Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/M_F1xroaJl-_UUmEVt-QeGM7o0c.roa
File:                     M_F1xroaJl-_UUmEVt-QeGM7o0c.roa (raw, json)
Hash identifier:          5PWLm9oJKSJRfw0jJoipe43pO8ZOzF9/0NUr1bwChLg=
Subject key identifier:   33:F1:75:C6:BA:1A:26:5F:BF:51:49:84:56:DF:90:78:63:3B:A3:47
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187D80ED54E050CE06090CA2BB1C77F6AEF
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/M_F1xroaJl-_UUmEVt-QeGM7o0c.roa
Signing time:             Mon 01 May 2023 16:04:23 +0000
ROA not before:           Mon 01 May 2023 16:04:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:187:d80e:94e0/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:d8:0e:d5:4e:05:0c:e0:60:90:ca:2b:b1:c7:7f:6a:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  1 16:04:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=33f175c6ba1a265fbf51498456df9078633ba347
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:fa:0b:c7:4e:12:01:0b:dd:9b:d7:ad:18:d4:
                    2f:b6:ec:7e:ed:c5:af:d4:72:0b:f4:1e:61:c5:4d:
                    43:83:77:50:e1:eb:db:70:ce:3f:34:ee:b6:37:91:
                    02:59:7c:46:2a:96:cc:ef:68:53:5f:df:63:a6:26:
                    12:8c:74:3b:df:49:5e:2d:ce:93:45:33:63:23:09:
                    38:eb:d6:76:f8:28:5a:f8:fb:c1:ec:2a:85:bc:31:
                    80:52:b3:18:d7:76:5a:fb:3d:ff:24:63:32:14:18:
                    5b:11:0a:60:17:91:f9:8b:7e:61:4e:b5:71:1f:91:
                    59:97:38:6a:89:b9:aa:97:ac:a4:ed:3a:9e:7c:1d:
                    49:86:a2:f6:48:19:a6:91:7a:90:2f:d6:bd:44:8d:
                    37:b3:e6:45:cd:f8:78:69:fc:23:60:a5:02:26:1b:
                    49:ae:c3:4f:ed:d2:bc:cc:c5:57:e5:fd:1e:c7:c2:
                    a4:ef:e2:c1:cc:cf:35:5e:9d:ca:2d:a1:9c:9a:ac:
                    2c:e9:9d:cd:57:4f:22:3c:f7:6e:25:e9:61:be:92:
                    cf:e6:32:d3:9a:2d:bd:fd:28:a3:11:76:76:f9:0a:
                    d9:a4:c6:a3:2e:3a:b8:27:43:de:0e:ed:f4:4c:4a:
                    d1:0d:91:a7:57:21:3b:e4:47:9c:be:00:92:f7:92:
                    ae:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:F1:75:C6:BA:1A:26:5F:BF:51:49:84:56:DF:90:78:63:3B:A3:47
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/M_F1xroaJl-_UUmEVt-QeGM7o0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         67:50:5f:eb:f5:3b:69:50:27:37:12:96:ec:d6:b7:56:48:5d:
         e3:02:b5:7b:f2:74:3a:93:7f:9b:fd:07:11:96:a6:b7:79:a9:
         55:97:40:4b:3b:17:4b:57:4b:eb:15:02:26:35:97:c2:61:2e:
         af:c2:da:b1:ad:35:8a:06:36:08:45:88:ba:05:03:c8:46:95:
         c5:89:e9:51:64:18:83:77:4f:f5:ed:0a:cb:5a:5b:0e:45:d6:
         52:59:22:ae:da:cc:01:dc:0e:24:14:66:ed:eb:6c:e6:22:dc:
         41:84:08:8b:3f:40:42:57:d1:95:9d:a0:cd:b5:02:2c:7e:26:
         4a:e0:d8:ba:d6:ee:a7:06:d9:60:93:2a:b1:25:00:7b:7e:c7:
         38:45:bc:21:6a:34:40:93:74:85:8b:4c:54:3d:ff:83:6f:66:
         7e:ff:ee:e0:01:d0:fa:c0:cb:f2:cf:92:dc:e3:82:b2:eb:b5:
         33:5c:c4:a8:7a:5a:f7:72:70:43:d5:6f:98:8d:2e:31:25:e2:
         bd:58:72:2f:06:38:8d:3c:f0:79:88:6f:63:12:a8:d3:d6:7b:
         43:44:66:f1:db:89:83:72:ca:65:44:be:45:93:ec:4a:25:55:
         1c:da:bb:4b:1f:8b:21:0f:45:f2:d5:22:46:98:56:88:b0:c5:
         bc:29:6c:34
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfYDtVOBQzgYJDKK7HHf2rvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTAxMTYwNDIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2YxNzVjNmJhMWEyNjVmYmY1MTQ5ODQ1NmRmOTA3ODYzM2JhMzQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkPoLx04SAQvdm9etGNQvtux+7cWv
1HIL9B5hxU1Dg3dQ4evbcM4/NO62N5ECWXxGKpbM72hTX99jpiYSjHQ730leLc6T
RTNjIwk469Z2+Cha+PvB7CqFvDGAUrMY13Za+z3/JGMyFBhbEQpgF5H5i35hTrVx
H5FZlzhqibmql6yk7TqefB1JhqL2SBmmkXqQL9a9RI03s+ZFzfh4afwjYKUCJhtJ
rsNP7dK8zMVX5f0ex8Kk7+LBzM81Xp3KLaGcmqws6Z3NV08iPPduJelhvpLP5jLT
mi29/SijEXZ2+QrZpMajLjq4J0PeDu30TErRDZGnVyE75EecvgCS95KuJwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDPxdca6GiZfv1FJhFbfkHhjO6NHMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvTV9GMXhyb2FKbC1fVVVtRVZ0LVFlR003bzBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGdQX+v1O2lQJzcSluzW
t1ZIXeMCtXvydDqTf5v9BxGWprd5qVWXQEs7F0tXS+sVAiY1l8JhLq/C2rGtNYoG
NghFiLoFA8hGlcWJ6VFkGIN3T/XtCstaWw5F1lJZIq7azAHcDiQUZu3rbOYi3EGE
CIs/QEJX0ZWdoM21Aix+Jkrg2LrW7qcG2WCTKrElAHt+xzhFvCFqNECTdIWLTFQ9
/4NvZn7/7uAB0PrAy/LPktzjgrLrtTNcxKh6WvdycEPVb5iNLjEl4r1Yci8GOI08
8HmIb2MSqNPWe0NEZvHbiYNyymVEvkWT7EolVRzau0sfiyEPRfLVIkaYVoiwxbwp
bDQ=
-----END CERTIFICATE-----