Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/gzKwL9lqL59HV7JsFh5GJAgGcLY.roa
File:                     gzKwL9lqL59HV7JsFh5GJAgGcLY.roa (raw, json)
Hash identifier:          svmHEiM1M+Td8DDrwyREr7wj4lt3mUJdPV1W4HYf5gY=
Subject key identifier:   83:32:B0:2F:D9:6A:2F:9F:47:57:B2:6C:16:1E:46:24:08:06:70:B6
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187DB833A30999EB6A812611D27F8BEC485
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/gzKwL9lqL59HV7JsFh5GJAgGcLY.roa
Signing time:             Tue 02 May 2023 08:10:23 +0000
ROA not before:           Tue 02 May 2023 08:10:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:db:83:3a:30:99:9e:b6:a8:12:61:1d:27:f8:be:c4:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  2 08:10:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8332b02fd96a2f9f4757b26c161e4624080670b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:45:63:e6:bf:d8:85:52:e1:0d:50:c5:0c:d1:
                    ec:a9:60:d8:10:15:14:96:0a:8a:ad:1f:d0:76:0d:
                    a9:68:44:48:b8:77:11:92:b9:9a:af:e6:da:eb:c7:
                    5b:3b:d3:e0:63:cc:50:da:46:77:50:1b:d1:f4:01:
                    62:f4:87:29:00:7f:e6:2d:f1:35:b5:02:58:06:6d:
                    71:45:ca:12:6b:47:3c:87:42:3b:87:3e:84:40:9d:
                    57:73:3e:8c:32:1d:d3:b5:d6:46:f6:1b:8e:36:f9:
                    be:24:02:42:3d:94:48:15:b7:1f:c6:f1:f6:7f:b8:
                    38:73:ae:39:39:45:a0:2c:2a:27:35:2a:cd:f9:33:
                    05:04:88:60:f3:89:e3:83:71:dc:72:6f:35:7f:fd:
                    86:18:8f:b7:88:f1:ad:c8:61:5c:52:3b:15:f4:55:
                    5f:8d:ee:c1:53:b5:ca:e7:69:6f:e7:8b:56:ea:1e:
                    e4:5a:ce:d2:e0:d2:8a:90:07:84:66:78:a7:fc:b8:
                    f3:36:b1:92:7e:cb:2d:4f:49:da:f6:61:7f:79:4f:
                    ed:ba:9e:64:b7:39:51:8b:66:18:41:65:aa:00:7f:
                    78:44:c0:7f:91:ee:9f:ab:71:72:90:db:6c:0e:1e:
                    32:55:20:ec:30:f1:b1:1c:fd:c0:66:29:d7:3d:ca:
                    c4:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:32:B0:2F:D9:6A:2F:9F:47:57:B2:6C:16:1E:46:24:08:06:70:B6
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/gzKwL9lqL59HV7JsFh5GJAgGcLY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         42:fe:38:60:0c:93:c2:5f:fd:d5:f5:e9:25:0b:ba:78:1e:88:
         0e:87:d1:82:a7:4d:7a:19:f4:45:e4:ec:11:9f:d4:e9:54:44:
         b9:1c:d9:a7:00:54:73:d1:c4:4a:35:7f:da:ab:51:0a:c1:2d:
         33:a1:70:78:28:44:8e:95:05:c2:9b:2f:2d:92:18:54:89:ec:
         8e:2f:82:42:e3:c8:27:1d:f2:dc:ec:77:23:ff:fc:75:78:b0:
         8d:11:43:2e:5d:3c:50:65:4b:23:ee:85:0b:28:5f:29:bd:c4:
         cb:d0:f4:ef:ec:9b:ed:5a:29:e4:d5:4e:85:0a:cd:00:dc:58:
         27:48:b1:bc:0f:56:51:18:e9:4d:b0:75:b5:f4:5d:fa:0c:54:
         53:3a:9a:17:65:6e:02:7b:0d:0e:7e:81:d6:99:c6:6d:31:e2:
         e5:20:b9:4d:7a:8d:a3:85:0b:59:5c:67:68:c0:ff:8f:25:bb:
         fc:8e:5e:2d:e7:0d:4c:89:42:8c:fb:02:4d:f6:ba:d5:60:d6:
         30:79:a0:07:3f:1c:26:d6:3b:85:e1:cc:18:2a:ad:2c:70:aa:
         f9:e7:76:55:37:9b:a2:c9:d9:a8:cc:03:b9:93:bd:ac:d7:63:
         dc:5b:e8:af:29:bd:7e:37:2e:10:1a:9c:43:4c:29:38:ab:53:
         dd:b8:ce:df
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfbgzowmZ62qBJhHSf4vsSFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTAyMDgxMDIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzMyYjAyZmQ5NmEyZjlmNDc1N2IyNmMxNjFlNDYyNDA4MDY3MGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoEVj5r/YhVLhDVDFDNHsqWDYEBUU
lgqKrR/Qdg2paERIuHcRkrmar+ba68dbO9PgY8xQ2kZ3UBvR9AFi9IcpAH/mLfE1
tQJYBm1xRcoSa0c8h0I7hz6EQJ1Xcz6MMh3TtdZG9huONvm+JAJCPZRIFbcfxvH2
f7g4c645OUWgLConNSrN+TMFBIhg84njg3Hccm81f/2GGI+3iPGtyGFcUjsV9FVf
je7BU7XK52lv54tW6h7kWs7S4NKKkAeEZnin/LjzNrGSfsstT0na9mF/eU/tup5k
tzlRi2YYQWWqAH94RMB/ke6fq3FykNtsDh4yVSDsMPGxHP3AZinXPcrE1QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIMysC/Zai+fR1eybBYeRiQIBnC2MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvZ3pLd0w5bHFMNTlIVjdKc0ZoNUdKQWdHY0xZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEL+OGAMk8Jf/dX16SUL
ungeiA6H0YKnTXoZ9EXk7BGf1OlURLkc2acAVHPRxEo1f9qrUQrBLTOhcHgoRI6V
BcKbLy2SGFSJ7I4vgkLjyCcd8tzsdyP//HV4sI0RQy5dPFBlSyPuhQsoXym9xMvQ
9O/sm+1aKeTVToUKzQDcWCdIsbwPVlEY6U2wdbX0XfoMVFM6mhdlbgJ7DQ5+gdaZ
xm0x4uUguU16jaOFC1lcZ2jA/48lu/yOXi3nDUyJQoz7Ak32utVg1jB5oAc/HCbW
O4XhzBgqrSxwqvnndlU3m6LJ2ajMA7mTvazXY9xb6K8pvX43LhAanENMKTirU924
zt8=
-----END CERTIFICATE-----