Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Y910JsQYN52i1e8YhZqdQIP4o9I.roa
File:                     Y910JsQYN52i1e8YhZqdQIP4o9I.roa (raw, json)
Hash identifier:          mwyBSTIaxf1uN+3q+92rZi/AutMzztBohSvBI20tuHg=
Subject key identifier:   63:DD:74:26:C4:18:37:9D:A2:D5:EF:18:85:9A:9D:40:83:F8:A3:D2
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01873E6C4088E96F7D182C475DBF9529D095
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Y910JsQYN52i1e8YhZqdQIP4o9I.roa
Signing time:             Sat 01 Apr 2023 20:04:54 +0000
ROA not before:           Sat 01 Apr 2023 20:04:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:3e6b:cadf/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:3e:6c:40:88:e9:6f:7d:18:2c:47:5d:bf:95:29:d0:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  1 20:04:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=63dd7426c418379da2d5ef18859a9d4083f8a3d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:71:23:e2:6e:64:95:35:5e:b7:9b:70:fc:48:
                    af:19:fe:53:a1:bb:7c:a1:2a:16:81:fd:38:f0:9c:
                    0f:25:2e:be:85:ca:9b:0b:05:62:3f:40:b4:8b:fa:
                    88:0d:de:40:d5:ef:f9:70:ac:1b:49:fb:b1:af:be:
                    1d:4e:0e:51:90:86:11:14:77:b5:46:55:4b:8d:de:
                    6a:0c:3b:87:96:89:7d:5a:66:52:2d:e4:b9:a3:a1:
                    b0:de:41:f4:a1:05:f6:c1:9e:bc:aa:de:76:5d:b1:
                    15:94:c0:97:c2:b5:3d:e0:e6:46:7a:e6:9f:44:4f:
                    d9:10:d9:f1:32:56:ea:2b:7f:ce:47:39:a9:d1:5c:
                    2e:72:e5:34:3e:4a:a0:7f:0a:80:55:06:3f:97:33:
                    3b:d0:58:98:04:5c:c5:48:aa:77:09:78:c1:d3:b5:
                    95:ee:11:90:ed:28:fd:e2:34:c8:17:a0:d7:7a:4c:
                    2f:a2:05:0c:77:1e:05:7e:11:78:04:47:d1:fe:f1:
                    a3:ce:8d:b0:d9:f3:af:07:5e:44:83:03:8e:7b:a5:
                    5b:77:46:ac:bf:fe:d3:2e:d1:e9:17:86:3e:f4:e7:
                    67:d2:5e:fc:2f:12:08:f6:d2:26:3c:5d:01:84:01:
                    7e:06:57:e1:3c:2d:5c:75:88:26:b9:81:b0:92:44:
                    33:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:DD:74:26:C4:18:37:9D:A2:D5:EF:18:85:9A:9D:40:83:F8:A3:D2
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Y910JsQYN52i1e8YhZqdQIP4o9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         21:b5:17:d0:15:5d:e3:41:d6:a3:3b:68:77:6a:a5:be:4f:94:
         34:d3:cf:9c:71:01:3a:11:c0:10:3f:41:32:5d:4a:72:55:2a:
         d4:8f:b6:7c:87:13:bd:d1:e5:ff:57:8c:69:4e:bf:1f:58:74:
         64:55:7d:e9:bf:de:8f:b2:b9:47:6c:21:18:a9:43:9e:1e:db:
         66:49:0b:85:34:70:ed:39:e6:d5:3f:7f:fb:61:56:c7:e5:7c:
         1e:0a:e7:e3:95:15:af:18:7f:98:b5:3a:43:52:ae:68:00:be:
         05:56:f7:2e:fe:b0:c9:ce:7e:a4:32:26:6b:66:ea:a4:3f:92:
         69:d5:8a:ec:ff:b9:c3:22:50:14:74:e9:37:bf:6c:c7:f6:f1:
         d0:2c:66:6e:d0:ad:6a:3a:76:33:b5:c2:63:7f:72:e1:da:4b:
         9d:ee:7c:d0:21:1f:7b:42:35:04:21:8d:7a:12:19:c0:b3:73:
         d1:17:e0:d4:5d:01:7a:70:0d:dc:b7:fc:de:9d:48:11:49:b1:
         4d:12:6e:0a:2f:74:49:d2:46:d4:db:9c:36:fb:94:c6:8b:71:
         4b:9e:51:6c:47:34:d3:c6:60:54:93:bd:a3:70:53:3b:d2:af:
         da:4d:15:b8:c7:d4:4b:33:89:e5:6c:34:ab:25:19:69:67:8b:
         dc:45:b3:50
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYc+bECI6W99GCxHXb+VKdCVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDAxMjAwNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2RkNzQyNmM0MTgzNzlkYTJkNWVmMTg4NTlhOWQ0MDgzZjhhM2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHEj4m5klTVet5tw/EivGf5Tobt8
oSoWgf048JwPJS6+hcqbCwViP0C0i/qIDd5A1e/5cKwbSfuxr74dTg5RkIYRFHe1
RlVLjd5qDDuHlol9WmZSLeS5o6Gw3kH0oQX2wZ68qt52XbEVlMCXwrU94OZGeuaf
RE/ZENnxMlbqK3/ORzmp0VwucuU0PkqgfwqAVQY/lzM70FiYBFzFSKp3CXjB07WV
7hGQ7Sj94jTIF6DXekwvogUMdx4FfhF4BEfR/vGjzo2w2fOvB15EgwOOe6Vbd0as
v/7TLtHpF4Y+9Odn0l78LxII9tImPF0BhAF+BlfhPC1cdYgmuYGwkkQz0QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGPddCbEGDedotXvGIWanUCD+KPSMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvWTkxMEpzUVlONTJpMWU4WWhacWRRSVA0bzlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACG1F9AVXeNB1qM7aHdq
pb5PlDTTz5xxAToRwBA/QTJdSnJVKtSPtnyHE73R5f9XjGlOvx9YdGRVfem/3o+y
uUdsIRipQ54e22ZJC4U0cO055tU/f/thVsflfB4K5+OVFa8Yf5i1OkNSrmgAvgVW
9y7+sMnOfqQyJmtm6qQ/kmnViuz/ucMiUBR06Te/bMf28dAsZm7QrWo6djO1wmN/
cuHaS53ufNAhH3tCNQQhjXoSGcCzc9EX4NRdAXpwDdy3/N6dSBFJsU0SbgovdEnS
RtTbnDb7lMaLcUueUWxHNNPGYFSTvaNwUzvSr9pNFbjH1EszieVsNKslGWlni9xF
s1A=
-----END CERTIFICATE-----