Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CNRsvXRCyOBu7nwunDJbqpmE0rA.roa
File:                     CNRsvXRCyOBu7nwunDJbqpmE0rA.roa (raw, json)
Hash identifier:          9ALGYQXQh2APdkUbsPL599lydX0P/01P4oaBZR2ZzrQ=
Subject key identifier:   08:D4:6C:BD:74:42:C8:E0:6E:EE:7C:2E:9C:32:5B:AA:99:84:D2:B0
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187578BA5C0136D0304FCE3484067871E3A
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CNRsvXRCyOBu7nwunDJbqpmE0rA.roa
Signing time:             Thu 06 Apr 2023 17:09:42 +0000
ROA not before:           Thu 06 Apr 2023 17:09:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:57:8b:a5:c0:13:6d:03:04:fc:e3:48:40:67:87:1e:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  6 17:09:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=08d46cbd7442c8e06eee7c2e9c325baa9984d2b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:41:32:85:7d:36:2d:29:e2:94:cb:3a:78:d3:
                    69:21:4f:81:11:71:10:e2:ed:52:10:c3:25:4e:9f:
                    60:1e:3e:5c:31:95:2f:53:8a:93:d8:5c:27:4b:9e:
                    07:9d:d3:42:ac:72:00:96:c9:a2:2e:a2:9a:08:82:
                    bc:c4:78:a6:8d:b6:1f:35:2a:14:f0:3a:eb:78:db:
                    d0:de:6f:ca:43:04:f9:61:68:a9:da:62:15:c3:be:
                    b9:f8:6e:e1:a1:ee:a4:92:60:bc:14:2c:f6:05:4e:
                    fa:e5:ed:e0:64:97:c9:c4:16:98:43:32:13:c9:69:
                    7e:7e:24:4e:ab:d8:ae:80:e7:e6:b5:d3:75:a3:fb:
                    c8:e9:77:ff:66:f8:59:4b:46:8d:9c:c1:5b:b1:c1:
                    3d:19:d6:eb:9d:b3:23:61:b7:ae:3b:d9:2d:7e:e3:
                    5a:da:64:1d:a7:6c:7d:28:db:d5:76:80:96:d5:ff:
                    ae:99:bd:c5:8f:b7:ca:ce:fd:99:73:f8:de:a5:7b:
                    40:fc:b9:bc:8b:fb:0e:b4:ef:54:22:bb:04:d0:62:
                    93:a1:d5:d5:60:2a:78:78:7b:50:c6:b8:99:20:ba:
                    56:c9:9b:48:87:de:16:eb:c4:fa:5f:09:fe:71:b1:
                    e6:d1:54:8e:53:4d:45:ed:b7:29:6d:13:6b:e3:9c:
                    98:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:D4:6C:BD:74:42:C8:E0:6E:EE:7C:2E:9C:32:5B:AA:99:84:D2:B0
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CNRsvXRCyOBu7nwunDJbqpmE0rA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:00:53:72:ed:d6:dd:7e:29:3b:d9:5d:9a:02:6a:7d:99:ff:
         8a:61:cb:34:fe:d7:f5:e2:02:94:7b:29:a0:67:03:b5:6e:2d:
         70:a0:80:d5:37:6b:c5:21:f2:75:a3:e0:33:eb:c5:34:cf:9a:
         78:89:8f:69:a0:90:32:0c:93:75:ac:eb:3d:89:de:83:2d:e8:
         41:69:77:f3:eb:63:07:a4:55:e4:01:da:08:44:a0:d9:8d:8a:
         27:8b:78:d6:47:f9:7e:1c:b5:97:8b:a2:10:4a:ed:0e:5d:e3:
         73:d3:55:65:7c:d5:eb:29:db:26:f3:f9:61:ef:d3:9c:90:c9:
         2e:5b:8d:5e:01:a6:5d:fe:e2:b7:0c:11:3b:c1:54:fd:5e:1b:
         94:de:85:18:cf:33:04:bd:8f:49:b9:3c:2a:80:df:eb:73:ac:
         4b:dc:d2:43:8b:6d:d2:69:44:9a:d2:73:a6:b8:15:00:b0:1c:
         9f:ef:c7:a9:18:1a:2b:43:56:e8:34:d3:8e:10:fb:e0:08:27:
         da:af:d9:eb:f6:8f:5d:19:71:63:9e:b2:f2:00:75:35:dc:14:
         fe:4a:7e:f3:93:b1:da:ba:81:1c:af:00:df:72:95:91:47:5a:
         be:e9:fd:b0:27:a6:e9:c6:11:23:95:70:8a:08:f9:cb:d9:21:
         fb:95:78:c9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdXi6XAE20DBPzjSEBnhx46MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDA2MTcwOTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGQ0NmNiZDc0NDJjOGUwNmVlZTdjMmU5YzMyNWJhYTk5ODRkMmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0EyhX02LSnilMs6eNNpIU+BEXEQ
4u1SEMMlTp9gHj5cMZUvU4qT2FwnS54HndNCrHIAlsmiLqKaCIK8xHimjbYfNSoU
8DrreNvQ3m/KQwT5YWip2mIVw765+G7hoe6kkmC8FCz2BU765e3gZJfJxBaYQzIT
yWl+fiROq9iugOfmtdN1o/vI6Xf/ZvhZS0aNnMFbscE9GdbrnbMjYbeuO9ktfuNa
2mQdp2x9KNvVdoCW1f+umb3Fj7fKzv2Zc/jepXtA/Lm8i/sOtO9UIrsE0GKTodXV
YCp4eHtQxriZILpWyZtIh94W68T6Xwn+cbHm0VSOU01F7bcpbRNr45yY+wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAjUbL10Qsjgbu58LpwyW6qZhNKwMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQ05Sc3ZYUkN5T0J1N253dW5ESmJxcG1FMHJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFIAU3Lt1t1+KTvZXZoC
an2Z/4phyzT+1/XiApR7KaBnA7VuLXCggNU3a8Uh8nWj4DPrxTTPmniJj2mgkDIM
k3Ws6z2J3oMt6EFpd/PrYwekVeQB2ghEoNmNiieLeNZH+X4ctZeLohBK7Q5d43PT
VWV81esp2ybz+WHv05yQyS5bjV4Bpl3+4rcMETvBVP1eG5TehRjPMwS9j0m5PCqA
3+tzrEvc0kOLbdJpRJrSc6a4FQCwHJ/vx6kYGitDVug0044Q++AIJ9qv2ev2j10Z
cWOesvIAdTXcFP5KfvOTsdq6gRyvAN9ylZFHWr7p/bAnpunGESOVcIoI+cvZIfuV
eMk=
-----END CERTIFICATE-----