Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cDoFaI8p49NzFxA-QXdJwsOUCHg.roa
File:                     cDoFaI8p49NzFxA-QXdJwsOUCHg.roa (raw, json)
Hash identifier:          VIjiHaQLWkFn8p+87aYMS5uNNmB2FupgzgRIu0BJ+tg=
Subject key identifier:   70:3A:05:68:8F:29:E3:D3:73:17:10:3E:41:77:49:C2:C3:94:08:78
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018748544743D38AF9C74B05A11AEC3B2B8C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cDoFaI8p49NzFxA-QXdJwsOUCHg.roa
Signing time:             Mon 03 Apr 2023 18:14:55 +0000
ROA not before:           Mon 03 Apr 2023 18:14:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:48:54:47:43:d3:8a:f9:c7:4b:05:a1:1a:ec:3b:2b:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  3 18:14:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=703a05688f29e3d37317103e417749c2c3940878
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ba:40:09:22:ad:ca:02:6d:cf:55:2f:12:b7:
                    f0:f1:c3:80:7b:1e:31:b6:99:cd:69:df:fd:f2:0f:
                    9a:55:45:46:6a:5c:10:6e:40:4b:d0:a3:76:51:07:
                    9c:43:4f:a5:34:01:07:60:76:0d:2a:46:ee:13:74:
                    bb:c0:aa:81:08:73:dd:68:0e:2d:17:92:02:fc:1f:
                    e6:d5:80:12:f5:d3:b0:4a:5b:ed:3e:1c:be:37:96:
                    ed:da:39:cb:ac:2e:d2:00:a5:40:96:81:ac:f1:55:
                    ef:da:3e:6f:16:aa:28:67:0b:35:cf:2c:91:9b:e1:
                    fa:d8:47:02:47:1e:02:8e:cf:b5:f3:55:2e:d0:ff:
                    a9:cc:75:68:30:97:35:ff:94:5e:31:70:6f:0f:0b:
                    da:ea:74:b1:a7:d2:42:1c:e5:b8:3c:2c:a4:a9:77:
                    52:e0:80:5e:90:55:82:ac:52:53:85:2c:b7:8f:8c:
                    29:5f:bf:3c:59:db:14:df:ba:8b:5c:a0:20:ae:60:
                    2b:27:63:dd:0b:9e:87:2e:20:28:dc:1f:70:eb:6d:
                    13:88:f7:15:75:9d:b1:ef:cc:78:4e:e1:f5:9d:12:
                    bd:f2:ef:93:08:fe:ac:2c:e5:3f:06:fe:12:a6:0e:
                    44:6a:f3:4b:91:5e:41:01:d9:dd:87:2d:f8:e7:72:
                    d0:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:3A:05:68:8F:29:E3:D3:73:17:10:3E:41:77:49:C2:C3:94:08:78
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cDoFaI8p49NzFxA-QXdJwsOUCHg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         25:36:5b:e7:a5:51:03:b9:fa:cb:f7:8b:10:73:2e:d2:5f:15:
         06:bd:6e:26:1b:61:02:06:05:4e:eb:b5:92:be:fe:d5:c0:35:
         a9:e9:ec:15:79:d3:d8:f4:0a:24:5c:e4:69:34:fc:2b:6f:9f:
         1d:aa:22:54:f1:80:c8:94:4a:31:92:36:89:79:3f:38:fc:0b:
         95:36:b3:fc:2f:b2:b7:7e:86:d1:a9:d9:46:1d:79:7c:16:44:
         27:ac:28:91:e8:71:bb:4c:24:b6:17:7f:7d:df:25:07:df:b0:
         8b:b8:b0:1f:f5:fc:95:ab:bb:c6:33:b8:95:ae:f5:e4:d7:30:
         7d:30:b1:6f:1b:38:3a:b8:0a:88:5a:6b:1b:9e:4d:8e:3c:4b:
         ba:40:e1:ba:39:27:e7:5c:81:34:cd:55:19:e9:7f:d8:1c:79:
         6b:18:6c:ad:0e:b9:f5:9e:1a:8e:0d:52:c6:da:b9:4c:41:98:
         38:a5:03:c8:1f:9d:88:38:e8:12:ad:ca:13:4d:01:4f:5e:9f:
         8d:5a:5a:ae:15:9b:c0:e8:9b:ce:43:9e:f3:75:25:73:ff:8d:
         6d:4f:de:72:82:b7:85:5d:61:ef:68:9e:c0:1d:96:b5:1a:ce:
         67:20:33:b5:f2:a3:1a:1e:6c:7d:c7:82:4b:86:f4:d4:0e:df:
         a1:b9:5a:13
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdIVEdD04r5x0sFoRrsOyuMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDAzMTgxNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDNhMDU2ODhmMjllM2QzNzMxNzEwM2U0MTc3NDljMmMzOTQwODc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm7pACSKtygJtz1UvErfw8cOAex4x
tpnNad/98g+aVUVGalwQbkBL0KN2UQecQ0+lNAEHYHYNKkbuE3S7wKqBCHPdaA4t
F5IC/B/m1YAS9dOwSlvtPhy+N5bt2jnLrC7SAKVAloGs8VXv2j5vFqooZws1zyyR
m+H62EcCRx4Cjs+181Uu0P+pzHVoMJc1/5ReMXBvDwva6nSxp9JCHOW4PCykqXdS
4IBekFWCrFJThSy3j4wpX788WdsU37qLXKAgrmArJ2PdC56HLiAo3B9w620TiPcV
dZ2x78x4TuH1nRK98u+TCP6sLOU/Bv4Spg5EavNLkV5BAdndhy3453LQTwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHA6BWiPKePTcxcQPkF3ScLDlAh4MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvY0RvRmFJOHA0OU56RnhBLVFYZEp3c09VQ0hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACU2W+elUQO5+sv3ixBz
LtJfFQa9biYbYQIGBU7rtZK+/tXANanp7BV509j0CiRc5Gk0/Ctvnx2qIlTxgMiU
SjGSNol5Pzj8C5U2s/wvsrd+htGp2UYdeXwWRCesKJHocbtMJLYXf33fJQffsIu4
sB/1/JWru8YzuJWu9eTXMH0wsW8bODq4CohaaxueTY48S7pA4bo5J+dcgTTNVRnp
f9gceWsYbK0OufWeGo4NUsbauUxBmDilA8gfnYg46BKtyhNNAU9en41aWq4Vm8Do
m85DnvN1JXP/jW1P3nKCt4VdYe9onsAdlrUazmcgM7XyoxoebH3HgkuG9NQO36G5
WhM=
-----END CERTIFICATE-----