Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/dOYi1QHpW3_nU_nrjk3WgfgDCnI.roa
File:                     dOYi1QHpW3_nU_nrjk3WgfgDCnI.roa (raw, json)
Hash identifier:          gxWlfkfHi32EH/kKtU9UHzL5ICJNO2IYlfZC5Trz5e4=
Subject key identifier:   74:E6:22:D5:01:E9:5B:7F:E7:53:F9:EB:8E:4D:D6:81:F8:03:0A:72
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186ECB14AAD62AA59BD066C66644F481D1E
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/dOYi1QHpW3_nU_nrjk3WgfgDCnI.roa
Signing time:             Thu 16 Mar 2023 23:11:27 +0000
ROA not before:           Thu 16 Mar 2023 23:11:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:ec:b1:4a:ad:62:aa:59:bd:06:6c:66:64:4f:48:1d:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 16 23:11:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=74e622d501e95b7fe753f9eb8e4dd681f8030a72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:24:37:f3:3d:43:d7:78:f4:18:ad:3a:79:54:
                    db:77:51:3c:8f:42:12:da:8f:60:27:81:32:a3:f6:
                    18:07:3d:d3:ad:7f:dd:d2:8e:41:82:c4:61:64:08:
                    a8:7e:9a:ac:e1:9a:7d:25:2c:34:b0:a1:eb:65:d4:
                    b4:6e:0c:b8:07:43:79:97:f0:69:80:44:b5:45:cf:
                    b4:8a:e6:74:76:2d:d1:18:04:24:8e:8b:78:56:08:
                    eb:94:1a:96:bc:02:4d:4d:f5:dd:55:87:d4:fb:8b:
                    ec:4f:2d:62:0a:2a:20:44:ac:97:1e:75:de:4f:d8:
                    e0:af:05:9b:a6:69:b8:fa:6a:21:51:19:a6:19:1f:
                    8d:49:bc:21:a3:e2:50:06:bb:40:9b:ac:c4:57:be:
                    a8:ca:4a:ad:8d:a3:8c:28:4a:4e:8e:2a:62:33:24:
                    84:65:3e:81:77:8d:3c:c4:04:ef:7d:09:40:49:e6:
                    e1:f3:d2:41:8b:34:6a:75:af:4a:65:c5:58:3e:24:
                    4b:0f:21:ee:fa:7e:83:19:2f:98:dd:55:f1:bb:09:
                    a7:b1:b8:34:42:46:dd:f0:fe:5a:5f:01:ec:3e:a6:
                    53:a9:88:dc:15:74:36:ed:fb:0e:2b:d6:f5:1d:1a:
                    f9:b9:7e:4d:02:61:c4:a2:7e:4f:a3:bc:77:aa:a4:
                    b9:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:E6:22:D5:01:E9:5B:7F:E7:53:F9:EB:8E:4D:D6:81:F8:03:0A:72
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/dOYi1QHpW3_nU_nrjk3WgfgDCnI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         42:9d:fa:8c:32:cf:97:de:82:72:ba:2c:65:3c:68:e1:8f:8d:
         82:65:1f:27:d0:5b:ed:e3:0c:66:8e:37:43:0e:c6:20:ab:38:
         54:58:12:21:4a:c8:18:ad:52:fa:20:62:60:b4:69:b6:80:05:
         ee:e8:68:e7:3c:7c:bd:0c:c0:bc:79:84:e6:af:a9:04:34:25:
         2a:c9:a4:1c:67:04:67:06:96:16:df:b7:8d:c9:48:42:cb:9f:
         2c:3d:9f:85:c2:79:24:32:cb:b9:e0:1e:35:09:dc:bc:1b:c5:
         12:de:2c:e2:d5:cf:fb:a7:66:b4:d4:5e:b2:1a:c6:d8:fd:eb:
         3a:47:09:b1:cf:6a:50:92:c6:0c:73:57:47:58:66:6c:05:15:
         7e:04:00:51:c7:79:0c:4a:c1:5c:82:59:f4:69:91:8b:fa:bb:
         27:2a:fb:ae:eb:50:e3:20:30:93:9c:b6:03:95:08:11:24:c2:
         2d:87:e2:80:8d:22:80:f3:3b:08:2b:52:9f:b4:76:af:44:a9:
         57:35:da:ba:63:88:23:c4:2c:b9:c1:c4:40:b3:3a:e0:b4:74:
         e3:96:ff:f6:db:d3:6c:9f:0f:da:72:64:37:fa:a5:68:6d:e6:
         00:16:3d:84:60:df:b8:16:e7:fe:0b:48:83:da:f6:aa:e2:82:
         47:c4:5f:5f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbssUqtYqpZvQZsZmRPSB0eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzE2MjMxMTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGU2MjJkNTAxZTk1YjdmZTc1M2Y5ZWI4ZTRkZDY4MWY4MDMwYTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApSQ38z1D13j0GK06eVTbd1E8j0IS
2o9gJ4Eyo/YYBz3TrX/d0o5BgsRhZAiofpqs4Zp9JSw0sKHrZdS0bgy4B0N5l/Bp
gES1Rc+0iuZ0di3RGAQkjot4VgjrlBqWvAJNTfXdVYfU+4vsTy1iCiogRKyXHnXe
T9jgrwWbpmm4+mohURmmGR+NSbwho+JQBrtAm6zEV76oykqtjaOMKEpOjipiMySE
ZT6Bd408xATvfQlASebh89JBizRqda9KZcVYPiRLDyHu+n6DGS+Y3VXxuwmnsbg0
Qkbd8P5aXwHsPqZTqYjcFXQ27fsOK9b1HRr5uX5NAmHEon5Po7x3qqS5GQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHTmItUB6Vt/51P5645N1oH4AwpyMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvZE9ZaTFRSHBXM19uVV9ucmprM1dnZmdEQ25JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEKd+owyz5fegnK6LGU8
aOGPjYJlHyfQW+3jDGaON0MOxiCrOFRYEiFKyBitUvogYmC0abaABe7oaOc8fL0M
wLx5hOavqQQ0JSrJpBxnBGcGlhbft43JSELLnyw9n4XCeSQyy7ngHjUJ3LwbxRLe
LOLVz/unZrTUXrIaxtj96zpHCbHPalCSxgxzV0dYZmwFFX4EAFHHeQxKwVyCWfRp
kYv6uycq+67rUOMgMJOctgOVCBEkwi2H4oCNIoDzOwgrUp+0dq9EqVc12rpjiCPE
LLnBxECzOuC0dOOW//bb02yfD9pyZDf6pWht5gAWPYRg37gW5/4LSIPa9qrigkfE
X18=
-----END CERTIFICATE-----