Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/L2bQBCcuw1v9NZgQMwHxkYqoCXs.roa
File:                     L2bQBCcuw1v9NZgQMwHxkYqoCXs.roa (raw, json)
Hash identifier:          e35+gaSClDSbeWHSfN6VCo08+vnpFtsS7DOgZcHWfVk=
Subject key identifier:   2F:66:D0:04:27:2E:C3:5B:FD:35:98:10:33:01:F1:91:8A:A8:09:7B
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01885AC0CCF092D3D7D960ABAA0EA7A22264
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/L2bQBCcuw1v9NZgQMwHxkYqoCXs.roa
Signing time:             Sat 27 May 2023 01:09:24 +0000
ROA not before:           Sat 27 May 2023 01:09:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:5a:c0:cc:f0:92:d3:d7:d9:60:ab:aa:0e:a7:a2:22:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 27 01:09:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2f66d004272ec35bfd3598103301f1918aa8097b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:88:8d:fb:05:77:dc:ff:87:55:fd:c6:ba:68:
                    be:53:ab:5a:3e:ea:73:f2:9d:3a:d3:a5:a1:6a:04:
                    f7:fe:11:ed:b6:93:58:d2:ec:cd:a3:3d:d5:63:00:
                    05:a0:2f:2d:aa:45:cc:52:e8:05:f0:a7:0f:ce:38:
                    e8:35:c8:a5:64:92:45:8d:54:07:14:ef:03:80:82:
                    70:b5:48:6d:8f:9e:fa:76:1b:b3:2e:64:43:49:d6:
                    f9:78:85:fb:19:84:40:31:d1:15:88:58:22:d3:da:
                    e0:ef:6e:c3:9c:3f:b1:4a:02:25:b5:f8:7a:f5:2b:
                    3e:df:43:19:c9:4a:1f:90:1a:c2:c7:ec:34:25:29:
                    63:ab:0d:73:ad:75:8e:57:72:ce:31:84:38:7b:bc:
                    a2:dd:69:46:0a:de:5c:bc:0a:b6:6c:4d:f8:ef:fb:
                    4a:18:42:2d:b5:8f:92:64:60:04:bb:eb:ca:82:54:
                    7f:ec:9d:c8:5c:5b:eb:37:11:cf:0e:7a:4e:4c:89:
                    a5:a9:72:c4:d6:ae:91:98:65:46:53:f7:cf:23:6a:
                    4c:12:36:90:ad:f2:6b:77:c5:6c:82:db:62:55:db:
                    ca:f5:b2:bd:41:6f:68:2c:c1:6a:4c:0a:71:9a:ec:
                    b9:ca:45:a2:13:bc:66:ce:90:13:b8:e6:b4:b7:82:
                    96:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:66:D0:04:27:2E:C3:5B:FD:35:98:10:33:01:F1:91:8A:A8:09:7B
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/L2bQBCcuw1v9NZgQMwHxkYqoCXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2f:7e:62:f3:3d:ff:fd:bc:00:d1:42:57:a1:25:d7:af:79:39:
         9c:61:c4:78:3f:09:b1:04:db:21:ac:8f:00:fe:83:ca:0d:ff:
         e4:35:9a:17:58:bd:07:bb:c0:db:de:be:b6:5f:6e:e7:5b:d3:
         88:5b:23:e8:d4:ae:ba:e5:47:81:5a:36:d4:b7:43:40:4d:2d:
         39:88:4c:66:b3:07:18:a8:a9:c4:ff:e3:1b:7d:cd:68:2a:1c:
         e3:6a:7f:52:95:d1:6d:b5:ef:e2:44:61:37:7b:45:09:70:b6:
         ed:7f:7f:cf:77:3c:f8:5b:e8:65:15:82:3a:37:c5:3c:5c:f9:
         b2:03:a7:b0:6f:fc:8d:73:65:45:91:fa:2b:7b:a1:86:26:fc:
         31:0e:ed:ca:1c:6a:f3:f1:6f:1d:cb:15:a7:d1:5b:d7:54:3a:
         c3:74:5e:4e:1d:9f:58:b0:d3:e2:e8:de:28:05:c4:0a:d2:e5:
         d7:ce:b6:a9:41:4b:e9:72:c7:cd:b9:8b:f9:79:f3:4d:a3:ed:
         aa:2a:b9:63:24:7a:41:d8:16:dd:4a:13:bd:c1:9b:47:29:b4:
         dc:af:53:f4:46:f6:8f:91:73:12:87:7f:5d:dd:e1:77:20:9c:
         a8:74:5b:5a:91:1b:74:e2:fe:51:50:8b:83:2d:4f:4e:08:fe:
         12:ec:17:b5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhawMzwktPX2WCrqg6noiJkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTI3MDEwOTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjY2ZDAwNDI3MmVjMzViZmQzNTk4MTAzMzAxZjE5MThhYTgwOTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4iN+wV33P+HVf3Gumi+U6taPupz
8p0606WhagT3/hHttpNY0uzNoz3VYwAFoC8tqkXMUugF8KcPzjjoNcilZJJFjVQH
FO8DgIJwtUhtj576dhuzLmRDSdb5eIX7GYRAMdEViFgi09rg727DnD+xSgIltfh6
9Ss+30MZyUofkBrCx+w0JSljqw1zrXWOV3LOMYQ4e7yi3WlGCt5cvAq2bE347/tK
GEIttY+SZGAEu+vKglR/7J3IXFvrNxHPDnpOTImlqXLE1q6RmGVGU/fPI2pMEjaQ
rfJrd8VsgttiVdvK9bK9QW9oLMFqTApxmuy5ykWiE7xmzpATuOa0t4KWrQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFC9m0AQnLsNb/TWYEDMB8ZGKqAl7MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvTDJiUUJDY3V3MXY5TlpnUU13SHhrWXFvQ1hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAC9+YvM9//28ANFCV6El
1695OZxhxHg/CbEE2yGsjwD+g8oN/+Q1mhdYvQe7wNvevrZfbudb04hbI+jUrrrl
R4FaNtS3Q0BNLTmITGazBxioqcT/4xt9zWgqHONqf1KV0W217+JEYTd7RQlwtu1/
f893PPhb6GUVgjo3xTxc+bIDp7Bv/I1zZUWR+it7oYYm/DEO7cocavPxbx3LFafR
W9dUOsN0Xk4dn1iw0+Lo3igFxArS5dfOtqlBS+lyx825i/l5802j7aoquWMkekHY
Ft1KE73Bm0cptNyvU/RG9o+RcxKHf13d4XcgnKh0W1qRG3Ti/lFQi4MtT04I/hLs
F7U=
-----END CERTIFICATE-----