Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Nu9GbW4VcTqjrppuN2J1a5Ox3pw.roa
File:                     Nu9GbW4VcTqjrppuN2J1a5Ox3pw.roa (raw, json)
Hash identifier:          7TiyUm5RNgbjWw+wOC4xqRrkQCD8PztheZaAFLddVao=
Subject key identifier:   36:EF:46:6D:6E:15:71:3A:A3:AE:9A:6E:37:62:75:6B:93:B1:DE:9C
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186FB10CBF4892DA7667EAC4A2F613ABC82
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Nu9GbW4VcTqjrppuN2J1a5Ox3pw.roa
Signing time:             Sun 19 Mar 2023 18:10:27 +0000
ROA not before:           Sun 19 Mar 2023 18:10:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:fb:10:cb:f4:89:2d:a7:66:7e:ac:4a:2f:61:3a:bc:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 19 18:10:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=36ef466d6e15713aa3ae9a6e3762756b93b1de9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:a2:64:78:c4:45:ec:5c:15:59:9b:5f:75:6a:
                    66:4b:18:35:3c:22:53:35:26:49:f0:7d:23:2e:5c:
                    98:87:98:8b:19:d0:95:9e:e1:cf:2e:17:d6:e9:53:
                    d0:cf:dc:4e:31:54:96:61:8a:f2:a3:c3:cd:f2:9d:
                    86:a0:5c:4c:3f:7f:97:5c:fd:45:12:ed:0c:b7:99:
                    b2:1e:60:6e:c1:4b:7b:54:00:cb:50:4d:ca:37:ab:
                    05:10:3e:35:7a:ec:0e:79:47:4a:6e:3a:c0:13:81:
                    37:76:4e:be:9c:e6:48:c2:1e:0d:9d:ba:42:20:d0:
                    a2:3a:35:ca:64:99:cd:f3:07:40:af:3d:bc:c9:a3:
                    0e:43:33:d9:6a:05:19:f4:04:ab:d1:51:af:d7:a8:
                    49:b7:fa:9b:b5:66:10:b7:f1:e1:01:3d:6c:45:e2:
                    46:a3:d2:30:a1:2b:0e:71:3d:f7:7f:bc:c7:6e:91:
                    60:6f:34:e2:f3:01:2a:ba:5f:67:69:96:38:f3:f7:
                    bf:3c:45:e4:cd:ae:af:0f:c9:40:e5:f8:94:0f:cc:
                    ff:17:ac:ff:e9:21:e1:97:14:8f:3f:51:14:65:c7:
                    59:83:92:f8:92:a8:0d:ce:b9:5c:76:6d:07:17:06:
                    59:3a:db:b4:2d:ea:5f:f4:5d:e7:a1:10:c5:4e:17:
                    a6:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:EF:46:6D:6E:15:71:3A:A3:AE:9A:6E:37:62:75:6B:93:B1:DE:9C
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Nu9GbW4VcTqjrppuN2J1a5Ox3pw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         24:1e:ea:01:dd:4a:d4:04:f2:d5:8c:62:12:9d:73:6e:b0:b4:
         14:78:7c:2a:86:4d:cf:23:d7:fd:11:9b:4c:d5:b5:53:81:f7:
         65:4c:45:ec:af:7f:cd:ef:fa:ba:6b:ab:f1:b8:07:6b:16:c0:
         dd:41:12:4c:91:ed:0a:e8:f3:bd:19:e3:9d:73:6c:78:19:a2:
         85:59:75:3f:01:d4:b6:d9:88:a9:ff:1b:f0:e9:df:df:71:0e:
         2a:82:ff:50:1d:23:6d:3b:27:e9:2b:0e:ca:d0:dc:55:d6:20:
         55:08:29:88:34:4c:3d:24:7d:e2:69:cd:c1:93:53:46:71:ac:
         f6:88:5a:17:58:60:4c:3c:4f:6a:80:c5:22:b4:12:b9:5d:5f:
         2d:02:3b:25:90:0b:8e:7d:b5:06:67:8f:bf:15:30:54:6b:ff:
         f7:c0:45:d6:ea:22:0d:25:e7:03:cc:d9:55:7d:82:ac:d1:2b:
         1e:22:f9:46:48:7c:e3:2f:17:32:a1:2f:87:a0:7a:1e:45:3e:
         5e:91:a7:ff:bb:16:04:bb:42:87:4d:76:c7:fb:f7:58:65:e2:
         fd:ff:dc:42:ef:35:fb:ba:0b:99:db:3b:06:5d:7c:28:af:28:
         ff:4b:35:10:49:35:4c:21:6a:aa:2a:f7:1d:6a:5e:80:b2:d4:
         b0:94:57:ed
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYb7EMv0iS2nZn6sSi9hOryCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzE5MTgxMDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmVmNDY2ZDZlMTU3MTNhYTNhZTlhNmUzNzYyNzU2YjkzYjFkZTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzqJkeMRF7FwVWZtfdWpmSxg1PCJT
NSZJ8H0jLlyYh5iLGdCVnuHPLhfW6VPQz9xOMVSWYYryo8PN8p2GoFxMP3+XXP1F
Eu0Mt5myHmBuwUt7VADLUE3KN6sFED41euwOeUdKbjrAE4E3dk6+nOZIwh4NnbpC
INCiOjXKZJnN8wdArz28yaMOQzPZagUZ9ASr0VGv16hJt/qbtWYQt/HhAT1sReJG
o9IwoSsOcT33f7zHbpFgbzTi8wEqul9naZY48/e/PEXkza6vD8lA5fiUD8z/F6z/
6SHhlxSPP1EUZcdZg5L4kqgNzrlcdm0HFwZZOtu0Lepf9F3noRDFThemhwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDbvRm1uFXE6o66abjdidWuTsd6cMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvTnU5R2JXNFZjVHFqcnBwdU4ySjFhNU94M3B3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACQe6gHdStQE8tWMYhKd
c26wtBR4fCqGTc8j1/0Rm0zVtVOB92VMReyvf83v+rprq/G4B2sWwN1BEkyR7Qro
870Z451zbHgZooVZdT8B1LbZiKn/G/Dp399xDiqC/1AdI207J+krDsrQ3FXWIFUI
KYg0TD0kfeJpzcGTU0ZxrPaIWhdYYEw8T2qAxSK0ErldXy0COyWQC459tQZnj78V
MFRr//fARdbqIg0l5wPM2VV9gqzRKx4i+UZIfOMvFzKhL4egeh5FPl6Rp/+7FgS7
QodNdsf791hl4v3/3ELvNfu6C5nbOwZdfCivKP9LNRBJNUwhaqoq9x1qXoCy1LCU
V+0=
-----END CERTIFICATE-----