Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/XnhBxxsJc8R7cxPjz6FBtXQmyCk.roa
File:                     XnhBxxsJc8R7cxPjz6FBtXQmyCk.roa (raw, json)
Hash identifier:          fTCjB4lkm49Z3HLMb2Q/yeWP4nTDYMxJlrdx7rqvDT4=
Subject key identifier:   5E:78:41:C7:1B:09:73:C4:7B:73:13:E3:CF:A1:41:B5:74:26:C8:29
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187126F25BF1C0700A7FDAEFC41718F568B
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/XnhBxxsJc8R7cxPjz6FBtXQmyCk.roa
Signing time:             Fri 24 Mar 2023 07:04:46 +0000
ROA not before:           Fri 24 Mar 2023 07:04:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:187:126e:cfd9/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:12:6f:25:bf:1c:07:00:a7:fd:ae:fc:41:71:8f:56:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 24 07:04:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5e7841c71b0973c47b7313e3cfa141b57426c829
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:53:34:7d:fa:7b:c5:20:d9:65:12:6f:9b:78:
                    78:d1:09:91:30:83:05:bf:a8:37:34:6c:e0:cd:0d:
                    bb:6d:69:23:e9:77:84:f6:63:ca:24:3a:af:b8:4d:
                    a8:21:f0:60:bd:f0:22:cf:91:f5:19:f2:71:1c:62:
                    19:00:ee:c3:41:ef:34:ad:00:6b:d6:76:2c:41:7c:
                    ef:6e:9c:f3:12:01:a5:10:50:1d:68:bd:5b:ee:58:
                    8b:2a:d1:53:a1:85:c1:e8:46:a6:95:52:1e:bf:77:
                    70:a7:fb:d0:c0:d3:c1:cf:1b:d5:af:00:e0:9f:dd:
                    34:ef:3a:74:4e:cf:41:8e:ad:4d:4d:73:08:c7:e8:
                    2b:16:b8:e9:ca:83:cf:74:a4:3b:da:48:16:34:59:
                    05:c1:5e:3c:22:cf:87:66:da:1c:bc:6b:13:cb:f1:
                    31:cd:34:f2:9e:a1:92:24:9b:db:00:91:a3:9a:83:
                    5f:98:e5:de:2e:1d:22:8b:e8:e1:a1:a6:79:e5:a7:
                    1f:ec:e7:37:cc:a4:77:ae:da:63:64:35:5b:e9:d3:
                    2c:05:53:d3:81:60:9b:ab:5a:8e:ba:98:0d:29:12:
                    53:0c:00:d8:b6:0b:6d:22:3e:ae:ae:f2:98:aa:46:
                    50:1d:be:3a:58:e2:d0:53:98:1d:a6:14:20:87:c9:
                    11:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:78:41:C7:1B:09:73:C4:7B:73:13:E3:CF:A1:41:B5:74:26:C8:29
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/XnhBxxsJc8R7cxPjz6FBtXQmyCk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         1b:41:53:94:48:e5:ac:a3:4d:65:c4:37:ea:99:f3:86:ec:d0:
         a1:7c:cd:31:e8:dc:31:a8:a1:c8:c3:41:95:2b:1c:f2:c7:eb:
         e6:a4:e8:8a:1e:b0:b5:9e:91:0b:4f:3d:53:0e:72:f8:8c:5f:
         83:6d:6c:fa:b9:c8:3d:a3:3e:0a:64:94:d9:7d:ee:d4:a4:e3:
         9d:d9:c8:c9:97:99:ef:6c:d9:13:f2:90:29:63:e7:0b:fa:23:
         81:5a:86:14:8f:6c:73:74:2c:5b:93:fe:b2:0e:95:36:69:1c:
         75:38:84:3a:05:5a:af:94:d0:ef:6a:6e:54:35:4f:d7:68:d8:
         40:39:8f:a2:a6:2d:26:31:3b:00:ab:8a:40:72:3d:3f:fb:f0:
         75:1d:f5:1e:7d:0d:4e:1d:6e:98:e1:79:f8:3f:02:40:7f:15:
         69:79:08:f9:49:b8:e8:08:0a:6f:54:3f:29:21:ca:e9:8c:20:
         47:de:88:ea:7a:1f:60:81:c8:bc:ed:c7:86:12:d2:ac:40:53:
         59:f5:9f:e8:d1:69:8b:4e:fa:1d:41:6e:30:47:1f:24:c0:52:
         a7:13:0d:e9:59:5f:5d:48:38:d2:3b:df:54:0b:84:f0:49:48:
         a6:e2:20:3d:59:a3:07:fe:d2:35:4d:e7:2f:1e:d6:94:7d:28:
         f3:d1:b7:8c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcSbyW/HAcAp/2u/EFxj1aLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI0MDcwNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTc4NDFjNzFiMDk3M2M0N2I3MzEzZTNjZmExNDFiNTc0MjZjODI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFM0ffp7xSDZZRJvm3h40QmRMIMF
v6g3NGzgzQ27bWkj6XeE9mPKJDqvuE2oIfBgvfAiz5H1GfJxHGIZAO7DQe80rQBr
1nYsQXzvbpzzEgGlEFAdaL1b7liLKtFToYXB6EamlVIev3dwp/vQwNPBzxvVrwDg
n9007zp0Ts9Bjq1NTXMIx+grFrjpyoPPdKQ72kgWNFkFwV48Is+HZtocvGsTy/Ex
zTTynqGSJJvbAJGjmoNfmOXeLh0ii+jhoaZ55acf7Oc3zKR3rtpjZDVb6dMsBVPT
gWCbq1qOupgNKRJTDADYtgttIj6urvKYqkZQHb46WOLQU5gdphQgh8kRuQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFF54QccbCXPEe3MT48+hQbV0JsgpMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvWG5oQnh4c0pjOFI3Y3hQano2RkJ0WFFteUNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABtBU5RI5ayjTWXEN+qZ
84bs0KF8zTHo3DGoocjDQZUrHPLH6+ak6IoesLWekQtPPVMOcviMX4NtbPq5yD2j
PgpklNl97tSk453ZyMmXme9s2RPykClj5wv6I4FahhSPbHN0LFuT/rIOlTZpHHU4
hDoFWq+U0O9qblQ1T9do2EA5j6KmLSYxOwCrikByPT/78HUd9R59DU4dbpjhefg/
AkB/FWl5CPlJuOgICm9UPykhyumMIEfeiOp6H2CByLztx4YS0qxAU1n1n+jRaYtO
+h1BbjBHHyTAUqcTDelZX11IONI731QLhPBJSKbiID1Zowf+0jVN5y8e1pR9KPPR
t4w=
-----END CERTIFICATE-----