Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/FygUVfnRNE3Kyuhva1srZGZuj6M.roa
File:                     FygUVfnRNE3Kyuhva1srZGZuj6M.roa (raw, json)
Hash identifier:          Wq/Wxg7uh1HIA1eLSG992xRU24pyOq5FyQ+D5/0Vl9Q=
Subject key identifier:   17:28:14:55:F9:D1:34:4D:CA:CA:E8:6F:6B:5B:2B:64:66:6E:8F:A3
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187A04A609AF42DE9E5A7A09F44F1C0DDF2
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/FygUVfnRNE3Kyuhva1srZGZuj6M.roa
Signing time:             Thu 20 Apr 2023 20:10:41 +0000
ROA not before:           Thu 20 Apr 2023 20:10:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:a0:4a:60:9a:f4:2d:e9:e5:a7:a0:9f:44:f1:c0:dd:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 20 20:10:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=17281455f9d1344dcacae86f6b5b2b64666e8fa3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:e4:48:3c:46:96:a3:0a:41:7a:80:99:2d:8a:
                    34:f2:73:4a:71:53:a8:ac:8c:d5:87:88:02:53:89:
                    72:79:ac:1c:f4:fb:36:41:1d:1d:af:01:fa:01:21:
                    ba:e6:5c:e7:05:35:5d:ba:a9:4d:bc:3d:b5:e0:bb:
                    2c:2d:7e:a8:e3:2b:a8:16:97:c9:8b:f4:25:e6:5f:
                    83:51:e6:1c:5b:72:4a:b2:a5:75:a4:f3:07:fa:b6:
                    91:91:a9:d7:b0:61:11:e2:02:ac:32:14:67:67:87:
                    4d:ed:ef:aa:62:d5:01:d3:71:28:2e:16:79:5b:e8:
                    6f:a2:86:d8:e6:4f:ca:e5:d8:ca:b6:44:b6:75:5e:
                    76:97:26:d9:6f:46:f9:44:aa:80:41:a4:4a:4d:17:
                    8a:e1:5d:ff:f0:a4:e7:bc:88:f3:9e:ed:f1:3b:cb:
                    ba:c3:53:4f:58:21:ca:cf:e9:fd:40:5a:ef:7b:9a:
                    24:95:e2:77:94:b9:aa:0c:e6:b4:e3:3b:5a:fc:80:
                    32:45:dd:03:e6:d7:d5:c2:87:c6:a1:be:96:fd:c7:
                    b9:59:37:de:b5:88:86:ee:cb:86:31:44:4b:30:2d:
                    ce:45:0e:0f:5b:cd:50:fe:d0:0f:61:c2:c7:ac:7d:
                    f7:81:e4:dd:f6:8a:fa:36:26:ba:27:0d:c7:eb:be:
                    37:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:28:14:55:F9:D1:34:4D:CA:CA:E8:6F:6B:5B:2B:64:66:6E:8F:A3
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/FygUVfnRNE3Kyuhva1srZGZuj6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         3a:7a:14:3c:d0:09:e4:8b:f6:8d:e9:29:c3:60:0b:b9:d3:b7:
         f4:27:67:94:76:de:44:f7:2a:db:24:6b:36:7b:34:7b:19:da:
         2b:1a:27:18:30:e9:2e:12:57:7b:aa:72:b6:3a:5f:46:52:b2:
         5a:40:0c:75:d7:dc:61:29:29:ac:e2:31:13:c2:5a:70:c2:ec:
         92:f9:a8:25:64:5e:4c:8b:12:f3:1e:7e:f0:c3:f0:41:43:b4:
         25:4a:a9:84:72:69:64:7a:4d:4a:6e:5c:66:26:4c:33:d3:f9:
         6b:e3:e9:a4:e6:91:bf:a6:b8:b7:6b:db:54:1a:a7:c9:61:d9:
         ab:65:04:9b:3d:a6:da:ea:5a:bf:df:e3:26:a8:9a:94:c9:ed:
         bc:6a:b0:cc:eb:df:33:ee:30:89:88:ab:27:00:63:13:5c:a9:
         08:e6:74:c1:d5:d0:73:7a:a0:e0:cb:70:66:58:ff:8e:95:ca:
         36:de:48:7a:db:d4:4f:ec:a9:ae:13:b2:fb:5f:c0:04:2a:74:
         b1:cf:ce:08:b5:9e:53:40:52:95:ff:98:51:c9:0d:22:f3:c0:
         8b:75:d1:7e:82:3a:50:01:83:aa:64:53:6a:b1:dc:fc:20:62:
         8e:f0:b3:89:6e:fa:04:bd:38:d4:a8:b0:91:c4:b3:ef:32:3b:
         43:bf:60:23
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYegSmCa9C3p5aegn0TxwN3yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDIwMjAxMDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzI4MTQ1NWY5ZDEzNDRkY2FjYWU4NmY2YjViMmI2NDY2NmU4ZmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAguRIPEaWowpBeoCZLYo08nNKcVOo
rIzVh4gCU4lyeawc9Ps2QR0drwH6ASG65lznBTVduqlNvD214LssLX6o4yuoFpfJ
i/Ql5l+DUeYcW3JKsqV1pPMH+raRkanXsGER4gKsMhRnZ4dN7e+qYtUB03EoLhZ5
W+hvoobY5k/K5djKtkS2dV52lybZb0b5RKqAQaRKTReK4V3/8KTnvIjznu3xO8u6
w1NPWCHKz+n9QFrve5okleJ3lLmqDOa04zta/IAyRd0D5tfVwofGob6W/ce5WTfe
tYiG7suGMURLMC3ORQ4PW81Q/tAPYcLHrH33geTd9or6Nia6Jw3H6743bwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBcoFFX50TRNysrob2tbK2Rmbo+jMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvRnlnVVZmblJORTNLeXVodmExc3JaR1p1ajZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADp6FDzQCeSL9o3pKcNg
C7nTt/QnZ5R23kT3KtskazZ7NHsZ2isaJxgw6S4SV3uqcrY6X0ZSslpADHXX3GEp
KaziMRPCWnDC7JL5qCVkXkyLEvMefvDD8EFDtCVKqYRyaWR6TUpuXGYmTDPT+Wvj
6aTmkb+muLdr21Qap8lh2atlBJs9ptrqWr/f4yaompTJ7bxqsMzr3zPuMImIqycA
YxNcqQjmdMHV0HN6oODLcGZY/46VyjbeSHrb1E/sqa4TsvtfwAQqdLHPzgi1nlNA
UpX/mFHJDSLzwIt10X6COlABg6pkU2qx3PwgYo7ws4lu+gS9ONSosJHEs+8yO0O/
YCM=
-----END CERTIFICATE-----