Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/g8br_kdlp6OEahV9qG4Ub4egx7k.roa
File:                     g8br_kdlp6OEahV9qG4Ub4egx7k.roa (raw, json)
Hash identifier:          Ie6qd6bACq3bZKCX9sIF2h1PvvecqfXYGyQ4FeIeR5w=
Subject key identifier:   83:C6:EB:FE:47:65:A7:A3:84:6A:15:7D:A8:6E:14:6F:87:A0:C7:B9
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01877898F06867933E3462B7FF374CB4CF42
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/g8br_kdlp6OEahV9qG4Ub4egx7k.roa
Signing time:             Thu 13 Apr 2023 03:11:41 +0000
ROA not before:           Thu 13 Apr 2023 03:11:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:78:98:f0:68:67:93:3e:34:62:b7:ff:37:4c:b4:cf:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 13 03:11:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=83c6ebfe4765a7a3846a157da86e146f87a0c7b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:e7:9e:9b:c2:32:ba:c0:50:15:3a:b0:03:9c:
                    84:66:0c:4f:e6:fd:dd:83:dd:71:b6:0e:f1:12:05:
                    71:b8:ca:30:c1:39:15:0b:be:1a:65:3f:4d:4b:31:
                    87:35:05:3f:b4:ba:c7:bd:88:07:66:0c:1a:6d:72:
                    60:c2:cb:6f:4d:40:b1:20:15:12:fa:05:b9:68:8c:
                    7f:0a:57:cc:ba:0f:65:42:28:75:76:d3:38:d9:82:
                    5d:43:e1:e8:ab:96:46:41:fe:e6:ae:60:e1:3f:66:
                    27:b4:0b:29:07:04:8a:c7:6e:70:5f:2f:e1:59:eb:
                    4d:f3:61:f1:75:8c:9c:3f:4c:01:29:52:7f:07:2b:
                    4e:65:94:3f:b7:1f:76:3a:e6:c3:00:92:1a:ce:41:
                    46:ac:0b:04:39:fb:84:c3:a3:28:e0:b8:71:a5:15:
                    7e:e2:69:ee:28:a9:85:5f:d8:72:62:b5:4b:13:cf:
                    30:5c:cb:7d:06:9d:eb:6d:76:9e:2a:9f:a7:3d:cd:
                    68:36:2a:3e:03:be:ea:ea:be:ad:c1:ad:2d:e3:bd:
                    5f:75:f2:96:18:28:55:04:17:25:9a:f1:1a:48:aa:
                    2d:c0:39:ee:ce:48:d9:c9:52:e1:c4:98:e9:2d:62:
                    db:4e:b3:5e:cb:16:e6:62:9d:f2:57:ce:55:ee:12:
                    d6:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:C6:EB:FE:47:65:A7:A3:84:6A:15:7D:A8:6E:14:6F:87:A0:C7:B9
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/g8br_kdlp6OEahV9qG4Ub4egx7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:3b:ed:40:b3:84:76:39:e1:e1:64:cd:dd:6c:53:3c:6e:7d:
         da:78:9f:da:59:d5:53:f1:de:c7:65:fb:82:82:65:ac:4d:41:
         47:f0:b4:75:2a:e8:73:47:93:fb:04:e6:2c:77:ae:33:86:28:
         de:97:fe:a9:ba:fe:4a:52:5c:c5:1e:14:82:1a:28:f8:1d:dc:
         71:ea:c8:4e:56:b5:88:3a:ec:c5:e1:d9:5d:56:51:52:03:53:
         39:bc:e7:f1:a6:45:dc:a0:77:46:35:68:fe:6f:cb:46:3e:ae:
         9a:7d:9f:35:4b:ed:b9:4d:ed:91:b6:c9:2e:4e:a7:74:8e:6f:
         e9:65:21:92:e1:c3:5d:c9:87:c3:01:ef:35:5e:8d:60:63:96:
         0e:f9:d3:08:58:6a:39:ab:4a:54:7b:e2:26:78:a9:c7:40:5e:
         af:e5:39:54:4b:20:c7:3f:ca:d6:71:df:a6:59:91:5c:d1:80:
         bb:4b:28:aa:a2:01:93:37:61:f9:53:fe:d5:cc:82:7a:d3:64:
         27:a0:6d:c1:35:a0:7a:4d:17:ba:7a:a1:05:b0:90:41:76:dd:
         be:87:1f:62:c0:ed:fb:cd:71:cd:ff:d0:55:86:4e:da:f9:56:
         2c:96:d3:35:01:ad:8b:1c:52:5d:40:96:c9:c7:e1:b2:e4:0f:
         ea:be:5a:6d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYd4mPBoZ5M+NGK3/zdMtM9CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDEzMDMxMTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2M2ZWJmZTQ3NjVhN2EzODQ2YTE1N2RhODZlMTQ2Zjg3YTBjN2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAleeem8IyusBQFTqwA5yEZgxP5v3d
g91xtg7xEgVxuMowwTkVC74aZT9NSzGHNQU/tLrHvYgHZgwabXJgwstvTUCxIBUS
+gW5aIx/ClfMug9lQih1dtM42YJdQ+Hoq5ZGQf7mrmDhP2YntAspBwSKx25wXy/h
WetN82HxdYycP0wBKVJ/BytOZZQ/tx92OubDAJIazkFGrAsEOfuEw6Mo4LhxpRV+
4mnuKKmFX9hyYrVLE88wXMt9Bp3rbXaeKp+nPc1oNio+A77q6r6twa0t471fdfKW
GChVBBclmvEaSKotwDnuzkjZyVLhxJjpLWLbTrNeyxbmYp3yV85V7hLWOQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIPG6/5HZaejhGoVfahuFG+HoMe5MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvZzhicl9rZGxwNk9FYWhWOXFHNFViNGVneDdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABw77UCzhHY54eFkzd1s
Uzxufdp4n9pZ1VPx3sdl+4KCZaxNQUfwtHUq6HNHk/sE5ix3rjOGKN6X/qm6/kpS
XMUeFIIaKPgd3HHqyE5WtYg67MXh2V1WUVIDUzm85/GmRdygd0Y1aP5vy0Y+rpp9
nzVL7blN7ZG2yS5Op3SOb+llIZLhw13Jh8MB7zVejWBjlg750whYajmrSlR74iZ4
qcdAXq/lOVRLIMc/ytZx36ZZkVzRgLtLKKqiAZM3YflT/tXMgnrTZCegbcE1oHpN
F7p6oQWwkEF23b6HH2LA7fvNcc3/0FWGTtr5ViyW0zUBrYscUl1AlsnH4bLkD+q+
Wm0=
-----END CERTIFICATE-----