Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/dDnmFFlNvrTJi85fuFHhw0oi9gQ.roa
File:                     dDnmFFlNvrTJi85fuFHhw0oi9gQ.roa (raw, json)
Hash identifier:          O2tjvXmQbZaYgm8+a10auCmbJ67ZHPCYDmETj2b13sI=
Subject key identifier:   74:39:E6:14:59:4D:BE:B4:C9:8B:CE:5F:B8:51:E1:C3:4A:22:F6:04
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018744E385ECC13D544637C617033A4FE9CE
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/dDnmFFlNvrTJi85fuFHhw0oi9gQ.roa
Signing time:             Mon 03 Apr 2023 02:12:54 +0000
ROA not before:           Mon 03 Apr 2023 02:12:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:44:e3:85:ec:c1:3d:54:46:37:c6:17:03:3a:4f:e9:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  3 02:12:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7439e614594dbeb4c98bce5fb851e1c34a22f604
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:24:e0:6d:b7:d0:b8:02:a9:44:a7:ad:42:95:
                    43:56:b4:3c:9a:b5:75:95:39:ac:49:e5:5d:25:95:
                    e2:c4:2b:66:9c:36:38:ac:6c:c6:b3:86:f9:f7:b9:
                    84:a0:3a:78:44:bc:76:11:86:8f:cc:63:64:26:5f:
                    04:d5:c2:b4:53:33:06:a2:a1:1a:ff:27:8d:4a:cc:
                    44:43:20:56:59:05:c2:11:46:ea:86:30:38:a0:99:
                    66:69:97:f5:65:60:7a:35:69:6b:2f:c0:6d:4e:ff:
                    70:d5:17:f2:84:7f:98:92:3f:0e:a8:20:31:6c:90:
                    a2:53:c8:09:09:82:67:06:c4:c2:ca:fc:0e:02:69:
                    fa:8c:d3:6d:15:23:0f:dc:30:66:65:5e:b5:af:c2:
                    1f:41:f9:0a:02:57:35:c2:b0:03:98:b7:fe:40:5d:
                    48:0a:2c:81:a0:50:ab:f7:12:51:38:04:27:dd:32:
                    72:69:cd:18:42:9e:d4:90:6f:91:d1:89:d5:7f:07:
                    13:6e:9b:c3:36:80:89:38:6b:87:01:3b:e9:fa:f8:
                    d6:3e:e1:26:25:c6:a9:0c:e3:58:13:91:48:81:16:
                    06:11:c1:f5:c7:8f:fd:e5:16:13:2d:a7:7e:02:ec:
                    c2:09:5f:d9:ca:84:b1:e8:98:fe:d1:a1:2b:4e:c7:
                    66:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:39:E6:14:59:4D:BE:B4:C9:8B:CE:5F:B8:51:E1:C3:4A:22:F6:04
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/dDnmFFlNvrTJi85fuFHhw0oi9gQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:74:21:b8:b5:ce:a2:f8:ff:a4:b4:aa:13:c4:f1:ee:52:fc:
         f9:af:83:6e:35:3c:94:e8:55:2f:aa:71:6b:40:5c:cf:a2:cc:
         3d:a5:0d:43:78:16:ad:bd:fa:12:a7:8a:7d:a6:7f:ce:cc:06:
         b5:e0:ac:17:e8:84:ed:b2:e6:3d:6a:3a:b9:45:a6:14:6a:63:
         e0:e0:08:5a:82:f0:c6:a4:25:15:d9:a8:20:73:a9:0f:0e:48:
         c2:83:fd:1e:c1:c9:6e:31:a8:f6:6f:00:62:5d:4e:de:5f:e5:
         e6:88:c0:41:dc:a9:8a:52:67:fc:d8:c8:24:f6:45:08:13:1f:
         41:fa:58:66:c2:bf:cc:c3:6d:ee:ab:0b:af:f9:85:c0:f6:28:
         c4:99:29:c6:23:04:1a:bc:2b:8b:0a:9a:15:03:1e:1b:13:6f:
         14:f2:94:66:f3:b6:8d:2f:f5:a8:b2:ac:f9:6b:97:a9:fd:24:
         9b:6f:e0:b8:4e:98:cc:a4:48:21:00:e5:5e:b4:c4:16:98:26:
         b0:f7:9e:cc:64:98:79:5f:80:b6:b8:67:af:64:a7:d5:03:13:
         f8:83:34:74:35:2e:25:6d:40:9e:60:01:6e:61:b2:bd:d5:a6:
         36:4d:84:85:a7:bb:a9:77:da:96:40:c9:b6:af:10:67:67:5f:
         b7:54:cb:bd
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdE44XswT1URjfGFwM6T+nOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDAzMDIxMjU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDM5ZTYxNDU5NGRiZWI0Yzk4YmNlNWZiODUxZTFjMzRhMjJmNjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnCTgbbfQuAKpRKetQpVDVrQ8mrV1
lTmsSeVdJZXixCtmnDY4rGzGs4b597mEoDp4RLx2EYaPzGNkJl8E1cK0UzMGoqEa
/yeNSsxEQyBWWQXCEUbqhjA4oJlmaZf1ZWB6NWlrL8BtTv9w1RfyhH+Ykj8OqCAx
bJCiU8gJCYJnBsTCyvwOAmn6jNNtFSMP3DBmZV61r8IfQfkKAlc1wrADmLf+QF1I
CiyBoFCr9xJROAQn3TJyac0YQp7UkG+R0YnVfwcTbpvDNoCJOGuHATvp+vjWPuEm
JcapDONYE5FIgRYGEcH1x4/95RYTLad+AuzCCV/ZyoSx6Jj+0aErTsdm1QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHQ55hRZTb60yYvOX7hR4cNKIvYEMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvZERubUZGbE52clRKaTg1ZnVGSGh3MG9pOWdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACJ0Ibi1zqL4/6S0qhPE
8e5S/Pmvg241PJToVS+qcWtAXM+izD2lDUN4Fq29+hKnin2mf87MBrXgrBfohO2y
5j1qOrlFphRqY+DgCFqC8MakJRXZqCBzqQ8OSMKD/R7ByW4xqPZvAGJdTt5f5eaI
wEHcqYpSZ/zYyCT2RQgTH0H6WGbCv8zDbe6rC6/5hcD2KMSZKcYjBBq8K4sKmhUD
HhsTbxTylGbzto0v9aiyrPlrl6n9JJtv4LhOmMykSCEA5V60xBaYJrD3nsxkmHlf
gLa4Z69kp9UDE/iDNHQ1LiVtQJ5gAW5hsr3VpjZNhIWnu6l32pZAybavEGdnX7dU
y70=
-----END CERTIFICATE-----