Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/y7k104VpLUB80sSKsYuQYEAEd9E.roa
File:                     y7k104VpLUB80sSKsYuQYEAEd9E.roa (raw, json)
Hash identifier:          kCWSBIf1c1PXJOKY8HwvIvOIQ78nGPRNnhqIyyxqu4M=
Subject key identifier:   CB:B9:35:D3:85:69:2D:40:7C:D2:C4:8A:B1:8B:90:60:40:04:77:D1
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018825565FD5355913667E38EACB9BAA33E9
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/y7k104VpLUB80sSKsYuQYEAEd9E.roa
Signing time:             Tue 16 May 2023 16:13:17 +0000
ROA not before:           Tue 16 May 2023 16:13:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:25:56:5f:d5:35:59:13:66:7e:38:ea:cb:9b:aa:33:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 16 16:13:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cbb935d385692d407cd2c48ab18b9060400477d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ed:a9:70:88:90:04:b6:83:db:c3:12:57:25:
                    de:c4:0e:f2:de:27:84:94:d9:0d:f8:a0:b4:9e:d8:
                    f4:ae:a0:07:d5:ac:26:50:34:7e:e3:d0:8d:4c:cd:
                    c9:09:20:87:a9:41:dc:14:1b:dd:97:dc:a8:26:6b:
                    cb:74:fa:ac:81:25:e1:f6:a4:81:ee:0e:30:82:75:
                    d6:38:1a:77:27:4f:11:c4:40:34:2d:1f:46:50:f8:
                    e7:ef:74:c6:dc:50:72:58:1a:94:75:78:da:e9:7d:
                    8b:ab:9e:54:18:00:8b:3d:9b:32:44:4e:52:d4:6c:
                    36:29:bb:e4:b2:df:01:97:23:0b:a7:85:ba:86:17:
                    f2:17:c1:37:fb:e9:69:c0:08:e3:2c:14:ea:65:15:
                    cd:60:0c:24:05:d9:e2:34:0b:68:49:cc:58:70:e3:
                    52:63:e0:aa:a3:78:3e:14:6a:3b:2b:4d:f4:39:0a:
                    68:6b:e4:f6:00:29:a4:2d:f1:f1:96:c8:8b:ae:b3:
                    4e:16:53:01:99:28:37:20:87:8f:7b:f7:cb:b7:57:
                    7c:b4:83:5c:a6:3b:10:df:9a:3b:6b:f5:4d:88:c2:
                    e5:f8:9d:54:77:9e:4c:6c:10:28:ac:29:3b:06:27:
                    48:c2:74:93:cf:16:ad:e9:c5:2b:2d:73:04:18:1a:
                    60:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:B9:35:D3:85:69:2D:40:7C:D2:C4:8A:B1:8B:90:60:40:04:77:D1
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/y7k104VpLUB80sSKsYuQYEAEd9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         44:4c:2f:da:b3:61:29:71:fa:a2:ac:58:92:dd:8a:22:ae:53:
         45:a6:56:ba:d6:26:3a:98:e3:a8:da:50:b6:1f:86:5c:62:32:
         a4:89:e5:c2:d1:82:b3:fa:57:c4:17:08:ad:2a:31:c0:6b:35:
         53:c5:e5:33:84:0c:01:31:24:0c:ea:fa:af:fd:01:5a:db:d5:
         eb:a7:94:a5:30:72:b4:30:88:7d:83:e2:31:58:0c:48:ee:e3:
         43:b7:83:e1:fb:75:45:0c:92:5e:7e:84:e6:e7:b2:55:56:03:
         b0:81:ad:67:1c:4f:ec:00:47:44:7c:26:53:f8:31:53:44:50:
         fe:b0:86:8f:35:a1:26:15:d8:50:19:42:ac:0c:a5:bb:e9:f4:
         7b:02:86:5b:62:48:3e:16:1f:7a:0b:96:58:6f:0a:6d:ff:eb:
         c1:d4:69:bd:f9:14:77:60:0a:7e:f6:78:32:ac:dd:60:f8:e7:
         2f:23:0b:ae:22:31:d5:6e:06:62:cc:4b:f8:7e:ca:90:0a:a4:
         3a:32:45:fe:51:e0:7a:6d:9e:bc:56:b3:ff:23:66:ab:bf:23:
         f6:a7:53:5d:22:f0:d7:18:ee:f2:9f:5c:c2:64:d2:8a:49:46:
         c1:3a:16:07:d1:de:0e:b4:c3:92:81:fb:50:71:4b:3a:6f:a0:
         09:2f:3a:ca
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYglVl/VNVkTZn446subqjPpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTE2MTYxMzE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmI5MzVkMzg1NjkyZDQwN2NkMmM0OGFiMThiOTA2MDQwMDQ3N2QxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+2pcIiQBLaD28MSVyXexA7y3ieE
lNkN+KC0ntj0rqAH1awmUDR+49CNTM3JCSCHqUHcFBvdl9yoJmvLdPqsgSXh9qSB
7g4wgnXWOBp3J08RxEA0LR9GUPjn73TG3FByWBqUdXja6X2Lq55UGACLPZsyRE5S
1Gw2Kbvkst8BlyMLp4W6hhfyF8E3++lpwAjjLBTqZRXNYAwkBdniNAtoScxYcONS
Y+Cqo3g+FGo7K030OQpoa+T2ACmkLfHxlsiLrrNOFlMBmSg3IIePe/fLt1d8tINc
pjsQ35o7a/VNiMLl+J1Ud55MbBAorCk7BidIwnSTzxat6cUrLXMEGBpg9QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMu5NdOFaS1AfNLEirGLkGBABHfRMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEveTdrMTA0VnBMVUI4MHNTS3NZdVFZRUFFZDlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAERML9qzYSlx+qKsWJLd
iiKuU0WmVrrWJjqY46jaULYfhlxiMqSJ5cLRgrP6V8QXCK0qMcBrNVPF5TOEDAEx
JAzq+q/9AVrb1eunlKUwcrQwiH2D4jFYDEju40O3g+H7dUUMkl5+hObnslVWA7CB
rWccT+wAR0R8JlP4MVNEUP6who81oSYV2FAZQqwMpbvp9HsChltiSD4WH3oLllhv
Cm3/68HUab35FHdgCn72eDKs3WD45y8jC64iMdVuBmLMS/h+ypAKpDoyRf5R4Hpt
nrxWs/8jZqu/I/anU10i8NcY7vKfXMJk0opJRsE6FgfR3g60w5KB+1BxSzpvoAkv
Oso=
-----END CERTIFICATE-----