Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/jUS9rLKgzCKBTQJKGaWvbHeyuMo.roa
File:                     jUS9rLKgzCKBTQJKGaWvbHeyuMo.roa (raw, json)
Hash identifier:          finKFHqL8Fhb654/6QvCHK2UwHXeFD13Cy9WiVB7h2Y=
Subject key identifier:   8D:44:BD:AC:B2:A0:CC:22:81:4D:02:4A:19:A5:AF:6C:77:B2:B8:CA
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187ABE0AF686A77A7EC515C93556D178F5B
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/jUS9rLKgzCKBTQJKGaWvbHeyuMo.roa
Signing time:             Sun 23 Apr 2023 02:10:41 +0000
ROA not before:           Sun 23 Apr 2023 02:10:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:ab:e0:af:68:6a:77:a7:ec:51:5c:93:55:6d:17:8f:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 23 02:10:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8d44bdacb2a0cc22814d024a19a5af6c77b2b8ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:aa:b6:23:4f:77:66:89:e1:7b:41:1d:d7:49:
                    d2:c2:4d:a8:f9:90:5f:06:d9:85:23:67:ba:83:df:
                    f5:d6:8f:9d:e2:ef:9a:25:3a:bf:d7:a3:cc:58:f2:
                    9e:2b:02:a8:97:76:12:f6:75:f6:77:aa:bb:a1:45:
                    83:4f:7f:4f:80:fa:39:f6:d2:96:69:99:cb:03:23:
                    1b:d0:1d:d4:e9:34:21:32:71:25:7e:66:9e:a4:e0:
                    b4:da:e4:50:c7:29:f2:9d:25:3c:62:3f:ad:7b:d0:
                    41:f2:98:7e:55:06:aa:52:a0:db:74:47:52:90:9a:
                    9c:fb:7f:2a:3d:b3:66:6e:aa:a4:a9:2d:61:72:0a:
                    86:6a:d3:f6:fc:25:f0:51:b3:76:21:68:47:62:ad:
                    25:5a:f8:08:c7:4e:f5:0c:62:9e:74:4b:a2:ca:00:
                    5d:9d:a6:53:28:e8:33:a9:aa:e2:55:d8:f8:19:25:
                    78:5d:3c:8c:c0:b7:a8:34:80:06:52:7b:0e:56:f1:
                    4b:2f:50:7c:47:37:b8:81:fd:4e:a7:c5:97:c9:5f:
                    ae:a2:46:53:8e:62:09:d6:23:be:19:1b:2b:65:90:
                    47:46:17:e8:d7:9b:e4:eb:18:e7:aa:56:5f:f2:c5:
                    68:8a:09:4c:af:d5:15:65:8a:40:c8:f6:48:06:cb:
                    50:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:44:BD:AC:B2:A0:CC:22:81:4D:02:4A:19:A5:AF:6C:77:B2:B8:CA
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/jUS9rLKgzCKBTQJKGaWvbHeyuMo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         8b:3b:ec:fd:6f:6b:a2:17:fa:e6:87:95:9f:af:29:07:2c:05:
         c4:ce:72:9c:4d:ae:ac:c7:4e:50:6d:02:99:2e:82:2a:fc:69:
         04:c1:69:99:60:50:2c:90:e0:96:1a:d3:64:ec:6c:85:97:10:
         03:d1:50:df:75:f4:42:95:41:88:a2:cc:be:b1:4b:97:23:dd:
         a9:67:ad:65:35:39:63:53:dc:f2:a6:8f:10:11:26:d4:a4:a6:
         a8:90:c6:ee:f7:ea:83:b1:94:eb:e7:71:44:a6:1d:0a:b5:e1:
         5b:03:d8:1b:30:2c:ea:83:ae:59:11:db:dc:21:c2:f0:b3:87:
         85:38:28:08:be:dc:cf:ac:be:8e:33:4a:d0:77:aa:6d:44:03:
         56:86:13:90:d1:e6:43:10:7f:fb:74:28:6c:9a:8d:ee:f6:16:
         0b:46:d7:b1:10:46:36:0d:77:4d:e0:48:20:d1:83:8f:ee:4e:
         12:66:71:16:5c:8e:13:ad:47:f5:cd:0d:a7:f6:18:b5:42:d6:
         fe:e5:29:e1:cb:b8:45:e5:aa:1d:97:2e:5f:8e:f2:01:39:12:
         38:08:94:0e:5f:13:91:c1:1c:33:8f:49:bb:c1:43:02:72:4f:
         f1:6e:00:02:6d:ae:5c:e7:ef:1f:07:25:a9:8e:3f:c7:e2:be:
         ea:9e:9c:a4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYer4K9oanen7FFck1VtF49bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDIzMDIxMDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDQ0YmRhY2IyYTBjYzIyODE0ZDAyNGExOWE1YWY2Yzc3YjJiOGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoaq2I093Zonhe0Ed10nSwk2o+ZBf
BtmFI2e6g9/11o+d4u+aJTq/16PMWPKeKwKol3YS9nX2d6q7oUWDT39PgPo59tKW
aZnLAyMb0B3U6TQhMnElfmaepOC02uRQxynynSU8Yj+te9BB8ph+VQaqUqDbdEdS
kJqc+38qPbNmbqqkqS1hcgqGatP2/CXwUbN2IWhHYq0lWvgIx071DGKedEuiygBd
naZTKOgzqariVdj4GSV4XTyMwLeoNIAGUnsOVvFLL1B8Rze4gf1Op8WXyV+uokZT
jmIJ1iO+GRsrZZBHRhfo15vk6xjnqlZf8sVoiglMr9UVZYpAyPZIBstQXQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFI1EvayyoMwigU0CShmlr2x3srjKMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvalVTOXJMS2d6Q0tCVFFKS0dhV3ZiSGV5dU1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIs77P1va6IX+uaHlZ+v
KQcsBcTOcpxNrqzHTlBtApkugir8aQTBaZlgUCyQ4JYa02TsbIWXEAPRUN919EKV
QYiizL6xS5cj3alnrWU1OWNT3PKmjxARJtSkpqiQxu736oOxlOvncUSmHQq14VsD
2BswLOqDrlkR29whwvCzh4U4KAi+3M+svo4zStB3qm1EA1aGE5DR5kMQf/t0KGya
je72FgtG17EQRjYNd03gSCDRg4/uThJmcRZcjhOtR/XNDaf2GLVC1v7lKeHLuEXl
qh2XLl+O8gE5EjgIlA5fE5HBHDOPSbvBQwJyT/FuAAJtrlzn7x8HJamOP8fivuqe
nKQ=
-----END CERTIFICATE-----