Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/uV4-adn0dofvC_631GNX3lZuhG0.roa
File:                     uV4-adn0dofvC_631GNX3lZuhG0.roa (raw, json)
Hash identifier:          Q7Raeqc3RpJqqN1es7yvzF3rc2Sz42j7CqljSzqehbY=
Subject key identifier:   B9:5E:3E:69:D9:F4:76:87:EF:0B:FE:B7:D4:63:57:DE:56:6E:84:6D
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186F3FECC4268855A9127057897CD9CBDEF
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/uV4-adn0dofvC_631GNX3lZuhG0.roa
Signing time:             Sat 18 Mar 2023 09:13:27 +0000
ROA not before:           Sat 18 Mar 2023 09:13:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:f3:fe:cc:42:68:85:5a:91:27:05:78:97:cd:9c:bd:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 18 09:13:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b95e3e69d9f47687ef0bfeb7d46357de566e846d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:41:95:b6:42:e8:de:3c:2b:72:63:50:54:10:
                    2e:39:46:f4:90:6d:68:90:7b:d1:bb:d4:bd:9d:de:
                    b9:40:3e:13:99:0e:7c:70:4a:a7:49:14:b1:f7:64:
                    c8:a8:82:47:e8:0d:54:02:47:3c:2f:1a:99:9f:8d:
                    c2:c8:65:18:be:27:33:f7:ca:31:a6:17:8f:fc:aa:
                    06:a9:2f:0c:de:fb:a7:3d:0d:3d:3f:55:ad:c3:41:
                    c8:ff:b6:62:43:e9:8c:b7:a6:52:42:4a:fa:ee:d1:
                    6b:be:c9:67:09:87:8e:fa:16:b4:c6:b7:41:0c:53:
                    66:19:7a:e9:48:e4:cd:f3:c2:95:0c:a5:66:31:4b:
                    64:a5:93:2c:c5:52:ab:ad:f0:ca:9c:0f:0b:47:87:
                    da:c9:fc:05:fe:d6:d4:74:8f:b8:a6:a5:7a:76:41:
                    64:87:83:ef:74:2d:cb:0d:7d:0e:62:9f:d1:65:0d:
                    eb:4d:ed:b7:c0:4a:1d:f0:58:a9:81:28:3b:a5:8d:
                    90:dd:54:92:1f:a2:97:01:b6:30:ea:6a:4e:3c:7d:
                    8e:7b:33:48:63:55:88:68:78:32:b7:86:ac:8b:dc:
                    ee:22:62:8b:fb:b3:76:8c:f4:3d:20:a3:ed:3c:b9:
                    cc:d5:fa:a9:72:5d:ba:10:b9:80:47:6d:13:c5:c4:
                    5f:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:5E:3E:69:D9:F4:76:87:EF:0B:FE:B7:D4:63:57:DE:56:6E:84:6D
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/uV4-adn0dofvC_631GNX3lZuhG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:93:b1:a8:ff:6b:22:e3:69:af:e4:4d:24:9d:1d:35:f0:59:
         d7:10:09:48:cd:6c:1e:62:bb:50:3e:d2:88:47:bb:4d:53:d9:
         40:df:c7:f9:54:eb:70:dc:72:00:00:ab:07:a9:4b:19:d0:1a:
         1e:bf:95:11:07:b0:47:d5:76:e9:21:a7:21:cd:d0:c0:f7:ed:
         ae:9d:ab:e8:06:5d:4f:2a:f3:28:8c:69:5a:01:b1:d8:6f:71:
         a5:47:e1:2b:36:43:96:b0:7a:03:dd:ef:b3:7e:48:1a:01:a4:
         a2:32:2c:d2:03:4a:18:22:90:0b:ff:f4:8a:11:ae:fb:0f:97:
         40:7b:d3:e8:22:e6:d1:fa:77:51:80:38:9a:21:cd:27:90:b8:
         94:13:1a:2f:be:97:94:45:93:a8:2a:05:5d:89:15:32:12:8b:
         83:9e:38:ac:4e:08:58:e7:bc:40:b9:fc:79:83:57:37:e4:aa:
         2d:19:b6:16:e6:3b:c9:c8:20:7f:67:b3:bf:f5:3f:0d:7d:aa:
         7e:47:d5:72:44:5b:ac:6c:d1:41:a5:10:ab:3a:4b:f2:56:c0:
         be:ea:d4:20:31:7d:b5:c7:de:08:e2:e9:04:00:aa:8f:75:a0:
         d2:0a:59:11:5e:1c:70:02:99:cc:c4:96:d9:7b:af:97:63:eb:
         d4:2d:dd:7f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbz/sxCaIVakScFeJfNnL3vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzE4MDkxMzI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTVlM2U2OWQ5ZjQ3Njg3ZWYwYmZlYjdkNDYzNTdkZTU2NmU4NDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEGVtkLo3jwrcmNQVBAuOUb0kG1o
kHvRu9S9nd65QD4TmQ58cEqnSRSx92TIqIJH6A1UAkc8LxqZn43CyGUYvicz98ox
pheP/KoGqS8M3vunPQ09P1Wtw0HI/7ZiQ+mMt6ZSQkr67tFrvslnCYeO+ha0xrdB
DFNmGXrpSOTN88KVDKVmMUtkpZMsxVKrrfDKnA8LR4fayfwF/tbUdI+4pqV6dkFk
h4PvdC3LDX0OYp/RZQ3rTe23wEod8FipgSg7pY2Q3VSSH6KXAbYw6mpOPH2OezNI
Y1WIaHgyt4asi9zuImKL+7N2jPQ9IKPtPLnM1fqpcl26ELmAR20TxcRfIwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLlePmnZ9HaH7wv+t9RjV95WboRtMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvdVY0LWFkbjBkb2Z2Q182MzFHTlgzbFp1aEcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFaTsaj/ayLjaa/kTSSd
HTXwWdcQCUjNbB5iu1A+0ohHu01T2UDfx/lU63DccgAAqwepSxnQGh6/lREHsEfV
dukhpyHN0MD37a6dq+gGXU8q8yiMaVoBsdhvcaVH4Ss2Q5awegPd77N+SBoBpKIy
LNIDShgikAv/9IoRrvsPl0B70+gi5tH6d1GAOJohzSeQuJQTGi++l5RFk6gqBV2J
FTISi4OeOKxOCFjnvEC5/HmDVzfkqi0ZthbmO8nIIH9ns7/1Pw19qn5H1XJEW6xs
0UGlEKs6S/JWwL7q1CAxfbXH3gji6QQAqo91oNIKWRFeHHACmczEltl7r5dj69Qt
3X8=
-----END CERTIFICATE-----