Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/K0uPFKU-kesnzux1pZvrHDJxCXA.roa
File:                     K0uPFKU-kesnzux1pZvrHDJxCXA.roa (raw, json)
Hash identifier:          0VkqwLgkygStC3cQBkLv6IPYVMLajyw9T+BEe49BtwM=
Subject key identifier:   2B:4B:8F:14:A5:3E:91:EB:27:CE:EC:75:A5:9B:EB:1C:32:71:09:70
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018771BA02A07AE54E7F46207DB86C77F150
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/K0uPFKU-kesnzux1pZvrHDJxCXA.roa
Signing time:             Tue 11 Apr 2023 19:10:28 +0000
ROA not before:           Tue 11 Apr 2023 19:10:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:71:ba:02:a0:7a:e5:4e:7f:46:20:7d:b8:6c:77:f1:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 11 19:10:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2b4b8f14a53e91eb27ceec75a59beb1c32710970
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:22:4e:e8:b2:f3:03:f0:b2:5d:71:62:27:e4:
                    61:8b:30:c2:a1:7d:be:42:aa:5f:3b:39:5b:53:ce:
                    9c:f8:ea:6f:b5:b7:b5:d6:01:01:a0:c5:c1:3f:74:
                    1f:cd:e8:83:0c:89:f8:4b:3a:85:71:01:b9:3a:a6:
                    80:90:f2:9b:a1:2f:f4:e6:01:9a:4d:bf:02:29:f7:
                    ed:9f:7e:af:05:71:7d:be:66:2b:c3:2a:70:4e:8b:
                    70:a3:5b:c1:18:19:4f:7e:9c:f1:f5:52:e1:40:dc:
                    32:29:19:31:df:05:ef:75:e6:45:a4:10:e0:3f:86:
                    9e:38:99:b2:70:ab:3b:40:81:22:9f:6c:ea:2f:62:
                    c0:7c:80:79:0f:88:60:ad:d8:38:f3:2e:cd:51:bb:
                    b8:5d:d2:92:68:5d:bc:32:0d:14:cf:83:64:bc:88:
                    14:62:37:8c:a8:54:13:d5:80:05:72:11:77:bc:94:
                    93:a6:fa:2f:33:34:fe:57:b7:c6:fd:5a:34:cf:e4:
                    73:56:34:19:aa:b3:39:67:21:ff:8a:b1:c3:95:59:
                    8f:f1:bd:70:fa:5c:73:35:ba:f6:52:f1:ef:1d:8a:
                    ea:6e:68:49:5d:53:51:08:82:e2:f4:3e:1f:51:de:
                    45:44:c1:07:10:ef:ff:63:32:cf:a0:6c:e9:c6:31:
                    37:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:4B:8F:14:A5:3E:91:EB:27:CE:EC:75:A5:9B:EB:1C:32:71:09:70
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/K0uPFKU-kesnzux1pZvrHDJxCXA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:13:b1:9e:95:16:f3:ad:3e:12:11:c1:14:7d:27:19:50:f1:
         2c:fe:b8:bf:9a:c7:aa:48:d1:f0:5d:b8:84:be:55:ef:16:eb:
         01:1e:b3:b3:5b:75:ef:17:32:7b:5f:9b:6d:fc:d5:18:97:6f:
         29:e1:2b:b3:f4:8a:c0:bd:16:57:b2:46:40:b8:3e:23:e5:69:
         df:35:46:01:89:c2:c3:11:10:9d:4f:f6:38:4e:f2:ef:1c:40:
         10:09:01:5e:a3:a1:9b:77:bd:0b:36:8b:ba:c9:27:31:8c:1e:
         e1:80:75:2d:b1:3b:82:61:59:5d:7b:3f:5a:19:6d:d7:9f:90:
         48:12:c3:38:ec:07:05:4f:98:68:af:39:30:ce:ee:00:d7:3e:
         1c:d8:5f:89:fe:5e:3f:e7:a0:31:fe:8a:a7:43:5e:7b:66:d3:
         e4:6a:96:29:4e:0c:ec:6a:c5:0e:1b:3a:a1:49:e0:b6:c3:a1:
         d5:a5:cc:a7:b9:f8:da:fa:6f:75:c0:e0:dd:de:31:92:91:d5:
         99:a1:8c:43:8a:5e:cb:b5:2c:4c:e4:7a:f3:90:37:17:58:81:
         9f:01:34:74:f7:aa:12:73:d7:34:39:e6:d9:8b:7d:5e:9d:b1:
         11:34:37:4d:41:12:12:15:e0:94:57:1e:e1:fc:20:69:9b:f4:
         79:05:50:29
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdxugKgeuVOf0Ygfbhsd/FQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDExMTkxMDI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjRiOGYxNGE1M2U5MWViMjdjZWVjNzVhNTliZWIxYzMyNzEwOTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3yJO6LLzA/CyXXFiJ+RhizDCoX2+
QqpfOzlbU86c+Opvtbe11gEBoMXBP3QfzeiDDIn4SzqFcQG5OqaAkPKboS/05gGa
Tb8CKfftn36vBXF9vmYrwypwTotwo1vBGBlPfpzx9VLhQNwyKRkx3wXvdeZFpBDg
P4aeOJmycKs7QIEin2zqL2LAfIB5D4hgrdg48y7NUbu4XdKSaF28Mg0Uz4NkvIgU
YjeMqFQT1YAFchF3vJSTpvovMzT+V7fG/Vo0z+RzVjQZqrM5ZyH/irHDlVmP8b1w
+lxzNbr2UvHvHYrqbmhJXVNRCILi9D4fUd5FRMEHEO//YzLPoGzpxjE3NQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCtLjxSlPpHrJ87sdaWb6xwycQlwMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSzB1UEZLVS1rZXNuenV4MXBadnJIREp4Q1hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAA0TsZ6VFvOtPhIRwRR9
JxlQ8Sz+uL+ax6pI0fBduIS+Ve8W6wEes7Nbde8XMntfm2381RiXbynhK7P0isC9
FleyRkC4PiPlad81RgGJwsMREJ1P9jhO8u8cQBAJAV6joZt3vQs2i7rJJzGMHuGA
dS2xO4JhWV17P1oZbdefkEgSwzjsBwVPmGivOTDO7gDXPhzYX4n+Xj/noDH+iqdD
Xntm0+RqlilODOxqxQ4bOqFJ4LbDodWlzKe5+Nr6b3XA4N3eMZKR1ZmhjEOKXsu1
LEzkevOQNxdYgZ8BNHT3qhJz1zQ55tmLfV6dsRE0N01BEhIV4JRXHuH8IGmb9HkF
UCk=
-----END CERTIFICATE-----