Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/K5G01EXnbQyiXsVpXP_gaajGvfw.roa
File:                     K5G01EXnbQyiXsVpXP_gaajGvfw.roa (raw, json)
Hash identifier:          SIhzJlwBRFYRRQR6MkIGOL6m6HpLDhNuETbtdNAROUE=
Subject key identifier:   2B:91:B4:D4:45:E7:6D:0C:A2:5E:C5:69:5C:FF:E0:69:A8:C6:BD:FC
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187DB1387F7FE72BB7212CE2198838AD086
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/K5G01EXnbQyiXsVpXP_gaajGvfw.roa
Signing time:             Tue 02 May 2023 06:08:22 +0000
ROA not before:           Tue 02 May 2023 06:08:22 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:db:13:87:f7:fe:72:bb:72:12:ce:21:98:83:8a:d0:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  2 06:08:22 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2b91b4d445e76d0ca25ec5695cffe069a8c6bdfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:c6:38:12:65:75:44:e7:bf:35:68:fa:e9:cf:
                    29:e7:ec:6f:6e:2b:6d:0d:ea:20:89:02:a8:59:00:
                    50:2f:65:aa:93:b9:64:96:f8:d0:51:37:5c:68:dc:
                    5f:f4:bc:f9:d3:d1:9e:88:95:b4:86:a6:8f:42:e9:
                    bc:26:af:cc:6e:9a:46:d0:9d:ec:99:b3:cb:08:12:
                    43:56:0f:90:71:ab:6f:0c:c9:2d:66:73:df:97:57:
                    45:a7:69:14:58:4f:75:8f:88:b7:58:64:62:b2:62:
                    9f:07:09:8e:ed:39:56:9c:dd:c7:72:d3:a5:94:ed:
                    2e:b0:4b:6b:60:82:36:e3:86:f1:bb:fc:79:c0:46:
                    69:dd:2b:9f:93:33:d2:f6:33:d3:26:86:9a:cb:10:
                    cb:f9:50:e4:3e:da:83:3f:58:05:6b:36:0b:a1:38:
                    6d:63:a9:46:0e:16:4b:11:3b:f4:df:af:bf:2b:ab:
                    d5:45:b7:66:14:0d:8c:66:61:22:61:90:0e:a9:13:
                    a0:19:6d:5e:18:ef:bf:cb:c2:df:dc:e8:d9:c2:e1:
                    b0:ce:05:6f:d3:02:37:59:1c:78:0f:ee:30:38:17:
                    84:d1:6b:b7:e6:dc:9b:bb:81:2e:7b:1f:57:df:ff:
                    57:f7:31:05:75:b7:d9:8e:2d:4d:71:63:e6:55:c8:
                    32:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:91:B4:D4:45:E7:6D:0C:A2:5E:C5:69:5C:FF:E0:69:A8:C6:BD:FC
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/K5G01EXnbQyiXsVpXP_gaajGvfw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a3:9f:6a:69:f4:00:48:f4:38:07:b4:e4:65:03:af:e6:43:0c:
         6d:da:bc:b7:34:80:e0:59:b7:dd:09:db:de:7f:85:92:47:da:
         73:7c:2e:43:27:1b:79:ee:b7:1c:14:6c:96:82:d1:7d:26:7c:
         60:d3:4b:d9:04:46:e7:59:ea:44:45:95:49:58:32:e4:e9:2a:
         89:0d:99:85:ec:14:9f:f6:97:46:f6:e2:62:d1:63:ff:db:25:
         6d:c4:ce:ed:e8:f4:a4:7f:8e:42:6b:c5:4c:92:5e:bc:b0:bf:
         69:22:ed:5e:c9:52:f5:fb:6b:f3:74:d3:ef:cf:6b:dd:c6:70:
         e3:34:f2:f3:b8:d3:7a:2d:c6:08:63:8c:29:ad:6f:06:e0:6d:
         dd:cb:6c:62:de:5c:2b:c6:59:85:55:3e:ee:70:47:bc:54:b3:
         fe:40:b2:46:6c:1c:94:29:de:ea:95:c9:0e:8c:a5:9d:8a:69:
         31:4e:2d:82:30:9e:f5:e3:2f:fa:a7:02:e1:bb:d5:11:cc:e4:
         3d:0c:aa:f1:bb:48:c6:45:56:37:57:55:dc:ff:ae:23:84:74:
         d1:86:b0:3d:c4:5d:51:f1:b7:e8:f7:48:da:92:30:51:ad:a8:
         82:81:4d:99:97:00:d7:f5:0b:11:a1:c4:18:f3:4e:54:61:6d:
         d3:72:aa:d4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfbE4f3/nK7chLOIZiDitCGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTAyMDYwODIyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjkxYjRkNDQ1ZTc2ZDBjYTI1ZWM1Njk1Y2ZmZTA2OWE4YzZiZGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi8Y4EmV1ROe/NWj66c8p5+xvbitt
DeogiQKoWQBQL2Wqk7lklvjQUTdcaNxf9Lz509GeiJW0hqaPQum8Jq/MbppG0J3s
mbPLCBJDVg+QcatvDMktZnPfl1dFp2kUWE91j4i3WGRismKfBwmO7TlWnN3HctOl
lO0usEtrYII244bxu/x5wEZp3SufkzPS9jPTJoaayxDL+VDkPtqDP1gFazYLoTht
Y6lGDhZLETv036+/K6vVRbdmFA2MZmEiYZAOqROgGW1eGO+/y8Lf3OjZwuGwzgVv
0wI3WRx4D+4wOBeE0Wu35tybu4Euex9X3/9X9zEFdbfZji1NcWPmVcgyUQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCuRtNRF520Mol7FaVz/4Gmoxr38MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSzVHMDFFWG5iUXlpWHNWcFhQX2dhYWpHdmZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKOfamn0AEj0OAe05GUD
r+ZDDG3avLc0gOBZt90J295/hZJH2nN8LkMnG3nutxwUbJaC0X0mfGDTS9kERudZ
6kRFlUlYMuTpKokNmYXsFJ/2l0b24mLRY//bJW3Ezu3o9KR/jkJrxUySXrywv2ki
7V7JUvX7a/N00+/Pa93GcOM08vO403otxghjjCmtbwbgbd3LbGLeXCvGWYVVPu5w
R7xUs/5AskZsHJQp3uqVyQ6MpZ2KaTFOLYIwnvXjL/qnAuG71RHM5D0MqvG7SMZF
VjdXVdz/riOEdNGGsD3EXVHxt+j3SNqSMFGtqIKBTZmXANf1CxGhxBjzTlRhbdNy
qtQ=
-----END CERTIFICATE-----