Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hMFwwhJEC-zdj7oi-N2PV5GDgVM.roa
File:                     hMFwwhJEC-zdj7oi-N2PV5GDgVM.roa (raw, json)
Hash identifier:          kzgwFuqSY/OvBgjJIFGwVNxSdPpHdqg6gj8XlOLlWLc=
Subject key identifier:   84:C1:70:C2:12:44:0B:EC:DD:8F:BA:22:F8:DD:8F:57:91:83:81:53
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01873F53E211FE4F95D1B31D68D89FDC9384
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hMFwwhJEC-zdj7oi-N2PV5GDgVM.roa
Signing time:             Sun 02 Apr 2023 00:17:54 +0000
ROA not before:           Sun 02 Apr 2023 00:17:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:3f:53:e2:11:fe:4f:95:d1:b3:1d:68:d8:9f:dc:93:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  2 00:17:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=84c170c212440becdd8fba22f8dd8f5791838153
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:23:22:db:1a:b9:74:b8:7b:9e:8a:12:e9:2e:
                    7c:23:3a:80:46:35:93:0f:6a:de:db:c7:85:de:5f:
                    98:ee:16:88:39:1b:36:3d:d2:c4:f9:74:8c:4c:66:
                    2e:4c:6b:98:9c:fe:16:d0:41:03:e6:d7:d4:3f:15:
                    b9:c4:a5:5c:74:93:7a:e0:89:c8:55:64:fa:97:4c:
                    9f:51:a3:1c:4e:49:c0:e0:1f:52:52:0e:9e:fe:2d:
                    fd:1e:30:2f:6f:05:9d:cd:1a:0c:98:bf:f1:21:89:
                    d5:53:6c:f8:d2:b9:e6:29:2f:1e:78:97:2a:7b:1b:
                    c0:19:94:f4:55:6d:40:8a:bd:ce:5b:ff:08:8d:d1:
                    6e:3b:ce:24:6e:d7:ff:9d:4c:3e:ef:39:28:0d:46:
                    04:05:68:9a:72:93:b9:a3:df:bf:fe:4d:7a:83:ff:
                    7f:df:6c:ef:6c:bc:12:4a:97:56:91:67:c8:f5:1e:
                    ee:59:dd:e5:f1:d0:2d:ac:fb:18:23:aa:a8:36:69:
                    bc:71:45:5e:4c:0b:78:94:6b:15:fb:e5:85:a9:d7:
                    95:a3:7f:9f:87:56:4d:26:37:c2:6e:e5:cb:4d:e4:
                    8e:bd:c8:9c:e9:fe:4d:b6:8f:ee:28:1b:47:fa:0d:
                    ca:09:8c:11:aa:41:42:07:92:3e:c9:3b:5e:0d:96:
                    e4:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:C1:70:C2:12:44:0B:EC:DD:8F:BA:22:F8:DD:8F:57:91:83:81:53
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hMFwwhJEC-zdj7oi-N2PV5GDgVM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         76:41:d8:30:12:12:56:75:e5:a0:bc:66:96:85:7f:f8:89:47:
         d4:53:c6:2f:ff:ab:21:3a:d3:8d:e0:a9:6b:8d:07:1f:fa:5e:
         b1:f4:4d:d2:b8:3e:d4:86:42:6d:4e:b1:96:67:e9:d1:20:49:
         2a:b0:52:ef:8c:48:00:5b:f5:50:69:4f:11:7d:50:a7:b5:84:
         bc:39:6c:84:39:54:95:7b:de:be:e7:28:ef:ef:3b:0e:de:ec:
         69:b6:25:23:2a:c5:41:6b:77:72:8a:99:73:47:f7:b8:2c:c7:
         c0:46:71:27:98:e6:a1:e6:01:8c:fb:a9:6f:17:a0:e9:3b:2c:
         63:63:c6:fc:d5:61:d7:37:aa:2f:81:97:4b:9d:7f:1b:42:be:
         3c:1b:e5:b2:0a:e7:66:9c:08:ce:24:d3:e6:18:5c:c0:82:a2:
         d1:fc:79:92:3f:e0:3a:69:58:dd:a3:d5:73:7e:9d:48:ea:1b:
         14:ee:1c:c8:50:10:5c:14:6c:37:0b:6b:06:d7:99:17:0e:0a:
         f6:12:23:71:c5:5c:9f:d3:a4:e3:c8:f2:58:f0:9e:4f:6b:51:
         63:8d:55:43:5e:dc:d5:9e:94:e9:50:ae:a5:55:10:30:b5:ed:
         b6:d1:0c:e2:23:7d:c7:d7:37:f6:af:43:7e:71:8b:d4:d5:79:
         52:a1:d4:60
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYc/U+IR/k+V0bMdaNif3JOEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDAyMDAxNzU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGMxNzBjMjEyNDQwYmVjZGQ4ZmJhMjJmOGRkOGY1NzkxODM4MTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlCMi2xq5dLh7nooS6S58IzqARjWT
D2re28eF3l+Y7haIORs2PdLE+XSMTGYuTGuYnP4W0EED5tfUPxW5xKVcdJN64InI
VWT6l0yfUaMcTknA4B9SUg6e/i39HjAvbwWdzRoMmL/xIYnVU2z40rnmKS8eeJcq
exvAGZT0VW1Air3OW/8IjdFuO84kbtf/nUw+7zkoDUYEBWiacpO5o9+//k16g/9/
32zvbLwSSpdWkWfI9R7uWd3l8dAtrPsYI6qoNmm8cUVeTAt4lGsV++WFqdeVo3+f
h1ZNJjfCbuXLTeSOvcic6f5Nto/uKBtH+g3KCYwRqkFCB5I+yTteDZbktQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFITBcMISRAvs3Y+6Ivjdj1eRg4FTMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvaE1Gd3doSkVDLXpkajdvaS1OMlBWNUdEZ1ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHZB2DASElZ15aC8ZpaF
f/iJR9RTxi//qyE6043gqWuNBx/6XrH0TdK4PtSGQm1OsZZn6dEgSSqwUu+MSABb
9VBpTxF9UKe1hLw5bIQ5VJV73r7nKO/vOw7e7Gm2JSMqxUFrd3KKmXNH97gsx8BG
cSeY5qHmAYz7qW8XoOk7LGNjxvzVYdc3qi+Bl0udfxtCvjwb5bIK52acCM4k0+YY
XMCCotH8eZI/4DppWN2j1XN+nUjqGxTuHMhQEFwUbDcLawbXmRcOCvYSI3HFXJ/T
pOPI8ljwnk9rUWONVUNe3NWelOlQrqVVEDC17bbRDOIjfcfXN/avQ35xi9TVeVKh
1GA=
-----END CERTIFICATE-----