9d:a7:35:45:38:c4:4a:26:50:c0:c6:
         42:ef:eb:a0:9e:9b:ab:cb:2e:98:02:9f:76:f2:72:57:ff:4b:
         36:f9:a9:9f:a7:d4:52:48:88:da:40:a7:9a:1a:c3:40:dc:cf:
         82:36:d4:0c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfPRazW3aR2BUBmYFU2ICjiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDI5MjMwNzQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODkwZDc5NTI0MTg2MjBlZmVkZmNmNjZlNmZhOWE4MGM4YWEwMzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdRlz+NDOG+Gou5JP0wqhupz12R0
1GlxvGzZFqSEizvG9KP4n+xpAzSUB0kw1dtXJRjCIR6EAfIwb5dE0MkzgTASzw0r
3GHLXPCai6rVmNVhjEGlxpJCZWLGLAv7wAtP3rMuxrNovtdDvtiVwLQUwExE50SU
bwlhSn4m/C9t9b/vaQ6pXwrDsIrrihZYG2sNL0v5EuzXPCYYLBj1yirbXG8DISAt
lyuiFMU3M7EcSiM7f6Kb2i6Z+vGhYovFwDItrdbUtBOx4qGSW8zmZJlTBbyHP692
+dYTI50kEguEv1O0P3FAm9ux0jpOvkVErMGaxwbSRTqgjZevnnnPIldZIQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAiQ15UkGGIO/t/PZub6moDIqgNLMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQ0pEWGxTUVlZZzctMzg5bTV2cWFnTWlxQTBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGuV0tq1qvON1/vPB8LQ
m/myjDuPjKOwxKHHC+StZZxh4JTzKhD3ACASWxoqYXg/PvRP4U449t0Ok/ro96JS
RCD58xGSVDgxjQrJSiow7JdHNJOvdmQ0JY+wcoXk/IBU3Oi8amd9rjw03A3RcE/B
JFZmia0MKBt10yT6udXfPtzBg3Zw4ldGu3My6jwpC5dU1L2BAJv7lE0+8mnQPAvb
+hTj1UIIJ5wtqfnrDCiKfPBK7KqaC5hj9lH2+7+4VbIWXOAkCVQZHxgttuGWSCud
pzVFOMRKJlDAxkLv66Cem6vLLpgCn3byclf/Szb5qZ+n1FJIiNpAp5oaw0Dcz4I2
1Aw=
-----END CERTIFICATE-----