Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Sg5dbarkcx8ujjdpk0RkvPMGJUI.roa
File:                     Sg5dbarkcx8ujjdpk0RkvPMGJUI.roa (raw, json)
Hash identifier:          jFFGnrE2veL78qwb4FzPLEKg4Fjgf8ebtPrlrhKvSIE=
Subject key identifier:   4A:0E:5D:6D:AA:E4:73:1F:2E:8E:37:69:93:44:64:BC:F3:06:25:42
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018703E27C6803E9A3C3C0D998EA17F196D3
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Sg5dbarkcx8ujjdpk0RkvPMGJUI.roa
Signing time:             Tue 21 Mar 2023 11:16:27 +0000
ROA not before:           Tue 21 Mar 2023 11:16:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:03:e2:7c:68:03:e9:a3:c3:c0:d9:98:ea:17:f1:96:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 21 11:16:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4a0e5d6daae4731f2e8e3769934464bcf3062542
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:48:61:49:76:85:03:02:55:54:6a:a6:de:be:
                    75:51:87:fa:1c:9a:0a:a3:58:e3:4d:96:8e:a6:02:
                    12:a9:cc:30:94:db:8e:f0:89:90:35:7d:7e:32:63:
                    9a:b2:2b:00:56:01:63:ff:97:31:6e:f3:ca:7c:4f:
                    d5:fa:6a:c9:b9:8c:9e:dd:de:5c:28:15:a2:d4:ed:
                    7d:e2:2b:65:f8:56:40:d7:87:b9:f2:ad:fe:08:17:
                    53:c3:f0:f2:52:3e:86:c7:29:d7:07:bd:c1:73:1e:
                    1d:aa:47:41:76:cc:29:17:9c:2f:82:e3:56:b5:c9:
                    d1:54:c1:6c:1e:27:90:83:95:63:56:0c:6d:6d:b2:
                    17:e8:cf:dc:11:c1:f1:3b:48:77:d0:8a:ec:25:40:
                    59:3c:f6:88:6d:f4:3d:25:83:5a:03:ba:77:69:07:
                    4f:0e:82:0c:70:5a:5e:79:17:81:ae:b5:2c:65:e6:
                    35:48:ad:ce:1e:55:01:f1:5c:bf:94:19:07:4e:2a:
                    c0:be:e8:32:43:ba:b5:ea:05:9b:69:26:e0:dd:5d:
                    fa:98:a1:36:30:16:0b:18:ad:ca:b2:23:02:89:0f:
                    74:7a:66:51:8d:63:b6:ab:cc:bb:ed:e7:d9:0e:e9:
                    d9:83:90:c0:38:17:17:16:4a:1e:2f:ed:31:6d:ea:
                    2e:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:0E:5D:6D:AA:E4:73:1F:2E:8E:37:69:93:44:64:BC:F3:06:25:42
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Sg5dbarkcx8ujjdpk0RkvPMGJUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         87:0b:77:64:ce:ed:a6:5c:9d:a6:ed:d5:de:94:be:6d:02:50:
         a6:5f:ae:1d:e7:76:60:48:e4:dc:1f:82:dd:00:eb:c7:80:8f:
         79:ce:8b:91:b8:86:4a:71:18:87:12:28:ef:60:5c:66:94:1f:
         3e:c2:5f:84:60:d0:a7:a7:5f:71:1c:53:f5:64:c0:6d:7a:5f:
         c8:55:7c:40:90:1f:fd:70:cd:52:1b:48:92:6d:cc:44:25:8e:
         29:97:ae:de:67:8d:19:f6:ad:9d:52:15:82:49:79:38:13:b1:
         33:f5:14:c0:f4:2c:8b:ce:16:8a:4f:95:6a:ea:f5:a1:e9:5e:
         95:88:0f:1b:e8:c9:ef:06:a7:ad:b1:c6:51:87:77:bd:9f:9a:
         bf:ad:9f:f2:2f:a9:e0:8d:17:56:7a:c9:6d:ce:95:f0:ed:7d:
         75:d7:31:54:5d:01:ed:19:3c:89:15:67:b8:d3:11:2a:70:ed:
         83:3a:02:2c:6e:2d:e2:5c:c2:f6:4d:05:05:ba:3b:76:b7:15:
         77:f2:0d:08:ff:f9:7d:5e:b9:df:bb:64:64:be:1d:21:1f:12:
         a2:fd:52:76:61:9e:61:e7:5f:b5:df:8e:1a:2c:f4:db:ff:96:
         7b:94:f6:dc:3b:86:de:db:a0:1e:76:f1:0f:4f:bb:fd:5f:05:
         a5:49:ea:0c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcD4nxoA+mjw8DZmOoX8ZbTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzIxMTExNjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTBlNWQ2ZGFhZTQ3MzFmMmU4ZTM3Njk5MzQ0NjRiY2YzMDYyNTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkkhhSXaFAwJVVGqm3r51UYf6HJoK
o1jjTZaOpgISqcwwlNuO8ImQNX1+MmOasisAVgFj/5cxbvPKfE/V+mrJuYye3d5c
KBWi1O194itl+FZA14e58q3+CBdTw/DyUj6GxynXB73Bcx4dqkdBdswpF5wvguNW
tcnRVMFsHieQg5VjVgxtbbIX6M/cEcHxO0h30IrsJUBZPPaIbfQ9JYNaA7p3aQdP
DoIMcFpeeReBrrUsZeY1SK3OHlUB8Vy/lBkHTirAvugyQ7q16gWbaSbg3V36mKE2
MBYLGK3KsiMCiQ90emZRjWO2q8y77efZDunZg5DAOBcXFkoeL+0xbeouswIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEoOXW2q5HMfLo43aZNEZLzzBiVCMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvU2c1ZGJhcmtjeDh1ampkcGswUmt2UE1HSlVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIcLd2TO7aZcnabt1d6U
vm0CUKZfrh3ndmBI5Nwfgt0A68eAj3nOi5G4hkpxGIcSKO9gXGaUHz7CX4Rg0Ken
X3EcU/VkwG16X8hVfECQH/1wzVIbSJJtzEQljimXrt5njRn2rZ1SFYJJeTgTsTP1
FMD0LIvOFopPlWrq9aHpXpWIDxvoye8Gp62xxlGHd72fmr+tn/IvqeCNF1Z6yW3O
lfDtfXXXMVRdAe0ZPIkVZ7jTESpw7YM6AixuLeJcwvZNBQW6O3a3FXfyDQj/+X1e
ud+7ZGS+HSEfEqL9UnZhnmHnX7Xfjhos9Nv/lnuU9tw7ht7boB528Q9Pu/1fBaVJ
6gw=
-----END CERTIFICATE-----