Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/d_XWnraEBM625m7yXKA4RpTtfk8.roa
File:                     d_XWnraEBM625m7yXKA4RpTtfk8.roa (raw, json)
Hash identifier:          7IFBkMlk3/i83iSrzdyLIv90XPimQa7BHa4gaguGGpA=
Subject key identifier:   77:F5:D6:9E:B6:84:04:CE:B6:E6:6E:F2:5C:A0:38:46:94:ED:7E:4F
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187910F25C54664D0E7F761C44A25F74B50
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/d_XWnraEBM625m7yXKA4RpTtfk8.roa
Signing time:             Mon 17 Apr 2023 21:11:41 +0000
ROA not before:           Mon 17 Apr 2023 21:11:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:91:0f:25:c5:46:64:d0:e7:f7:61:c4:4a:25:f7:4b:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 17 21:11:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=77f5d69eb68404ceb6e66ef25ca0384694ed7e4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ac:2c:4f:c9:77:be:1c:f6:e2:68:30:08:5d:
                    e4:79:3a:66:c1:e1:04:47:2a:1b:69:22:a7:23:be:
                    90:c2:f4:52:db:29:bc:55:0c:a5:56:18:9d:3a:92:
                    d6:64:9d:cc:cf:b9:ee:bc:f1:a3:50:c0:94:14:12:
                    8d:41:76:00:7f:68:65:57:4f:2a:fd:43:3a:0c:c1:
                    15:af:6f:35:e6:ae:39:09:60:69:79:ed:7b:ed:79:
                    31:80:1e:81:35:52:b1:10:3d:6d:6b:d2:78:df:9f:
                    17:8f:e7:22:ec:a1:33:2a:f9:e1:2e:b6:69:f9:34:
                    52:31:04:6d:c3:41:d7:6c:39:ef:e4:18:bd:37:e8:
                    6c:29:03:53:3f:4b:5d:f7:85:72:ca:76:c2:2b:f4:
                    f1:40:77:3a:4a:a9:dd:be:86:16:88:12:b0:54:29:
                    10:e9:9c:5a:4b:9b:45:c2:92:65:9f:32:be:19:29:
                    ae:1a:c6:64:f5:2f:fc:c4:6c:2b:c0:5b:f1:3c:4f:
                    fc:37:70:52:5e:29:7d:eb:3b:a5:04:70:c5:90:76:
                    a2:c7:98:f3:ae:12:70:3c:5b:2d:21:93:5f:13:c9:
                    db:e5:7e:f7:a6:5f:1a:4c:54:71:fc:23:44:d4:1b:
                    50:19:ce:16:6e:c5:f0:2f:74:24:b9:51:7e:f9:be:
                    e8:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:F5:D6:9E:B6:84:04:CE:B6:E6:6E:F2:5C:A0:38:46:94:ED:7E:4F
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/d_XWnraEBM625m7yXKA4RpTtfk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         5c:fa:0b:60:9f:60:d2:57:89:f8:5c:5e:15:a6:23:8a:a9:17:
         e9:aa:fe:e0:b3:f8:44:06:d8:6d:b3:c8:51:33:8f:6a:f7:cf:
         a1:bd:1d:bd:a5:71:db:8e:ee:e9:40:2a:66:28:4c:2b:03:d0:
         4b:86:7c:df:93:89:e4:4e:6d:0b:3b:dd:c2:61:30:24:cc:b6:
         af:99:f8:9e:a8:79:f3:92:17:f2:85:8a:b6:de:5f:0f:18:5b:
         f5:99:3f:56:38:ad:2b:f5:4a:77:07:09:1d:2d:81:5f:59:da:
         20:50:f8:95:7d:3e:1e:1d:1e:06:b9:f4:97:5c:6a:71:38:a4:
         9b:63:2a:39:35:36:41:8c:ed:94:c3:93:aa:03:9e:7d:c3:66:
         2c:d3:c7:a6:62:19:3e:5c:25:25:66:36:0a:e4:ef:ff:84:3b:
         d1:50:b1:05:c8:5f:ec:59:0f:7d:56:06:17:44:c4:c6:40:b5:
         d8:21:11:8b:be:4f:40:9b:aa:b4:96:18:d5:95:3d:15:14:0b:
         df:69:54:42:91:30:16:5b:c4:8f:ca:54:79:b7:98:68:e6:92:
         0a:11:01:d0:d3:6c:89:cc:8b:3c:ea:d3:bb:80:c2:44:32:6d:
         08:20:83:e7:a3:63:7d:2e:e5:a0:18:1c:32:b4:2a:7c:7b:0c:
         ae:d3:5b:f8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYeRDyXFRmTQ5/dhxEol90tQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDE3MjExMTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2Y1ZDY5ZWI2ODQwNGNlYjZlNjZlZjI1Y2EwMzg0Njk0ZWQ3ZTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6wsT8l3vhz24mgwCF3keTpmweEE
RyobaSKnI76QwvRS2ym8VQylVhidOpLWZJ3Mz7nuvPGjUMCUFBKNQXYAf2hlV08q
/UM6DMEVr2815q45CWBpee177XkxgB6BNVKxED1ta9J4358Xj+ci7KEzKvnhLrZp
+TRSMQRtw0HXbDnv5Bi9N+hsKQNTP0td94VyynbCK/TxQHc6SqndvoYWiBKwVCkQ
6ZxaS5tFwpJlnzK+GSmuGsZk9S/8xGwrwFvxPE/8N3BSXil96zulBHDFkHaix5jz
rhJwPFstIZNfE8nb5X73pl8aTFRx/CNE1BtQGc4WbsXwL3QkuVF++b7oqQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHf11p62hATOtuZu8lygOEaU7X5PMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvZF9YV25yYUVCTTYyNW03eVhLQTRScFR0Zms4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFz6C2CfYNJXifhcXhWm
I4qpF+mq/uCz+EQG2G2zyFEzj2r3z6G9Hb2lcduO7ulAKmYoTCsD0EuGfN+TieRO
bQs73cJhMCTMtq+Z+J6oefOSF/KFirbeXw8YW/WZP1Y4rSv1SncHCR0tgV9Z2iBQ
+JV9Ph4dHga59JdcanE4pJtjKjk1NkGM7ZTDk6oDnn3DZizTx6ZiGT5cJSVmNgrk
7/+EO9FQsQXIX+xZD31WBhdExMZAtdghEYu+T0CbqrSWGNWVPRUUC99pVEKRMBZb
xI/KVHm3mGjmkgoRAdDTbInMizzq07uAwkQybQggg+ejY30u5aAYHDK0Knx7DK7T
W/g=
-----END CERTIFICATE-----