Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/09hwKpVLuyL-vN4pT-XTeWB4CQg.roa
File:                     09hwKpVLuyL-vN4pT-XTeWB4CQg.roa (raw, json)
Hash identifier:          /3FTT8B9F/vPpfA3BUhxox1WEIh1J73ODVaAhqq9y8c=
Subject key identifier:   D3:D8:70:2A:95:4B:BB:22:FE:BC:DE:29:4F:E5:D3:79:60:78:09:08
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01897F6B05AB96E6A6CA0444FADE3849DAFA
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/09hwKpVLuyL-vN4pT-XTeWB4CQg.roa
Signing time:             Sat 22 Jul 2023 21:04:27 +0000
ROA not before:           Sat 22 Jul 2023 21:04:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:189:7f6a:c29c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:7f:6b:05:ab:96:e6:a6:ca:04:44:fa:de:38:49:da:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 22 21:04:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d3d8702a954bbb22febcde294fe5d37960780908
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:e4:c7:ca:ec:4b:7e:80:0c:31:ce:bb:e7:08:
                    10:5b:d2:45:56:02:5e:36:30:5a:dc:95:fc:53:23:
                    b1:06:1e:de:7d:b6:40:04:4d:f8:27:df:e2:a6:09:
                    b9:22:f1:db:71:73:59:97:a8:c7:8e:a5:25:a7:5b:
                    6b:ea:88:f3:08:68:dd:83:aa:05:a1:40:95:3e:d0:
                    b9:cd:fb:5f:d8:a9:8e:23:9c:43:94:a7:84:ee:9e:
                    c1:fe:2c:40:b6:c4:6a:4f:d7:14:88:e4:92:0b:4b:
                    d1:73:f9:82:0b:42:c3:b3:46:9b:65:72:a5:49:bc:
                    c0:ae:4a:20:24:fe:e5:17:cc:4e:54:6a:af:89:48:
                    37:9e:8b:b1:e9:12:cf:12:66:2b:97:7f:c5:ec:85:
                    3f:e7:81:f9:85:fa:02:af:52:86:c5:84:b0:4c:49:
                    32:9f:a9:d4:61:97:57:8c:42:83:c8:2f:36:86:68:
                    d5:0b:e6:44:8c:bd:da:80:34:21:e4:bf:e8:f0:ba:
                    64:1e:34:4b:ba:48:47:cd:8f:8f:d8:5e:3e:ad:9a:
                    89:21:6a:67:5e:60:dc:eb:b6:93:2a:54:ba:21:31:
                    32:43:8d:d8:35:63:cf:6e:97:f8:60:2b:dc:dc:75:
                    74:d5:c7:25:aa:c3:03:2b:bb:09:ba:22:af:65:31:
                    73:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:D8:70:2A:95:4B:BB:22:FE:BC:DE:29:4F:E5:D3:79:60:78:09:08
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/09hwKpVLuyL-vN4pT-XTeWB4CQg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         9b:cb:d7:ec:d6:d0:fc:74:50:41:66:ca:11:5a:5c:90:4e:d3:
         d8:67:ef:2b:a4:07:bc:13:ef:06:65:67:4a:10:c0:39:16:66:
         cb:2d:bb:d2:a1:94:c6:fe:2f:fc:8d:8d:c3:7c:e1:43:70:d9:
         fe:0a:75:9a:3e:83:c1:b8:47:a4:2d:01:6e:de:da:00:2f:c5:
         4c:c3:c4:fa:7d:5d:ff:62:9a:9b:76:2e:04:9b:48:0e:02:cc:
         ee:9e:12:f3:4a:09:87:4b:61:29:74:11:28:3c:6c:16:f0:6f:
         c9:2b:ff:72:64:48:af:40:dc:98:56:4e:17:43:85:86:c6:ec:
         0f:c3:93:6c:cf:0b:d4:27:1c:30:4b:e5:15:71:67:84:40:d0:
         c2:83:67:a6:52:65:72:94:5e:26:86:f9:d4:eb:aa:5c:d4:c3:
         d5:cd:5a:27:ee:18:e0:4d:a1:72:b0:3d:e8:a4:12:de:ac:bc:
         9c:ed:63:81:27:ab:19:12:f5:45:d5:07:63:6e:02:a4:a4:ff:
         a8:cf:29:b5:ea:ad:eb:ac:e9:af:d5:fd:f1:62:f9:9c:33:1f:
         36:53:35:61:7e:ad:c2:d3:e5:b0:8c:61:6c:98:ee:ee:a0:f3:
         88:6c:a2:70:bb:cf:54:5a:03:55:28:4e:e1:e6:0d:a4:5d:d0:
         2b:97:f6:c2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYl/awWrluamygRE+t44Sdr6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzIyMjEwNDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2Q4NzAyYTk1NGJiYjIyZmViY2RlMjk0ZmU1ZDM3OTYwNzgwOTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjOTHyuxLfoAMMc675wgQW9JFVgJe
NjBa3JX8UyOxBh7efbZABE34J9/ipgm5IvHbcXNZl6jHjqUlp1tr6ojzCGjdg6oF
oUCVPtC5zftf2KmOI5xDlKeE7p7B/ixAtsRqT9cUiOSSC0vRc/mCC0LDs0abZXKl
SbzArkogJP7lF8xOVGqviUg3noux6RLPEmYrl3/F7IU/54H5hfoCr1KGxYSwTEky
n6nUYZdXjEKDyC82hmjVC+ZEjL3agDQh5L/o8LpkHjRLukhHzY+P2F4+rZqJIWpn
XmDc67aTKlS6ITEyQ43YNWPPbpf4YCvc3HV01cclqsMDK7sJuiKvZTFzxwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNPYcCqVS7si/rzeKU/l03lgeAkIMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMDlod0twVkx1eUwtdk40cFQtWFRlV0I0Q1FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJvL1+zW0Px0UEFmyhFa
XJBO09hn7yukB7wT7wZlZ0oQwDkWZsstu9KhlMb+L/yNjcN84UNw2f4KdZo+g8G4
R6QtAW7e2gAvxUzDxPp9Xf9impt2LgSbSA4CzO6eEvNKCYdLYSl0ESg8bBbwb8kr
/3JkSK9A3JhWThdDhYbG7A/Dk2zPC9QnHDBL5RVxZ4RA0MKDZ6ZSZXKUXiaG+dTr
qlzUw9XNWifuGOBNoXKwPeikEt6svJztY4EnqxkS9UXVB2NuAqSk/6jPKbXqreus
6a/V/fFi+ZwzHzZTNWF+rcLT5bCMYWyY7u6g84hsonC7z1RaA1UoTuHmDaRd0CuX
9sI=
-----END CERTIFICATE-----