Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hmy1JkuStbUb4vcamqDcclooroY.roa
File:                     hmy1JkuStbUb4vcamqDcclooroY.roa (raw, json)
Hash identifier:          xnYP0qzucI41r8kcjuyk4ZYSi+ChoCsJVlVqjEZM5As=
Subject key identifier:   86:6C:B5:26:4B:92:B5:B5:1B:E2:F7:1A:9A:A0:DC:72:5A:28:AE:86
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01870DBDF93CD062CAF77DD5C5D5FB5AFB5F
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hmy1JkuStbUb4vcamqDcclooroY.roa
Signing time:             Thu 23 Mar 2023 09:12:46 +0000
ROA not before:           Thu 23 Mar 2023 09:12:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:0d:bd:f9:3c:d0:62:ca:f7:7d:d5:c5:d5:fb:5a:fb:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 23 09:12:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=866cb5264b92b5b51be2f71a9aa0dc725a28ae86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:f2:6a:e1:c8:e0:ec:b8:b7:24:67:a5:bf:31:
                    7b:18:ce:b3:62:7b:92:d0:83:44:7d:cf:6e:3b:f6:
                    77:02:6b:99:03:0d:0d:b4:9f:2b:42:27:67:a1:63:
                    a9:19:5e:54:4a:4a:9f:91:d6:df:bb:d5:3c:c6:f3:
                    da:58:24:dc:47:3f:67:d9:3c:c9:ca:7c:ff:8b:e6:
                    e6:c1:c8:1c:bd:d9:ea:8b:6f:1b:de:cb:9b:10:54:
                    25:4c:9a:ac:1a:12:ee:23:56:91:e0:2b:6f:f0:6a:
                    fb:5a:51:d9:00:57:e7:e7:3a:0d:fa:20:18:e7:53:
                    69:e8:82:ce:63:62:c8:34:43:59:0a:75:d7:f2:28:
                    76:9f:69:d6:d9:09:46:f3:21:7d:f3:82:98:27:ad:
                    5f:54:81:fc:de:15:31:a1:9b:b8:e7:d9:4b:f7:9a:
                    29:ae:d1:a2:43:65:d8:c9:90:1c:da:92:a4:ed:07:
                    3b:80:6a:8b:07:a7:42:27:34:cc:b8:8e:84:10:4e:
                    26:98:d6:80:2a:3c:d0:99:72:81:26:2a:29:fc:20:
                    d2:c1:43:e1:22:df:08:65:09:04:b9:07:03:29:ad:
                    e9:53:32:f0:80:6f:65:e2:75:66:08:1b:c3:89:a3:
                    11:a1:8e:35:2f:df:31:3e:88:6a:af:b4:90:c1:9a:
                    bb:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:6C:B5:26:4B:92:B5:B5:1B:E2:F7:1A:9A:A0:DC:72:5A:28:AE:86
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hmy1JkuStbUb4vcamqDcclooroY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:19:98:12:cf:6c:e4:07:fb:47:ef:39:fe:6f:ad:df:e3:b7:
         95:86:5e:42:d7:0f:0e:f3:ec:1b:d3:4c:0f:c1:cf:21:dd:6a:
         d6:26:2b:84:12:41:ea:3e:48:02:bf:e8:2e:64:ba:fc:91:4c:
         a3:2c:11:cf:fd:2c:e6:f4:e7:20:46:e3:6f:46:4d:dc:7f:0a:
         85:d3:5f:2e:d5:b4:12:d2:95:e9:55:6f:dc:d2:54:06:b1:41:
         f2:42:c2:04:a6:c7:ee:d7:32:b5:73:03:8a:26:06:64:ad:65:
         68:76:05:38:71:fb:1a:bb:ff:3f:88:04:01:00:d2:3f:e7:48:
         2e:52:c7:2b:cb:02:26:b0:2e:fb:1b:0a:ca:ef:89:46:a0:c1:
         34:8d:80:ef:cb:95:b9:8e:41:08:23:e4:fa:cf:e5:50:90:e7:
         d9:24:8d:f7:1a:cc:23:8b:37:d3:86:12:6a:ef:d8:96:93:2e:
         de:a3:a0:ea:3a:be:68:72:5f:75:2a:4a:f3:4a:4c:31:47:ab:
         cb:3b:f4:eb:ff:c1:32:18:4a:5d:4d:90:e4:8b:3c:da:e4:b4:
         98:18:db:1d:a5:71:03:ac:a3:ea:91:75:c4:69:47:32:3e:f3:
         1d:cf:da:66:82:5b:a1:1d:23:7a:cd:49:3d:3d:5d:ec:33:e7:
         61:42:7d:a0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcNvfk80GLK933VxdX7WvtfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzIzMDkxMjQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjZjYjUyNjRiOTJiNWI1MWJlMmY3MWE5YWEwZGM3MjVhMjhhZTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofJq4cjg7Li3JGelvzF7GM6zYnuS
0INEfc9uO/Z3AmuZAw0NtJ8rQidnoWOpGV5USkqfkdbfu9U8xvPaWCTcRz9n2TzJ
ynz/i+bmwcgcvdnqi28b3subEFQlTJqsGhLuI1aR4Ctv8Gr7WlHZAFfn5zoN+iAY
51Np6ILOY2LINENZCnXX8ih2n2nW2QlG8yF984KYJ61fVIH83hUxoZu459lL95op
rtGiQ2XYyZAc2pKk7Qc7gGqLB6dCJzTMuI6EEE4mmNaAKjzQmXKBJiop/CDSwUPh
It8IZQkEuQcDKa3pUzLwgG9l4nVmCBvDiaMRoY41L98xPohqr7SQwZq7OwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIZstSZLkrW1G+L3Gpqg3HJaKK6GMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvaG15MUprdVN0YlViNHZjYW1xRGNjbG9vcm9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABUZmBLPbOQH+0fvOf5v
rd/jt5WGXkLXDw7z7BvTTA/BzyHdatYmK4QSQeo+SAK/6C5kuvyRTKMsEc/9LOb0
5yBG429GTdx/CoXTXy7VtBLSlelVb9zSVAaxQfJCwgSmx+7XMrVzA4omBmStZWh2
BThx+xq7/z+IBAEA0j/nSC5SxyvLAiawLvsbCsrviUagwTSNgO/LlbmOQQgj5PrP
5VCQ59kkjfcazCOLN9OGEmrv2JaTLt6joOo6vmhyX3UqSvNKTDFHq8s79Ov/wTIY
Sl1NkOSLPNrktJgY2x2lcQOso+qRdcRpRzI+8x3P2maCW6EdI3rNST09Xewz52FC
faA=
-----END CERTIFICATE-----