Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/HVCls4L42EEpWOdDpZemgl88HGo.roa
File:                     HVCls4L42EEpWOdDpZemgl88HGo.roa (raw, json)
Hash identifier:          vSi/Fz+0U+dLor7JfRyjrTanByUS85VMs3LblngBUKY=
Subject key identifier:   1D:50:A5:B3:82:F8:D8:41:29:58:E7:43:A5:97:A6:82:5F:3C:1C:6A
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187ED541CDE00B2D3C7FE091322A3E85402
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/HVCls4L42EEpWOdDpZemgl88HGo.roa
Signing time:             Fri 05 May 2023 19:12:05 +0000
ROA not before:           Fri 05 May 2023 19:12:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:ed:54:1c:de:00:b2:d3:c7:fe:09:13:22:a3:e8:54:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  5 19:12:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1d50a5b382f8d8412958e743a597a6825f3c1c6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:d3:fd:1b:c3:ac:4e:b7:03:d2:b5:d7:2b:f3:
                    75:1e:30:35:b5:ec:e0:4c:49:60:82:fe:39:89:86:
                    5d:bc:ac:02:ea:ae:6b:c2:72:5e:0f:57:ca:1e:78:
                    08:95:df:f2:3c:a2:3b:19:8e:c4:8a:94:07:21:a4:
                    78:6f:2a:85:7d:35:00:4a:5a:f7:98:ca:43:bd:05:
                    21:9c:b1:d7:51:57:b2:d3:8f:36:f2:b8:a8:39:bc:
                    0e:75:34:16:97:64:03:c0:8d:49:db:00:83:8e:88:
                    20:1e:15:57:e2:74:77:71:7c:eb:c8:ee:4d:d0:af:
                    02:5e:5e:eb:0c:07:b5:0c:f2:a9:c9:a1:20:f1:76:
                    e0:70:e5:c1:d1:06:f0:e1:77:5a:22:eb:0c:c8:98:
                    14:df:b5:1c:8e:d0:7a:fa:b2:50:f5:41:00:77:b0:
                    ea:cb:80:ec:47:e1:07:8e:cf:c7:df:14:62:23:62:
                    ee:b7:5a:9a:bb:ab:da:84:8b:16:36:f5:20:99:40:
                    91:99:eb:8e:ce:1e:0d:27:11:93:73:a6:8f:4d:72:
                    e3:1e:a6:92:f1:16:93:5f:7e:78:6a:60:a2:32:d8:
                    18:17:95:65:76:0c:43:66:36:11:8f:6c:1c:b9:14:
                    17:bc:f9:28:25:25:b2:fa:89:da:72:9d:79:3e:25:
                    7f:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:50:A5:B3:82:F8:D8:41:29:58:E7:43:A5:97:A6:82:5F:3C:1C:6A
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/HVCls4L42EEpWOdDpZemgl88HGo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         1e:b7:2f:b8:d4:58:09:cf:b2:3b:6c:9d:2f:9e:be:c8:db:87:
         cf:6d:93:ca:d9:ac:5d:d7:fb:51:6c:53:50:9c:fa:12:13:34:
         6f:cf:b0:1c:b7:40:be:2b:e3:58:df:ae:7c:6f:26:9f:ca:e3:
         1a:f1:5f:a0:5a:18:1e:75:a0:1a:89:ab:a6:02:47:1c:54:cf:
         ce:3d:98:d4:9e:e7:a7:30:61:f8:7a:b0:96:e9:ce:67:16:fc:
         04:e5:5a:2e:03:02:62:96:d9:56:af:78:1f:32:c4:28:69:16:
         b8:d9:53:2b:d0:d4:e1:a4:07:ba:f1:63:be:14:ab:2e:66:82:
         ef:43:0b:cc:f5:0e:69:e2:4d:c8:57:30:da:1d:5a:e4:33:8c:
         16:1e:0e:1d:ce:9f:c8:df:e6:b4:d0:90:3f:03:e0:74:35:ee:
         ec:96:2b:8a:2d:02:c4:2d:9d:66:49:3b:4b:82:56:93:c2:1e:
         33:76:0a:37:ca:a3:ba:5b:46:67:7c:30:a1:dc:b6:98:e9:30:
         a8:34:c3:eb:48:46:f7:09:8d:52:06:70:44:4b:01:77:68:74:
         5e:8e:35:58:e8:87:cc:a5:a9:19:1e:96:52:6c:98:7f:0e:b3:
         20:d3:19:2c:e8:c4:2d:02:2c:12:bd:65:d8:0c:32:83:50:0f:
         d6:e8:04:a6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYftVBzeALLTx/4JEyKj6FQCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA1MTkxMjA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDUwYTViMzgyZjhkODQxMjk1OGU3NDNhNTk3YTY4MjVmM2MxYzZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutP9G8OsTrcD0rXXK/N1HjA1tezg
TElggv45iYZdvKwC6q5rwnJeD1fKHngIld/yPKI7GY7EipQHIaR4byqFfTUASlr3
mMpDvQUhnLHXUVey04828rioObwOdTQWl2QDwI1J2wCDjoggHhVX4nR3cXzryO5N
0K8CXl7rDAe1DPKpyaEg8XbgcOXB0Qbw4XdaIusMyJgU37UcjtB6+rJQ9UEAd7Dq
y4DsR+EHjs/H3xRiI2Lut1qau6vahIsWNvUgmUCRmeuOzh4NJxGTc6aPTXLjHqaS
8RaTX354amCiMtgYF5VldgxDZjYRj2wcuRQXvPkoJSWy+onacp15PiV/nwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFB1QpbOC+NhBKVjnQ6WXpoJfPBxqMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSFZDbHM0TDQyRUVwV09kRHBaZW1nbDg4SEdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAB63L7jUWAnPsjtsnS+e
vsjbh89tk8rZrF3X+1FsU1Cc+hITNG/PsBy3QL4r41jfrnxvJp/K4xrxX6BaGB51
oBqJq6YCRxxUz849mNSe56cwYfh6sJbpzmcW/ATlWi4DAmKW2VaveB8yxChpFrjZ
UyvQ1OGkB7rxY74Uqy5mgu9DC8z1DmniTchXMNodWuQzjBYeDh3On8jf5rTQkD8D
4HQ17uyWK4otAsQtnWZJO0uCVpPCHjN2CjfKo7pbRmd8MKHctpjpMKg0w+tIRvcJ
jVIGcERLAXdodF6ONVjoh8ylqRkellJsmH8OsyDTGSzoxC0CLBK9ZdgMMoNQD9bo
BKY=
-----END CERTIFICATE-----