Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PDkv0Tdfw_-5UaGKQrOn1FWrH0w.roa
File:                     PDkv0Tdfw_-5UaGKQrOn1FWrH0w.roa (raw, json)
Hash identifier:          Ks4MPN6oL/BjS1A8O++Y6UoWS7hiZPsN1YntlI1Y8B0=
Subject key identifier:   3C:39:2F:D1:37:5F:C3:FF:B9:51:A1:8A:42:B3:A7:D4:55:AB:1F:4C
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01872B1C06D3DD9B7523EC2E5D34632E943E
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PDkv0Tdfw_-5UaGKQrOn1FWrH0w.roa
Signing time:             Wed 29 Mar 2023 02:04:29 +0000
ROA not before:           Wed 29 Mar 2023 02:04:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:187:2b1b:e5c0/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:2b:1c:06:d3:dd:9b:75:23:ec:2e:5d:34:63:2e:94:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 29 02:04:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3c392fd1375fc3ffb951a18a42b3a7d455ab1f4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:d1:e1:ad:d6:80:e4:e9:8f:a8:39:27:53:2b:
                    47:fd:ff:d4:1c:a8:e9:85:64:92:e7:42:57:a5:59:
                    bb:02:23:d6:8b:2b:22:e7:66:be:af:1e:85:9c:aa:
                    6d:45:9d:53:30:8f:48:38:d6:c2:50:f7:b3:8c:2c:
                    17:5c:8d:48:b7:81:dd:26:f4:6f:23:9d:c0:bb:91:
                    09:33:79:97:66:56:2f:fe:b2:98:67:78:33:13:10:
                    28:2b:f4:76:bd:71:52:cd:f1:71:4a:44:48:61:57:
                    2f:e2:11:1c:e6:4d:fe:3a:ce:67:a4:b5:0c:da:68:
                    c4:1b:30:45:d6:54:ac:b1:44:d9:ea:c1:90:d6:fe:
                    fb:09:c1:bb:2f:6a:09:0c:7d:cb:be:b5:c3:3f:9a:
                    71:dc:db:45:26:e6:d7:bb:b6:a3:ee:0c:7d:b6:d2:
                    1d:c0:32:23:d1:37:f5:81:5a:b8:30:9e:a1:98:f6:
                    54:2c:b7:78:65:18:a9:0a:0b:5c:ff:0f:5e:3f:16:
                    9d:ea:39:fc:f7:2b:f0:47:67:72:eb:f7:28:94:2d:
                    70:2f:fe:35:99:19:09:98:40:30:2d:3f:1d:0b:c8:
                    9e:a1:e4:f2:75:0c:2a:02:c5:ac:1c:91:b7:a8:91:
                    22:f9:26:2b:7e:9b:b4:35:8e:ff:5e:97:63:21:23:
                    28:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:39:2F:D1:37:5F:C3:FF:B9:51:A1:8A:42:B3:A7:D4:55:AB:1F:4C
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PDkv0Tdfw_-5UaGKQrOn1FWrH0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:f6:39:1c:1b:41:6a:31:d9:f0:8c:26:65:91:a6:40:21:d7:
         8f:0b:f0:cd:d5:51:f9:cd:ee:66:7e:fb:47:1b:70:36:e0:61:
         30:52:bd:43:fa:b4:5b:d0:89:15:1f:1d:c9:ed:99:76:55:85:
         2f:7f:e5:3e:21:a6:32:d5:a8:0d:49:82:4e:7b:16:9b:bd:4e:
         74:45:d1:90:22:3e:f2:29:d3:5d:3b:05:96:ea:e3:44:58:bf:
         5a:4f:af:6d:fb:35:1e:96:87:40:f2:d6:c7:a5:b0:93:c3:28:
         34:5a:39:24:55:a2:ac:c9:c9:c4:79:ba:bf:cb:50:9c:4d:c2:
         93:5b:ee:0b:fe:9f:e3:74:0e:6b:29:81:1c:49:cf:16:2f:49:
         79:7c:53:39:8d:ff:28:67:4f:a9:2a:fb:95:12:55:2f:68:bd:
         e8:10:f7:93:5c:55:fa:1a:d9:10:3d:e8:c5:0b:71:78:c4:68:
         68:b4:98:32:f6:b9:5e:09:d8:fd:fd:50:2b:a4:27:1f:c5:75:
         5f:84:f8:d7:87:90:29:c1:a4:4d:f1:80:d9:54:46:8a:47:51:
         e6:2d:06:94:84:3e:86:fd:77:c1:d2:c3:9d:1f:62:9a:24:91:
         4e:f7:16:ed:88:8d:e4:44:7b:1b:60:55:c5:6e:ba:1c:53:64:
         96:f7:0c:8f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcrHAbT3Zt1I+wuXTRjLpQ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI5MDIwNDI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzM5MmZkMTM3NWZjM2ZmYjk1MWExOGE0MmIzYTdkNDU1YWIxZjRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9HhrdaA5OmPqDknUytH/f/UHKjp
hWSS50JXpVm7AiPWiysi52a+rx6FnKptRZ1TMI9IONbCUPezjCwXXI1It4HdJvRv
I53Au5EJM3mXZlYv/rKYZ3gzExAoK/R2vXFSzfFxSkRIYVcv4hEc5k3+Os5npLUM
2mjEGzBF1lSssUTZ6sGQ1v77CcG7L2oJDH3LvrXDP5px3NtFJubXu7aj7gx9ttId
wDIj0Tf1gVq4MJ6hmPZULLd4ZRipCgtc/w9ePxad6jn89yvwR2dy6/colC1wL/41
mRkJmEAwLT8dC8ieoeTydQwqAsWsHJG3qJEi+SYrfpu0NY7/XpdjISMonwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDw5L9E3X8P/uVGhikKzp9RVqx9MMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUERrdjBUZGZ3Xy01VWFHS1FyT24xRldySDB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABj2ORwbQWox2fCMJmWR
pkAh148L8M3VUfnN7mZ++0cbcDbgYTBSvUP6tFvQiRUfHcntmXZVhS9/5T4hpjLV
qA1Jgk57Fpu9TnRF0ZAiPvIp0107BZbq40RYv1pPr237NR6Wh0Dy1selsJPDKDRa
OSRVoqzJycR5ur/LUJxNwpNb7gv+n+N0DmspgRxJzxYvSXl8UzmN/yhnT6kq+5US
VS9ovegQ95NcVfoa2RA96MULcXjEaGi0mDL2uV4J2P39UCukJx/FdV+E+NeHkCnB
pE3xgNlURopHUeYtBpSEPob9d8HSw50fYpokkU73Fu2IjeREextgVcVuuhxTZJb3
DI8=
-----END CERTIFICATE-----