Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/u5FsL92Spbgt6vh4ry1OfEJncgc.roa
File:                     u5FsL92Spbgt6vh4ry1OfEJncgc.roa (raw, json)
Hash identifier:          c4nx9FjcSlOg2KXzOSE1bLk1FlPP1WBjLN8dtxKbw3o=
Subject key identifier:   BB:91:6C:2F:DD:92:A5:B8:2D:EA:F8:78:AF:2D:4E:7C:42:67:72:07
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01880E93D5D7BA2E3EA1288DAC2DB1A49B3A
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/u5FsL92Spbgt6vh4ry1OfEJncgc.roa
Signing time:             Fri 12 May 2023 06:09:09 +0000
ROA not before:           Fri 12 May 2023 06:09:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:0e:93:d5:d7:ba:2e:3e:a1:28:8d:ac:2d:b1:a4:9b:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 12 06:09:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bb916c2fdd92a5b82deaf878af2d4e7c42677207
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:16:4f:2e:b8:f6:ee:df:bf:a4:73:a8:37:e2:
                    38:06:5e:21:37:62:47:39:cb:80:a2:ab:c0:e8:9e:
                    56:1a:b3:9e:bf:7e:09:16:9c:b7:cf:0f:49:58:8a:
                    ec:54:cf:63:24:5f:3c:71:8d:e2:9e:e0:59:9e:6f:
                    b1:00:d2:44:77:63:30:a9:fd:5e:c8:ad:87:39:9d:
                    f4:fd:2f:80:65:c9:6d:37:1c:d0:7b:40:16:f6:a6:
                    b9:75:d7:eb:14:d8:db:91:8d:0b:1f:a3:5b:69:7b:
                    fa:6d:1c:05:df:f0:8f:87:04:6e:26:2b:7a:c5:0d:
                    09:44:07:27:ec:51:3d:d7:28:45:78:9c:08:72:bd:
                    c3:ed:6a:27:d5:cf:4e:7c:75:08:66:c0:14:d5:1e:
                    5f:eb:46:10:4a:2d:44:74:85:a1:dd:85:63:20:b7:
                    7d:b1:18:68:9d:82:ff:e6:d5:85:2d:2b:0e:c2:2e:
                    3c:b2:1b:03:71:68:2d:4c:33:d8:43:b8:fa:02:1f:
                    31:25:a6:93:93:91:09:6f:39:bf:f3:e6:b9:f9:ab:
                    5a:1a:1f:09:49:e0:db:9e:c7:b7:c0:b6:d2:27:02:
                    f7:80:e3:ff:b0:32:36:10:a6:9a:b2:5e:00:c2:10:
                    8e:46:80:67:28:c3:c3:bc:51:a9:a6:e5:78:ba:3d:
                    98:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:91:6C:2F:DD:92:A5:B8:2D:EA:F8:78:AF:2D:4E:7C:42:67:72:07
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/u5FsL92Spbgt6vh4ry1OfEJncgc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a8:32:b0:87:d1:f6:1c:f7:53:a6:31:9e:e8:6e:41:cb:e2:1b:
         a0:bf:19:f7:37:56:41:6c:4a:2d:9f:a6:07:90:ee:40:36:d7:
         71:8c:7d:1c:7e:21:5c:2c:f4:66:28:a5:f5:20:b6:9b:42:50:
         c4:d0:12:be:a5:3f:c4:d2:e4:5b:c0:20:ef:d9:83:75:12:3d:
         96:f5:de:44:41:22:dd:eb:49:d3:ca:98:59:07:cd:a4:ef:08:
         04:0a:7b:59:e7:56:50:ae:fd:e8:97:4b:51:dd:e8:02:a2:20:
         9b:ab:d3:9f:72:b2:81:d3:b1:91:9c:d9:d9:20:c6:53:80:d8:
         1f:1c:87:6b:58:c5:b4:c4:89:0b:ea:8a:4e:b7:de:85:28:58:
         3f:f2:1c:02:3b:64:b4:67:a7:3b:bc:4c:08:67:8d:7b:62:8a:
         1b:ef:93:f7:0e:ab:03:de:da:b2:f0:e6:a0:fc:e3:ff:69:7e:
         8e:1a:34:9d:02:3f:89:82:34:f1:38:85:02:a5:95:56:e0:df:
         7f:77:c7:96:ea:60:1e:2b:3e:7d:e3:2f:90:08:5d:e0:d1:35:
         ed:66:2b:78:14:0e:d4:10:b2:4a:c2:8c:fd:c3:ab:40:51:21:
         71:8f:f4:ec:e0:f1:b6:37:bd:86:5e:0f:fe:81:c2:9a:d8:41:
         aa:95:53:ba
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgOk9XXui4+oSiNrC2xpJs6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTEyMDYwOTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjkxNmMyZmRkOTJhNWI4MmRlYWY4NzhhZjJkNGU3YzQyNjc3MjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBZPLrj27t+/pHOoN+I4Bl4hN2JH
OcuAoqvA6J5WGrOev34JFpy3zw9JWIrsVM9jJF88cY3inuBZnm+xANJEd2Mwqf1e
yK2HOZ30/S+AZcltNxzQe0AW9qa5ddfrFNjbkY0LH6NbaXv6bRwF3/CPhwRuJit6
xQ0JRAcn7FE91yhFeJwIcr3D7Won1c9OfHUIZsAU1R5f60YQSi1EdIWh3YVjILd9
sRhonYL/5tWFLSsOwi48shsDcWgtTDPYQ7j6Ah8xJaaTk5EJbzm/8+a5+ataGh8J
SeDbnse3wLbSJwL3gOP/sDI2EKaasl4AwhCORoBnKMPDvFGppuV4uj2YRQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLuRbC/dkqW4Ler4eK8tTnxCZ3IHMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvdTVGc0w5MlNwYmd0NnZoNHJ5MU9mRUpuY2djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKgysIfR9hz3U6Yxnuhu
QcviG6C/Gfc3VkFsSi2fpgeQ7kA213GMfRx+IVws9GYopfUgtptCUMTQEr6lP8TS
5FvAIO/Zg3USPZb13kRBIt3rSdPKmFkHzaTvCAQKe1nnVlCu/eiXS1Hd6AKiIJur
059ysoHTsZGc2dkgxlOA2B8ch2tYxbTEiQvqik633oUoWD/yHAI7ZLRnpzu8TAhn
jXtiihvvk/cOqwPe2rLw5qD84/9pfo4aNJ0CP4mCNPE4hQKllVbg3393x5bqYB4r
Pn3jL5AIXeDRNe1mK3gUDtQQskrCjP3Dq0BRIXGP9Ozg8bY3vYZeD/6BwprYQaqV
U7o=
-----END CERTIFICATE-----