Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/M3WxlgOmWOviLrPOzT4AajxWbOw.roa
File:                     M3WxlgOmWOviLrPOzT4AajxWbOw.roa (raw, json)
Hash identifier:          DbWZF1g+aACZ+oLwmkKSzaWGwcRxQDT+JSyZrg32T3o=
Subject key identifier:   33:75:B1:96:03:A6:58:EB:E2:2E:B3:CE:CD:3E:00:6A:3C:56:6C:EC
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187C89CF7CCE03E7D00BBAA620A68DEA2FC
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/M3WxlgOmWOviLrPOzT4AajxWbOw.roa
Signing time:             Fri 28 Apr 2023 16:05:42 +0000
ROA not before:           Fri 28 Apr 2023 16:05:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:187:c89c:1789/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:c8:9c:f7:cc:e0:3e:7d:00:bb:aa:62:0a:68:de:a2:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 28 16:05:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3375b19603a658ebe22eb3cecd3e006a3c566cec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:42:f6:82:ad:36:4b:50:a9:00:5a:c1:f5:84:
                    b0:c1:1a:3c:83:ac:22:ec:da:bc:e4:42:de:28:68:
                    61:f6:45:b9:3e:8c:66:6c:77:81:ed:f9:65:7a:5b:
                    3e:5c:56:27:5b:5a:cd:b8:95:88:ab:e1:fa:a6:23:
                    66:43:fb:d1:01:c8:44:74:c5:ac:ff:f7:5e:45:8d:
                    ad:ba:87:f4:c5:02:64:bd:4b:d7:6e:8a:f9:14:75:
                    46:a0:85:86:e8:49:65:e7:8e:3c:ae:34:95:dd:51:
                    4f:8b:d6:b1:73:7d:52:5b:c7:b3:74:3e:01:71:dc:
                    09:44:94:12:8b:72:60:15:d9:29:49:a0:32:a8:65:
                    76:5e:25:a2:89:da:f1:36:8c:8a:5c:00:2e:f6:2f:
                    47:69:f5:ef:2c:16:a6:e7:8f:88:68:7b:14:93:65:
                    62:a6:00:30:17:a4:17:89:77:6f:0d:74:99:b4:21:
                    2b:ff:fd:f1:14:07:90:bb:7d:07:38:89:a9:d9:f5:
                    0a:1f:97:33:5b:d5:e4:71:26:6d:f7:90:47:5e:1e:
                    7d:65:cc:67:18:2e:66:53:a1:4a:de:43:a6:69:ac:
                    17:3c:7e:cc:dc:8a:ce:cb:22:e0:64:b0:29:a5:42:
                    b2:eb:cb:d8:99:ea:52:36:5b:4c:d2:ca:21:7f:ce:
                    d9:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:75:B1:96:03:A6:58:EB:E2:2E:B3:CE:CD:3E:00:6A:3C:56:6C:EC
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/M3WxlgOmWOviLrPOzT4AajxWbOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         96:36:9d:79:a3:11:1f:d5:5a:c2:88:62:c2:51:0c:89:08:05:
         2c:2f:e5:bc:64:8f:b7:99:12:2f:cf:e6:a8:1e:3d:e9:cd:99:
         38:4d:b6:9d:0c:49:fd:c9:b2:bd:a2:e7:b8:02:2a:12:d1:78:
         40:c4:de:3f:16:fb:b9:db:ca:ba:14:58:d9:8c:6c:26:fa:ae:
         8e:cb:e5:10:ac:02:a3:78:7b:c6:b9:7a:d9:74:d0:6c:ba:dd:
         b6:cc:94:a5:7a:b7:7b:21:ef:b1:32:6f:7b:ec:c5:0a:31:79:
         3b:01:03:86:51:5c:43:1c:91:01:19:7d:1b:3b:10:6e:6c:24:
         b9:7c:4d:43:ad:7d:cf:62:66:3a:93:ee:d1:e4:9c:df:ee:f6:
         78:a9:91:13:67:f0:22:44:4f:ad:d1:3e:76:df:54:6b:90:1b:
         10:d7:c5:ea:52:2d:f6:70:79:af:8e:0d:1e:58:af:c7:c5:89:
         43:f2:f9:08:28:b2:0c:65:bc:ec:d1:e3:a8:44:9b:49:6b:96:
         cf:6f:ce:37:ec:a9:6d:13:6e:7f:af:b7:64:02:c9:5d:50:9c:
         66:43:ac:b4:bd:14:54:7f:df:2d:16:a9:73:89:c3:a4:7d:ea:
         55:8f:68:3a:6d:e3:54:f7:d8:c0:2f:55:90:c5:f2:eb:a7:e5:
         d6:41:11:09
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfInPfM4D59ALuqYgpo3qL8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDI4MTYwNTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzc1YjE5NjAzYTY1OGViZTIyZWIzY2VjZDNlMDA2YTNjNTY2Y2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkUL2gq02S1CpAFrB9YSwwRo8g6wi
7Nq85ELeKGhh9kW5PoxmbHeB7fllels+XFYnW1rNuJWIq+H6piNmQ/vRAchEdMWs
//deRY2tuof0xQJkvUvXbor5FHVGoIWG6Ell5448rjSV3VFPi9axc31SW8ezdD4B
cdwJRJQSi3JgFdkpSaAyqGV2XiWiidrxNoyKXAAu9i9HafXvLBam54+IaHsUk2Vi
pgAwF6QXiXdvDXSZtCEr//3xFAeQu30HOImp2fUKH5czW9XkcSZt95BHXh59Zcxn
GC5mU6FK3kOmaawXPH7M3IrOyyLgZLAppUKy68vYmepSNltM0sohf87ZqQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDN1sZYDpljr4i6zzs0+AGo8VmzsMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvTTNXeGxnT21XT3ZpTHJQT3pUNEFhanhXYk93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJY2nXmjER/VWsKIYsJR
DIkIBSwv5bxkj7eZEi/P5qgePenNmThNtp0MSf3Jsr2i57gCKhLReEDE3j8W+7nb
yroUWNmMbCb6ro7L5RCsAqN4e8a5etl00Gy63bbMlKV6t3sh77Eyb3vsxQoxeTsB
A4ZRXEMckQEZfRs7EG5sJLl8TUOtfc9iZjqT7tHknN/u9nipkRNn8CJET63RPnbf
VGuQGxDXxepSLfZwea+ODR5Yr8fFiUPy+QgosgxlvOzR46hEm0lrls9vzjfsqW0T
bn+vt2QCyV1QnGZDrLS9FFR/3y0WqXOJw6R96lWPaDpt41T32MAvVZDF8uun5dZB
EQk=
-----END CERTIFICATE-----