Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/sdq9bON1KzfOkUaAJ8Rz6yPBdcI.roa
File:                     sdq9bON1KzfOkUaAJ8Rz6yPBdcI.roa (raw, json)
Hash identifier:          ZgJff98IggH2HsgdMz0ZxJ4agXgMGfGDixysa4dUFFw=
Subject key identifier:   B1:DA:BD:6C:E3:75:2B:37:CE:91:46:80:27:C4:73:EB:23:C1:75:C2
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187DB4A768B615EF78924B2CE99172C2EA7
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/sdq9bON1KzfOkUaAJ8Rz6yPBdcI.roa
Signing time:             Tue 02 May 2023 07:08:22 +0000
ROA not before:           Tue 02 May 2023 07:08:22 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:db:4a:76:8b:61:5e:f7:89:24:b2:ce:99:17:2c:2e:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  2 07:08:22 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b1dabd6ce3752b37ce91468027c473eb23c175c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:65:81:da:4d:c8:73:4d:27:6c:be:f1:47:84:
                    34:ea:42:70:42:02:a9:47:8f:c0:ae:c5:30:c7:1e:
                    b6:41:9d:51:e4:3b:e4:73:1e:1a:e5:47:8c:55:0b:
                    ee:e7:19:8b:b4:ae:ec:eb:d0:25:48:64:f2:7d:6d:
                    9a:8d:c6:99:78:44:65:85:7c:04:ae:34:e4:a5:9c:
                    e4:b6:5a:cc:22:e5:ee:f5:e6:00:41:01:2c:b2:90:
                    76:d5:16:99:8f:a4:1d:6f:a3:75:75:14:39:7c:ee:
                    bd:53:83:a7:7a:81:5b:ed:d7:d7:10:92:ec:84:64:
                    79:ab:b5:07:3b:02:9a:56:b8:a9:14:13:d8:62:8b:
                    8a:e0:ab:f0:fd:29:92:87:db:ba:68:78:73:2b:a7:
                    49:5a:c3:04:fe:ca:ea:51:1d:6c:c5:90:0a:1f:26:
                    d0:2a:73:b5:79:49:60:de:9b:1a:a1:6c:e9:32:1a:
                    0e:94:e2:0a:fa:ef:d2:7c:78:aa:88:a2:95:7b:cd:
                    d1:a3:dd:e9:ed:d9:8b:c3:bd:03:9f:95:51:a9:94:
                    8c:08:c8:f5:94:18:11:bb:31:d6:fd:db:a0:dc:3d:
                    bd:bf:22:80:a4:ae:7c:6f:2b:a7:6a:63:f0:cb:b5:
                    89:d6:aa:f7:0c:cb:02:cb:e8:24:9e:24:0e:bc:a6:
                    36:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:DA:BD:6C:E3:75:2B:37:CE:91:46:80:27:C4:73:EB:23:C1:75:C2
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/sdq9bON1KzfOkUaAJ8Rz6yPBdcI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:73:5c:5f:93:b2:ea:55:a7:73:3c:c9:36:06:20:75:d8:3a:
         09:82:7e:3d:56:8b:69:66:59:8f:41:f6:b8:de:c5:c2:40:28:
         6c:7d:78:4b:33:2e:e8:24:3d:f1:5f:47:b7:71:f9:1e:e6:4a:
         42:30:41:fd:b0:75:77:bc:4c:d6:c2:fa:5b:54:cc:eb:09:92:
         7c:56:f0:53:67:d2:57:fc:19:29:69:53:45:0b:de:5c:4d:24:
         fc:cf:10:a0:f6:e5:1d:c4:bd:e7:bd:f4:6a:6e:8c:99:04:d6:
         6c:5c:c2:4e:9c:f1:aa:1b:cd:30:78:bc:10:3c:b4:33:63:82:
         aa:d6:76:2d:6e:ec:9d:e1:ca:4d:9c:9a:fe:27:af:91:ef:f0:
         41:b7:27:7c:14:c5:25:4d:0b:5f:89:d2:c9:fc:71:c3:fd:bb:
         0c:bb:d4:72:41:ab:7a:11:39:97:2b:aa:64:43:ba:cb:1b:da:
         31:ee:ba:44:e9:8e:64:2d:eb:45:53:54:de:dc:18:06:e9:89:
         a3:61:de:75:af:27:43:c5:6c:b8:db:94:ca:ce:17:6e:30:ab:
         98:b4:48:c0:95:87:d9:7d:7c:bf:0e:63:0d:b2:d9:0e:7e:1a:
         d9:c3:7c:2a:17:29:bd:9a:c4:64:26:4e:34:98:62:90:53:6d:
         ad:56:6f:ce
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfbSnaLYV73iSSyzpkXLC6nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTAyMDcwODIyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWRhYmQ2Y2UzNzUyYjM3Y2U5MTQ2ODAyN2M0NzNlYjIzYzE3NWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2WB2k3Ic00nbL7xR4Q06kJwQgKp
R4/ArsUwxx62QZ1R5Dvkcx4a5UeMVQvu5xmLtK7s69AlSGTyfW2ajcaZeERlhXwE
rjTkpZzktlrMIuXu9eYAQQEsspB21RaZj6Qdb6N1dRQ5fO69U4OneoFb7dfXEJLs
hGR5q7UHOwKaVripFBPYYouK4Kvw/SmSh9u6aHhzK6dJWsME/srqUR1sxZAKHybQ
KnO1eUlg3psaoWzpMhoOlOIK+u/SfHiqiKKVe83Ro93p7dmLw70Dn5VRqZSMCMj1
lBgRuzHW/dug3D29vyKApK58byunamPwy7WJ1qr3DMsCy+gkniQOvKY2ewIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLHavWzjdSs3zpFGgCfEc+sjwXXCMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvc2RxOWJPTjFLemZPa1VhQUo4Uno2eVBCZGNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHtzXF+TsupVp3M8yTYG
IHXYOgmCfj1Wi2lmWY9B9rjexcJAKGx9eEszLugkPfFfR7dx+R7mSkIwQf2wdXe8
TNbC+ltUzOsJknxW8FNn0lf8GSlpU0UL3lxNJPzPEKD25R3Evee99GpujJkE1mxc
wk6c8aobzTB4vBA8tDNjgqrWdi1u7J3hyk2cmv4nr5Hv8EG3J3wUxSVNC1+J0sn8
ccP9uwy71HJBq3oROZcrqmRDussb2jHuukTpjmQt60VTVN7cGAbpiaNh3nWvJ0PF
bLjblMrOF24wq5i0SMCVh9l9fL8OYw2y2Q5+GtnDfCoXKb2axGQmTjSYYpBTba1W
b84=
-----END CERTIFICATE-----