Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/kRoq5nXbqltu7oEzQFD6l8Je4Eo.roa
File:                     kRoq5nXbqltu7oEzQFD6l8Je4Eo.roa (raw, json)
Hash identifier:          GhWgjbx9RoiLBglNum2YKUUXnGcjCkKubgW4KhuITCc=
Subject key identifier:   91:1A:2A:E6:75:DB:AA:5B:6E:EE:81:33:40:50:FA:97:C2:5E:E0:4A
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01886EEC601A4151705F2B4D8C05C3A67625
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/kRoq5nXbqltu7oEzQFD6l8Je4Eo.roa
Signing time:             Tue 30 May 2023 23:09:24 +0000
ROA not before:           Tue 30 May 2023 23:09:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:6e:ec:60:1a:41:51:70:5f:2b:4d:8c:05:c3:a6:76:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 30 23:09:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=911a2ae675dbaa5b6eee81334050fa97c25ee04a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:a9:30:a9:1a:6b:0a:36:12:de:37:08:5d:c2:
                    bf:1c:bb:5e:8e:fa:7c:67:b3:48:ae:fb:99:3c:f5:
                    6b:a2:d8:4d:17:fa:4f:5e:0f:bf:e3:ce:54:df:c9:
                    ce:32:31:a7:23:1d:da:bd:2e:df:a5:4c:ce:0e:da:
                    f4:cb:67:d8:b7:6f:30:5d:62:67:62:9a:73:20:ec:
                    b8:fe:1d:a4:18:81:68:2c:74:a9:c3:82:32:df:14:
                    fd:bf:d2:13:c2:8c:39:50:98:b2:fd:ac:57:b3:6f:
                    8d:d7:36:55:6c:b3:2c:3d:da:1c:32:4c:d0:63:c7:
                    87:49:a1:42:e5:40:40:f6:d5:d1:a7:09:a8:ca:5a:
                    2e:b7:86:80:56:aa:c6:e7:73:78:54:91:5d:3e:aa:
                    b4:b4:9d:b6:6c:bd:4d:29:1b:af:11:6a:69:bf:ce:
                    d1:09:9d:29:e6:da:dc:04:dc:85:62:ad:d7:9a:ce:
                    15:c7:2a:ab:87:63:2b:12:e1:00:e2:83:13:c4:50:
                    91:1f:c4:09:65:f1:5c:4f:3d:67:93:1b:a3:5f:4a:
                    1d:de:d9:77:55:ff:bb:00:ae:59:09:3c:ac:73:b5:
                    cf:df:18:d4:f4:33:fc:20:c2:8f:5b:4b:45:83:83:
                    98:1c:e4:64:6a:65:01:fc:b5:0f:83:06:38:5f:9c:
                    68:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:1A:2A:E6:75:DB:AA:5B:6E:EE:81:33:40:50:FA:97:C2:5E:E0:4A
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/kRoq5nXbqltu7oEzQFD6l8Je4Eo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         44:fa:4e:1c:dd:11:b5:90:2a:7b:73:c5:2a:52:6b:81:fd:10:
         bc:c5:d8:6e:17:f9:7b:1f:df:09:8c:90:c8:58:d4:16:b3:58:
         b8:ce:3c:6d:e7:7d:86:a7:af:31:f6:42:83:27:72:c7:b8:2d:
         43:bf:17:78:04:7c:3d:19:8c:44:a8:6f:2f:75:f4:fe:df:7d:
         b2:bd:ea:cd:9f:f4:0e:20:76:a9:0b:e7:9f:86:24:59:25:ff:
         59:5b:a5:01:fa:89:83:29:6a:13:9a:22:ef:10:39:04:0f:af:
         96:b5:e0:05:66:23:b8:e2:69:5f:31:e8:a6:8d:01:f1:1e:d2:
         2e:a7:f6:70:65:af:57:91:21:a1:e6:9f:2b:92:2f:ca:18:4f:
         06:68:35:0b:3d:e8:36:fa:07:39:29:53:2b:e9:b8:b9:95:d1:
         9d:b4:13:9e:d7:5f:a2:c0:63:de:05:12:a3:a0:c0:ab:23:d4:
         6e:b8:25:b3:fe:8a:a1:02:4b:50:58:4c:e4:5d:2e:d9:b8:64:
         65:40:fb:2d:82:73:82:61:e1:4c:76:2a:93:f3:b1:7e:45:d8:
         4a:2a:98:11:8a:80:f4:df:c7:38:84:9a:9d:0d:71:01:39:28:
         47:d4:04:b2:cc:bc:cc:e7:79:47:9f:5d:46:28:52:4f:11:b9:
         4b:d0:b1:42
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhu7GAaQVFwXytNjAXDpnYlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTMwMjMwOTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTFhMmFlNjc1ZGJhYTViNmVlZTgxMzM0MDUwZmE5N2MyNWVlMDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6kwqRprCjYS3jcIXcK/HLtejvp8
Z7NIrvuZPPVrothNF/pPXg+/485U38nOMjGnIx3avS7fpUzODtr0y2fYt28wXWJn
YppzIOy4/h2kGIFoLHSpw4Iy3xT9v9ITwow5UJiy/axXs2+N1zZVbLMsPdocMkzQ
Y8eHSaFC5UBA9tXRpwmoylout4aAVqrG53N4VJFdPqq0tJ22bL1NKRuvEWppv87R
CZ0p5trcBNyFYq3Xms4Vxyqrh2MrEuEA4oMTxFCRH8QJZfFcTz1nkxujX0od3tl3
Vf+7AK5ZCTysc7XP3xjU9DP8IMKPW0tFg4OYHORkamUB/LUPgwY4X5xoQQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJEaKuZ126pbbu6BM0BQ+pfCXuBKMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEva1JvcTVuWGJxbHR1N29FelFGRDZsOEplNEVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAET6ThzdEbWQKntzxSpS
a4H9ELzF2G4X+Xsf3wmMkMhY1BazWLjOPG3nfYanrzH2QoMncse4LUO/F3gEfD0Z
jESoby919P7ffbK96s2f9A4gdqkL55+GJFkl/1lbpQH6iYMpahOaIu8QOQQPr5a1
4AVmI7jiaV8x6KaNAfEe0i6n9nBlr1eRIaHmnyuSL8oYTwZoNQs96Db6BzkpUyvp
uLmV0Z20E57XX6LAY94FEqOgwKsj1G64JbP+iqECS1BYTORdLtm4ZGVA+y2Cc4Jh
4Ux2KpPzsX5F2EoqmBGKgPTfxziEmp0NcQE5KEfUBLLMvMzneUefXUYoUk8RuUvQ
sUI=
-----END CERTIFICATE-----