Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/MoaNkEaty3y9lIfzyMkAmQQ5sdw.roa
File:                     MoaNkEaty3y9lIfzyMkAmQQ5sdw.roa (raw, json)
Hash identifier:          9AIcpFi7BpmifWF6LPAxz+IWjniz28Mc8Gxi+R98C5g=
Subject key identifier:   32:86:8D:90:46:AD:CB:7C:BD:94:87:F3:C8:C9:00:99:04:39:B1:DC
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01880900895572C15D0A311AA48F2CF8A743
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/MoaNkEaty3y9lIfzyMkAmQQ5sdw.roa
Signing time:             Thu 11 May 2023 04:10:10 +0000
ROA not before:           Thu 11 May 2023 04:10:10 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:09:00:89:55:72:c1:5d:0a:31:1a:a4:8f:2c:f8:a7:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 11 04:10:10 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=32868d9046adcb7cbd9487f3c8c900990439b1dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:f0:4a:04:d3:2f:a0:a4:4f:6d:b8:a1:38:06:
                    6f:8e:85:22:26:88:90:28:05:96:3f:31:a6:f7:cd:
                    79:89:77:02:0d:49:56:bd:4f:b2:02:65:47:93:6c:
                    45:0e:5e:6d:bc:aa:7a:44:e4:80:c4:5b:c6:3b:dc:
                    cb:39:8c:23:22:59:d9:10:04:c2:5c:fa:bd:1c:e4:
                    0f:b9:58:63:f9:c4:a5:0b:ce:1c:98:f7:1e:6b:ef:
                    07:01:c3:98:32:75:4f:9f:81:68:2b:d4:34:df:ac:
                    b5:b8:36:f2:a5:f0:46:45:82:e1:cb:b1:f8:13:ec:
                    f6:c1:ea:52:58:46:b5:9e:34:a6:ee:70:a5:c0:5a:
                    e8:ba:52:1c:d0:3a:76:31:25:6e:ea:31:05:95:1a:
                    79:21:69:35:ab:1e:b9:b8:dc:d2:ea:0e:46:29:56:
                    54:36:c1:64:a1:7a:3a:2d:ba:e0:63:c4:2b:62:1f:
                    1f:48:42:7a:8c:61:43:15:74:b4:df:14:78:85:d7:
                    f6:5f:46:11:85:b1:ff:fc:87:69:7c:4b:6d:6b:08:
                    d1:61:f2:f7:d5:2c:b0:79:79:52:4a:e4:4e:f5:0d:
                    07:16:d4:1b:03:92:d0:62:bc:59:67:b1:fb:8c:e1:
                    fa:ef:bf:39:d2:fe:6c:f4:92:66:ba:8d:29:ef:57:
                    46:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:86:8D:90:46:AD:CB:7C:BD:94:87:F3:C8:C9:00:99:04:39:B1:DC
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/MoaNkEaty3y9lIfzyMkAmQQ5sdw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:ea:09:ee:b4:13:19:b8:d3:50:b9:45:25:1b:99:a8:11:d3:
         1c:e8:d7:df:0e:87:26:c8:65:fb:08:0a:74:02:f5:fa:54:c9:
         dd:42:a5:61:a4:59:54:18:5f:18:66:61:fd:94:07:28:27:13:
         66:89:32:85:3c:ec:5f:3b:33:d4:9b:98:ac:ef:f9:fa:98:84:
         e0:21:5f:3c:d7:9f:d4:fc:86:42:b3:be:10:7c:ea:2f:17:78:
         6e:60:0b:01:01:27:7d:ec:63:90:23:c2:f7:cf:97:4c:ec:32:
         ef:0a:d0:40:5f:5d:44:01:2a:f6:78:e1:eb:f0:a6:35:79:d3:
         87:ff:64:e9:6f:c4:6c:28:bc:9a:1c:1b:60:e3:63:37:17:96:
         32:04:e8:35:c8:82:2b:59:67:75:0f:17:32:b8:1a:f2:2e:62:
         85:6f:83:ae:6e:ee:7b:19:71:2e:d3:33:42:60:e8:95:5e:40:
         a5:59:c6:6e:f5:41:d2:94:f9:03:d6:d8:23:f9:75:6f:10:54:
         f4:f5:ba:ae:af:67:4a:a6:45:47:cb:1f:57:96:14:6f:c5:8f:
         99:2f:6c:ca:a6:75:da:cc:9e:a7:aa:67:9d:e7:e0:28:95:a2:
         86:60:f7:cf:a0:17:23:15:81:71:f8:7f:e9:a6:a3:9b:a0:c2:
         8d:3c:fa:06
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgJAIlVcsFdCjEapI8s+KdDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTExMDQxMDEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjg2OGQ5MDQ2YWRjYjdjYmQ5NDg3ZjNjOGM5MDA5OTA0MzliMWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvBKBNMvoKRPbbihOAZvjoUiJoiQ
KAWWPzGm9815iXcCDUlWvU+yAmVHk2xFDl5tvKp6ROSAxFvGO9zLOYwjIlnZEATC
XPq9HOQPuVhj+cSlC84cmPcea+8HAcOYMnVPn4FoK9Q036y1uDbypfBGRYLhy7H4
E+z2wepSWEa1njSm7nClwFroulIc0Dp2MSVu6jEFlRp5IWk1qx65uNzS6g5GKVZU
NsFkoXo6LbrgY8QrYh8fSEJ6jGFDFXS03xR4hdf2X0YRhbH//IdpfEttawjRYfL3
1SyweXlSSuRO9Q0HFtQbA5LQYrxZZ7H7jOH677850v5s9JJmuo0p71dGZwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDKGjZBGrct8vZSH88jJAJkEObHcMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvTW9hTmtFYXR5M3k5bElmenlNa0FtUVE1c2R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABzqCe60Exm401C5RSUb
magR0xzo198OhybIZfsICnQC9fpUyd1CpWGkWVQYXxhmYf2UBygnE2aJMoU87F87
M9SbmKzv+fqYhOAhXzzXn9T8hkKzvhB86i8XeG5gCwEBJ33sY5AjwvfPl0zsMu8K
0EBfXUQBKvZ44evwpjV504f/ZOlvxGwovJocG2DjYzcXljIE6DXIgitZZ3UPFzK4
GvIuYoVvg65u7nsZcS7TM0Jg6JVeQKVZxm71QdKU+QPW2CP5dW8QVPT1uq6vZ0qm
RUfLH1eWFG/Fj5kvbMqmddrMnqeqZ53n4CiVooZg98+gFyMVgXH4f+mmo5ugwo08
+gY=
-----END CERTIFICATE-----