Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/vm3wMLb_bh49veVoKipNiXOHdMk.roa
File:                     vm3wMLb_bh49veVoKipNiXOHdMk.roa (raw, json)
Hash identifier:          tPnrrjUVe4Q5xmVubX+rD3Z7cv/nRPJR5NLiE18n0kE=
Subject key identifier:   BE:6D:F0:30:B6:FF:6E:1E:3D:BD:E5:68:2A:2A:4D:89:73:87:74:C9
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186F928D1C079D2AA85083AB441A15BE0E8
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/vm3wMLb_bh49veVoKipNiXOHdMk.roa
Signing time:             Sun 19 Mar 2023 09:17:27 +0000
ROA not before:           Sun 19 Mar 2023 09:17:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:f9:28:d1:c0:79:d2:aa:85:08:3a:b4:41:a1:5b:e0:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 19 09:17:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=be6df030b6ff6e1e3dbde5682a2a4d89738774c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:db:04:da:d5:3b:69:a3:ee:ab:06:e2:9c:92:
                    3c:80:8d:bc:77:b2:00:d8:fe:1f:6e:3d:35:85:f6:
                    fb:ee:66:4b:03:a5:38:fe:23:63:8c:91:e7:1f:92:
                    a1:1a:57:df:d4:a5:3a:f8:8c:3e:05:94:20:8d:b1:
                    8d:d1:67:9c:83:05:99:83:dd:3e:3c:28:79:33:c3:
                    19:d0:45:94:f2:d2:2c:22:0e:f6:a0:f7:cc:55:d9:
                    03:e9:62:2c:87:a9:db:3e:45:f5:22:1e:89:7a:40:
                    ca:94:20:cd:52:da:34:08:a1:4e:3d:31:68:ed:71:
                    18:2f:40:90:b8:5a:ff:47:67:94:d4:e0:1e:77:d4:
                    e2:1a:88:ba:cb:65:d2:51:f4:be:86:6d:5f:8e:3d:
                    63:a6:59:1a:32:33:d3:60:b1:b7:64:7b:80:00:91:
                    45:27:73:e4:c7:4b:1e:d5:82:fe:03:64:60:a1:9e:
                    52:6d:16:90:39:8f:a3:e3:3d:41:b3:f3:65:f7:4c:
                    c9:0b:34:98:83:b8:ac:da:ff:25:cc:99:d0:4c:96:
                    f5:54:fa:45:17:ad:eb:1d:f2:6e:ba:8f:72:16:8e:
                    30:73:41:b1:fb:7d:24:91:d8:9f:76:7c:80:d6:88:
                    02:14:0a:b2:3b:30:2d:8c:7f:71:27:f7:7f:07:17:
                    87:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:6D:F0:30:B6:FF:6E:1E:3D:BD:E5:68:2A:2A:4D:89:73:87:74:C9
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/vm3wMLb_bh49veVoKipNiXOHdMk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:25:a3:f8:a2:58:04:4d:bf:6e:42:32:6d:49:32:86:66:cd:
         69:3b:b2:9e:20:51:4b:83:07:36:80:eb:6d:1d:df:ef:9b:43:
         01:a1:7b:23:9e:6b:16:e8:68:ef:68:85:ed:76:d0:fd:69:6b:
         d8:82:3a:6d:4e:4c:02:7f:a2:1f:fa:bd:a4:07:a4:db:a5:ca:
         4b:96:7c:1a:8a:cd:2c:62:81:e1:d2:b4:b9:30:8f:59:07:b0:
         eb:3f:1c:d1:56:18:bf:04:2e:61:21:da:70:41:ca:1a:a1:ba:
         b3:bd:65:18:79:0a:e7:f9:10:bb:dd:ba:b6:1d:a7:53:81:4b:
         f6:a5:60:01:4e:22:57:72:3b:1a:15:c9:b4:ea:86:9b:38:c6:
         7c:3b:e0:3c:a2:6b:d1:32:82:82:1e:29:50:d2:41:f4:93:88:
         c9:a1:e6:8e:77:9f:c0:3c:29:b5:12:02:ab:10:25:e8:6b:76:
         65:78:c7:0a:4d:7d:72:31:f7:c2:69:b9:73:3a:0e:f2:c3:7a:
         40:6a:e9:bc:21:34:cf:46:48:7b:bb:e9:a3:4b:3a:99:4a:77:
         10:e2:df:b5:bc:14:61:7b:af:e2:61:70:58:ca:06:5d:fd:15:
         cd:32:09:14:38:70:8e:98:8f:ea:85:4d:14:86:f9:b0:f8:8e:
         68:6a:09:70
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYb5KNHAedKqhQg6tEGhW+DoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzE5MDkxNzI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTZkZjAzMGI2ZmY2ZTFlM2RiZGU1NjgyYTJhNGQ4OTczODc3NGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0tsE2tU7aaPuqwbinJI8gI28d7IA
2P4fbj01hfb77mZLA6U4/iNjjJHnH5KhGlff1KU6+Iw+BZQgjbGN0WecgwWZg90+
PCh5M8MZ0EWU8tIsIg72oPfMVdkD6WIsh6nbPkX1Ih6JekDKlCDNUto0CKFOPTFo
7XEYL0CQuFr/R2eU1OAed9TiGoi6y2XSUfS+hm1fjj1jplkaMjPTYLG3ZHuAAJFF
J3Pkx0se1YL+A2RgoZ5SbRaQOY+j4z1Bs/Nl90zJCzSYg7is2v8lzJnQTJb1VPpF
F63rHfJuuo9yFo4wc0Gx+30kkdifdnyA1ogCFAqyOzAtjH9xJ/d/BxeHxQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFL5t8DC2/24ePb3laCoqTYlzh3TJMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvdm0zd01MYl9iaDQ5dmVWb0tpcE5pWE9IZE1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJ4lo/iiWARNv25CMm1J
MoZmzWk7sp4gUUuDBzaA620d3++bQwGheyOeaxboaO9ohe120P1pa9iCOm1OTAJ/
oh/6vaQHpNulykuWfBqKzSxigeHStLkwj1kHsOs/HNFWGL8ELmEh2nBByhqhurO9
ZRh5Cuf5ELvdurYdp1OBS/alYAFOIldyOxoVybTqhps4xnw74Dyia9EygoIeKVDS
QfSTiMmh5o53n8A8KbUSAqsQJehrdmV4xwpNfXIx98JpuXM6DvLDekBq6bwhNM9G
SHu76aNLOplKdxDi37W8FGF7r+JhcFjKBl39Fc0yCRQ4cI6Yj+qFTRSG+bD4jmhq
CXA=
-----END CERTIFICATE-----