Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cIftkkB2h1e9X1g_okNPTFcbge4.roa
File:                     cIftkkB2h1e9X1g_okNPTFcbge4.roa (raw, json)
Hash identifier:          TgDIG68/fbBmZvflPbgbkK4kZhr1e1/nzBwFj23qb1A=
Subject key identifier:   70:87:ED:92:40:76:87:57:BD:5F:58:3F:A2:43:4F:4C:57:1B:81:EE
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018875270865A7CAFD9EE2AA3A14ECC30B36
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cIftkkB2h1e9X1g_okNPTFcbge4.roa
Signing time:             Thu 01 Jun 2023 04:11:12 +0000
ROA not before:           Thu 01 Jun 2023 04:11:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:75:27:08:65:a7:ca:fd:9e:e2:aa:3a:14:ec:c3:0b:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  1 04:11:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7087ed9240768757bd5f583fa2434f4c571b81ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:d1:c3:57:df:40:35:2a:36:54:60:8d:df:a6:
                    fa:f4:1a:8f:c0:65:b9:b2:60:6a:5e:a3:18:c9:ca:
                    86:7e:5f:ab:0a:87:63:0e:67:2a:60:3a:db:85:d1:
                    d0:f4:12:98:7a:e0:39:da:6a:aa:22:fc:6a:62:82:
                    45:e8:11:1d:a4:2d:98:36:6f:b9:80:c8:b4:ad:1b:
                    2e:89:93:26:e1:3f:2f:cc:14:15:6b:4a:e3:a2:62:
                    00:47:fa:57:89:a9:10:1a:4f:56:44:4e:46:67:3b:
                    53:e0:68:4d:e9:85:4f:8d:01:9c:d0:3e:0c:64:a6:
                    28:dd:5e:24:c5:fd:19:39:84:fd:3c:9f:0b:df:97:
                    eb:7b:9a:ee:75:3a:95:01:34:80:68:43:cf:42:30:
                    36:b9:4d:d1:d0:e0:70:77:99:86:e0:90:71:76:43:
                    0f:c0:37:72:72:fb:19:80:5d:8d:27:b0:7a:67:27:
                    f2:f7:7d:94:bb:37:c1:94:6c:7c:c3:f6:5d:50:eb:
                    b7:97:28:c0:d0:88:c1:6f:21:0f:1c:95:5d:b8:30:
                    be:cf:27:f9:28:09:b9:31:01:ae:23:14:1b:a9:f7:
                    d3:83:e5:8a:6e:6f:06:4f:75:93:07:8f:ee:85:04:
                    e6:ab:9e:4d:82:86:7c:fc:72:a0:ae:ac:99:3b:98:
                    44:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:87:ED:92:40:76:87:57:BD:5F:58:3F:A2:43:4F:4C:57:1B:81:EE
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cIftkkB2h1e9X1g_okNPTFcbge4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         9d:21:2b:36:8b:e4:bd:96:f0:7b:00:90:6d:ef:06:08:e1:8b:
         7c:67:71:8e:b2:04:12:f8:ee:17:83:6f:07:ba:4c:f3:52:d2:
         90:93:01:9b:56:08:b8:e4:8e:49:a5:6f:ca:68:24:1f:59:af:
         15:fb:dc:ac:0c:79:13:c3:e1:b3:97:13:39:e2:0f:25:01:1d:
         b4:03:07:ee:15:7f:8c:cf:c1:5b:a7:0b:2d:99:40:cf:62:2c:
         ac:a5:7b:52:69:82:4f:a4:f8:e4:db:a8:ad:de:26:ba:c7:54:
         a3:02:52:e9:26:68:8b:6c:fb:89:1c:6b:c6:cd:cc:06:a0:32:
         76:4d:2a:7c:1c:21:ff:51:0e:84:7b:01:79:17:0c:ab:08:e3:
         93:ae:12:a1:eb:67:7a:e3:db:32:ed:ab:0a:63:b5:4b:47:3b:
         bb:c3:0e:02:2e:c7:c9:4e:f9:93:f0:de:e3:c7:7d:5b:2a:72:
         81:9c:77:fe:7a:d0:e2:70:4f:1d:a5:31:2f:ae:b5:4f:72:7d:
         19:a3:9d:00:33:09:25:4a:98:70:8c:7c:f8:f8:34:05:56:55:
         4a:52:f1:52:04:be:05:ae:bd:17:0f:42:7b:e2:f6:d2:db:d5:
         39:93:ed:1d:aa:fe:b4:22:76:3f:9f:59:86:94:06:ba:5d:ec:
         fe:0f:1d:e7
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYh1Jwhlp8r9nuKqOhTswws2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjAxMDQxMTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDg3ZWQ5MjQwNzY4NzU3YmQ1ZjU4M2ZhMjQzNGY0YzU3MWI4MWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdHDV99ANSo2VGCN36b69BqPwGW5
smBqXqMYycqGfl+rCodjDmcqYDrbhdHQ9BKYeuA52mqqIvxqYoJF6BEdpC2YNm+5
gMi0rRsuiZMm4T8vzBQVa0rjomIAR/pXiakQGk9WRE5GZztT4GhN6YVPjQGc0D4M
ZKYo3V4kxf0ZOYT9PJ8L35fre5rudTqVATSAaEPPQjA2uU3R0OBwd5mG4JBxdkMP
wDdycvsZgF2NJ7B6Zyfy932UuzfBlGx8w/ZdUOu3lyjA0IjBbyEPHJVduDC+zyf5
KAm5MQGuIxQbqffTg+WKbm8GT3WTB4/uhQTmq55NgoZ8/HKgrqyZO5hEaQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHCH7ZJAdodXvV9YP6JDT0xXG4HuMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvY0lmdGtrQjJoMWU5WDFnX29rTlBURmNiZ2U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJ0hKzaL5L2W8HsAkG3v
Bgjhi3xncY6yBBL47heDbwe6TPNS0pCTAZtWCLjkjkmlb8poJB9ZrxX73KwMeRPD
4bOXEzniDyUBHbQDB+4Vf4zPwVunCy2ZQM9iLKyle1Jpgk+k+OTbqK3eJrrHVKMC
UukmaIts+4kca8bNzAagMnZNKnwcIf9RDoR7AXkXDKsI45OuEqHrZ3rj2zLtqwpj
tUtHO7vDDgIux8lO+ZPw3uPHfVsqcoGcd/560OJwTx2lMS+utU9yfRmjnQAzCSVK
mHCMfPj4NAVWVUpS8VIEvgWuvRcPQnvi9tLb1TmT7R2q/rQidj+fWYaUBrpd7P4P
Hec=
-----END CERTIFICATE-----