Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/UpkubE9COewlZev5TayDcwvIkic.roa
File:                     UpkubE9COewlZev5TayDcwvIkic.roa (raw, json)
Hash identifier:          lug5omYeC6Nm88NgPlhWMv4pQFyrOnH+QBSGsGxUqFg=
Subject key identifier:   52:99:2E:6C:4F:42:39:EC:25:65:EB:F9:4D:AC:83:73:0B:C8:92:27
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187FEB4B8E2E6B22069AA887C34D21E4BB4
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/UpkubE9COewlZev5TayDcwvIkic.roa
Signing time:             Tue 09 May 2023 04:11:09 +0000
ROA not before:           Tue 09 May 2023 04:11:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:fe:b4:b8:e2:e6:b2:20:69:aa:88:7c:34:d2:1e:4b:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  9 04:11:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=52992e6c4f4239ec2565ebf94dac83730bc89227
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:08:cd:1f:0f:97:77:b2:2e:bd:fb:87:cb:90:
                    a5:42:41:1f:c3:9a:7e:e8:2e:a2:09:7d:84:3e:e7:
                    70:42:d9:06:21:54:79:85:c3:26:09:bb:b7:4a:34:
                    c8:49:37:74:ad:fd:4e:8a:a7:ec:3c:c8:fa:40:9c:
                    bb:81:dc:25:87:da:6c:b7:43:e5:60:fe:08:22:82:
                    7c:95:5f:22:4a:fa:76:53:19:78:67:bf:fc:de:cd:
                    8f:a5:f5:90:7f:35:01:7b:ae:42:49:cd:68:ba:88:
                    74:fd:97:4d:6d:a4:e9:81:37:f4:49:12:a3:23:11:
                    64:a6:6e:70:aa:9b:64:ed:d2:83:55:76:0b:ea:dc:
                    e6:09:23:f0:0c:fa:6b:78:71:a3:c4:15:2b:37:ac:
                    93:f9:f3:1b:f1:ed:5c:1d:2e:cb:d2:f7:58:e6:f3:
                    22:36:54:d1:d2:63:28:bd:28:fd:56:34:17:52:d3:
                    97:44:67:28:ee:77:77:35:a2:80:b7:38:e1:4f:b1:
                    d4:f2:92:28:af:f9:46:ca:1c:a2:aa:5f:d6:50:e3:
                    67:c9:d5:39:ce:2b:ed:01:6b:02:4b:f5:e0:22:ad:
                    86:06:17:92:74:3f:b8:4e:39:b0:e4:16:a2:d7:9a:
                    65:8f:0e:72:de:9b:ac:cb:96:2f:9f:91:c2:5c:5d:
                    bb:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:99:2E:6C:4F:42:39:EC:25:65:EB:F9:4D:AC:83:73:0B:C8:92:27
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/UpkubE9COewlZev5TayDcwvIkic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         3c:ab:a4:99:32:5c:14:93:25:9a:b8:f8:5f:52:ac:90:2c:10:
         cc:8d:2f:4b:36:28:51:78:0d:51:c0:df:b6:ed:bb:e7:28:20:
         d2:26:80:36:41:8e:be:c7:81:dd:3c:8a:81:9f:4b:b7:5c:8a:
         17:7b:19:57:4a:e6:3d:ca:8d:dc:a8:03:37:b4:81:8a:87:28:
         92:10:d1:c1:72:94:0d:8b:3d:b3:c5:5c:a4:ea:ed:c3:d3:da:
         66:34:9c:ee:a3:56:4c:c1:45:ee:39:31:2d:e2:b3:69:b0:ee:
         b4:e8:d8:60:89:77:d3:e2:23:92:7a:97:25:80:a3:8a:fd:9b:
         f2:f2:d5:7e:e8:17:a7:27:28:db:4b:3d:46:cc:41:30:ae:e5:
         34:28:20:23:38:34:cf:21:c3:e9:48:aa:71:4b:83:c9:5c:32:
         cd:3b:38:9e:4f:d3:ed:b0:9b:ca:2f:8c:4e:e1:e1:de:4b:51:
         a9:44:2c:d3:6d:32:28:9e:6f:99:ac:52:a4:f5:28:65:8f:a0:
         5d:d4:78:55:15:43:5b:cb:fa:c5:10:68:14:e1:4a:57:ae:2d:
         92:62:2e:7d:bd:16:29:12:9f:0b:97:18:84:2b:3c:9c:62:87:
         55:94:ab:65:b1:73:d8:78:d7:cd:12:d9:f1:33:3d:8a:d2:30:
         f5:b4:df:1d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYf+tLji5rIgaaqIfDTSHku0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA5MDQxMTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Mjk5MmU2YzRmNDIzOWVjMjU2NWViZjk0ZGFjODM3MzBiYzg5MjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzAjNHw+Xd7IuvfuHy5ClQkEfw5p+
6C6iCX2EPudwQtkGIVR5hcMmCbu3SjTISTd0rf1OiqfsPMj6QJy7gdwlh9pst0Pl
YP4IIoJ8lV8iSvp2Uxl4Z7/83s2PpfWQfzUBe65CSc1ouoh0/ZdNbaTpgTf0SRKj
IxFkpm5wqptk7dKDVXYL6tzmCSPwDPpreHGjxBUrN6yT+fMb8e1cHS7L0vdY5vMi
NlTR0mMovSj9VjQXUtOXRGco7nd3NaKAtzjhT7HU8pIor/lGyhyiql/WUONnydU5
zivtAWsCS/XgIq2GBheSdD+4Tjmw5Bai15pljw5y3pusy5Yvn5HCXF27IwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFKZLmxPQjnsJWXr+U2sg3MLyJInMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvVXBrdWJFOUNPZXdsWmV2NVRheURjd3ZJa2ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADyrpJkyXBSTJZq4+F9S
rJAsEMyNL0s2KFF4DVHA37btu+coINImgDZBjr7Hgd08ioGfS7dcihd7GVdK5j3K
jdyoAze0gYqHKJIQ0cFylA2LPbPFXKTq7cPT2mY0nO6jVkzBRe45MS3is2mw7rTo
2GCJd9PiI5J6lyWAo4r9m/Ly1X7oF6cnKNtLPUbMQTCu5TQoICM4NM8hw+lIqnFL
g8lcMs07OJ5P0+2wm8ovjE7h4d5LUalELNNtMiieb5msUqT1KGWPoF3UeFUVQ1vL
+sUQaBThSleuLZJiLn29FikSnwuXGIQrPJxih1WUq2Wxc9h4180S2fEzPYrSMPW0
3x0=
-----END CERTIFICATE-----