Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/iUK4byNTkZqHeCz3if0I9G-wsnE.roa
File:                     iUK4byNTkZqHeCz3if0I9G-wsnE.roa (raw, json)
Hash identifier:          UvSrZeVr9nA3PCGjQuPisJtKyNzLD+AIOUqid3kUAuk=
Subject key identifier:   89:42:B8:6F:23:53:91:9A:87:78:2C:F7:89:FD:08:F4:6F:B0:B2:71
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018753E6E99B4B0D893A7AC0134C9F85E235
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/iUK4byNTkZqHeCz3if0I9G-wsnE.roa
Signing time:             Thu 06 Apr 2023 00:10:54 +0000
ROA not before:           Thu 06 Apr 2023 00:10:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:53:e6:e9:9b:4b:0d:89:3a:7a:c0:13:4c:9f:85:e2:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  6 00:10:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8942b86f2353919a87782cf789fd08f46fb0b271
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:ac:7d:28:d6:d8:d2:9c:ff:d3:0d:22:af:a0:
                    d6:57:ef:a8:75:3e:66:0e:af:9e:c5:47:3c:25:67:
                    0c:e7:44:9a:d1:11:8c:e8:eb:3c:03:2b:c9:cc:83:
                    09:85:fe:48:f0:74:54:82:3c:9a:10:89:81:90:dd:
                    8b:38:bc:43:16:ce:4e:b9:78:a3:5a:aa:dd:d6:c8:
                    b4:79:e4:98:1a:7a:95:b8:4d:89:1d:f4:86:81:ac:
                    06:70:51:ee:1d:a6:1f:89:1a:81:51:9e:28:c7:4b:
                    b3:70:bf:de:08:ed:a2:c2:20:c1:57:ee:41:fd:1e:
                    a1:3f:cb:39:4b:7e:28:85:2d:cc:ff:8e:76:16:0c:
                    cc:6a:af:92:f3:14:fa:19:ee:79:dc:69:21:2f:01:
                    be:87:eb:c9:f7:63:4c:36:75:7f:fc:75:46:60:af:
                    4c:b6:00:68:8c:64:d5:6d:7d:ea:5e:c4:ec:5f:d4:
                    4e:1a:3a:a2:04:14:65:4c:d3:41:22:1f:45:3e:d9:
                    b7:f1:14:83:0a:85:5a:e1:a5:f7:de:d1:0a:72:23:
                    9b:cd:46:e0:b4:9a:35:72:e5:9e:c1:20:95:60:8d:
                    93:6e:c8:fe:7d:dc:5d:10:c4:eb:55:c3:73:37:ee:
                    69:60:d6:08:90:fa:20:21:fc:cf:2e:7f:72:43:f8:
                    65:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:42:B8:6F:23:53:91:9A:87:78:2C:F7:89:FD:08:F4:6F:B0:B2:71
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/iUK4byNTkZqHeCz3if0I9G-wsnE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         17:bd:f1:7b:1b:f5:93:f1:9d:70:86:fa:49:ef:8b:b7:23:95:
         68:ff:a7:f8:b8:bb:bc:34:e7:83:43:3b:a4:f5:99:76:3c:a8:
         06:56:da:22:18:b9:33:09:5c:30:d2:d8:a6:aa:fc:26:22:26:
         24:3d:96:95:ec:25:f5:38:f5:b9:fe:27:84:82:45:2a:b6:96:
         0f:01:4a:ac:3e:66:91:91:f6:e5:c9:96:4d:af:22:5c:ed:34:
         40:90:f6:fe:86:a6:b1:2b:51:95:dc:dd:21:1a:ac:16:a3:bc:
         d1:74:ac:fb:3b:52:5a:1b:3a:c9:3b:a8:fd:1b:fe:5c:0a:16:
         42:d5:46:e1:3f:ba:62:ef:13:fd:83:24:06:2a:dd:55:7d:23:
         de:66:80:df:38:69:e1:ed:70:60:ea:2f:0f:62:a1:88:f5:5d:
         4e:40:5a:dd:bd:f8:d8:cb:c2:61:ee:5e:28:55:a8:e1:1c:01:
         92:b2:bb:df:27:36:3a:b0:71:4d:59:22:4b:de:a9:27:ec:b3:
         c8:67:90:1f:ff:98:f2:a4:df:4d:4e:08:e3:4d:0e:e3:83:40:
         a5:49:80:37:25:f6:7a:0e:9d:2d:d9:cd:d5:f7:3e:15:9a:1a:
         85:78:78:fc:ca:63:bc:7a:7a:47:9e:91:a3:40:c3:da:0f:45:
         e5:81:9a:f1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdT5umbSw2JOnrAE0yfheI1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDA2MDAxMDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTQyYjg2ZjIzNTM5MTlhODc3ODJjZjc4OWZkMDhmNDZmYjBiMjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhax9KNbY0pz/0w0ir6DWV++odT5m
Dq+exUc8JWcM50Sa0RGM6Os8AyvJzIMJhf5I8HRUgjyaEImBkN2LOLxDFs5OuXij
Wqrd1si0eeSYGnqVuE2JHfSGgawGcFHuHaYfiRqBUZ4ox0uzcL/eCO2iwiDBV+5B
/R6hP8s5S34ohS3M/452FgzMaq+S8xT6Ge553GkhLwG+h+vJ92NMNnV//HVGYK9M
tgBojGTVbX3qXsTsX9ROGjqiBBRlTNNBIh9FPtm38RSDCoVa4aX33tEKciObzUbg
tJo1cuWewSCVYI2Tbsj+fdxdEMTrVcNzN+5pYNYIkPogIfzPLn9yQ/hlhQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIlCuG8jU5Gah3gs94n9CPRvsLJxMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvaVVLNGJ5TlRrWnFIZUN6M2lmMEk5Ry13c25FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABe98Xsb9ZPxnXCG+knv
i7cjlWj/p/i4u7w054NDO6T1mXY8qAZW2iIYuTMJXDDS2Kaq/CYiJiQ9lpXsJfU4
9bn+J4SCRSq2lg8BSqw+ZpGR9uXJlk2vIlztNECQ9v6GprErUZXc3SEarBajvNF0
rPs7UlobOsk7qP0b/lwKFkLVRuE/umLvE/2DJAYq3VV9I95mgN84aeHtcGDqLw9i
oYj1XU5AWt29+NjLwmHuXihVqOEcAZKyu98nNjqwcU1ZIkveqSfss8hnkB//mPKk
301OCONNDuODQKVJgDcl9noOnS3ZzdX3PhWaGoV4ePzKY7x6ekeekaNAw9oPReWB
mvE=
-----END CERTIFICATE-----