Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/0ayzzCeIcKum94dCTs-I_Hit0Ng.roa
File:                     0ayzzCeIcKum94dCTs-I_Hit0Ng.roa (raw, json)
Hash identifier:          qnclEcemD37jaw0Sr/DMio32AJITQJUjSFbtDOhfjxs=
Subject key identifier:   D1:AC:B3:CC:27:88:70:AB:A6:F7:87:42:4E:CF:88:FC:78:AD:D0:D8
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0189815FCD7987D3923358B82112D130195F
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/0ayzzCeIcKum94dCTs-I_Hit0Ng.roa
Signing time:             Sun 23 Jul 2023 06:11:26 +0000
ROA not before:           Sun 23 Jul 2023 06:11:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:81:5f:cd:79:87:d3:92:33:58:b8:21:12:d1:30:19:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 23 06:11:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d1acb3cc278870aba6f787424ecf88fc78add0d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:c9:72:1d:b7:fd:e9:56:8d:67:ed:b5:c8:c3:
                    a0:af:14:58:55:0c:98:72:4f:dd:fc:ec:df:5c:80:
                    0f:8f:59:d1:6f:8a:f5:17:c8:a2:de:4b:45:bb:36:
                    d4:73:fd:b7:30:e5:74:df:c9:00:b6:f6:58:91:c4:
                    07:69:dd:8f:37:4d:34:33:f7:a4:12:57:cf:b6:ca:
                    6c:ad:f0:2f:98:25:14:ea:75:31:6a:4a:e5:98:b9:
                    2a:ab:ed:66:f1:29:79:63:ae:7f:14:61:b5:88:f2:
                    28:cb:68:cc:9d:11:a6:b4:c3:6c:9a:96:d1:0b:53:
                    a7:d3:e2:8e:3a:b9:e9:15:b2:3d:d3:1f:af:c0:82:
                    24:c2:3a:2d:8b:bc:e3:9b:71:70:0c:15:50:9a:4e:
                    62:ee:84:d2:99:b4:97:96:8b:88:53:ab:a7:4d:07:
                    ab:5e:9e:c9:62:76:1e:2e:68:89:de:7f:c1:5f:04:
                    6a:d6:c4:17:2a:98:0d:64:b3:0b:e0:3b:a9:a7:b7:
                    e4:21:b7:da:21:b1:bd:17:0a:60:8d:65:80:dc:5e:
                    33:e1:7e:5b:dc:1a:74:e5:c2:b4:92:1d:d6:02:63:
                    c5:12:b6:b4:26:ce:34:b8:ab:8d:11:6b:4c:ba:c0:
                    ce:d0:61:3d:d4:6c:70:69:8b:19:74:b4:fd:28:2f:
                    56:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:AC:B3:CC:27:88:70:AB:A6:F7:87:42:4E:CF:88:FC:78:AD:D0:D8
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/0ayzzCeIcKum94dCTs-I_Hit0Ng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         ab:fd:85:6a:fa:c9:69:08:20:e0:c2:72:e1:0e:6e:34:64:df:
         20:0b:04:11:b1:d9:d9:5a:08:6c:17:cc:f7:b1:50:aa:85:75:
         25:03:5d:1f:c6:ac:9a:04:4a:d0:e4:d2:79:04:1e:65:0b:42:
         23:51:8b:26:c6:1e:a7:b4:a0:ec:61:4c:d2:84:0f:60:3e:4b:
         33:fe:7a:33:55:c5:c3:4a:37:76:46:58:0c:4a:31:16:5f:09:
         6e:06:2a:86:2b:40:6a:30:8d:67:bc:3a:db:dc:55:19:ac:54:
         e9:0f:25:a4:b1:f9:14:c2:eb:3a:15:ae:dc:2a:b4:77:dc:76:
         ed:fb:75:29:57:f5:fc:e2:95:2b:5e:61:aa:9a:ea:8c:09:81:
         26:ac:98:5d:ef:e0:52:5d:d6:78:23:87:a6:6a:58:b5:4b:7e:
         6c:99:36:44:93:e4:19:c6:b5:67:af:d7:cf:97:54:bf:ad:c5:
         1a:7b:cd:3a:43:b6:20:d6:09:fe:95:16:cc:bc:d2:9e:78:a2:
         2a:e7:92:2e:e6:68:38:3e:1d:97:e6:c5:89:47:44:1b:23:19:
         af:b1:4e:c4:88:cb:4c:c8:33:0f:fa:67:53:52:f3:6b:10:0f:
         42:02:9b:c8:ac:bf:ec:e7:f5:73:d4:2d:4c:6f:83:f2:74:3b:
         65:cf:57:38
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYmBX815h9OSM1i4IRLRMBlfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzIzMDYxMTI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWFjYjNjYzI3ODg3MGFiYTZmNzg3NDI0ZWNmODhmYzc4YWRkMGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi8lyHbf96VaNZ+21yMOgrxRYVQyY
ck/d/OzfXIAPj1nRb4r1F8ii3ktFuzbUc/23MOV038kAtvZYkcQHad2PN000M/ek
ElfPtspsrfAvmCUU6nUxakrlmLkqq+1m8Sl5Y65/FGG1iPIoy2jMnRGmtMNsmpbR
C1On0+KOOrnpFbI90x+vwIIkwjoti7zjm3FwDBVQmk5i7oTSmbSXlouIU6unTQer
Xp7JYnYeLmiJ3n/BXwRq1sQXKpgNZLML4Dupp7fkIbfaIbG9FwpgjWWA3F4z4X5b
3Bp05cK0kh3WAmPFEra0Js40uKuNEWtMusDO0GE91GxwaYsZdLT9KC9W6QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNGss8wniHCrpveHQk7PiPx4rdDYMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMGF5enpDZUljS3VtOTRkQ1RzLUlfSGl0ME5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKv9hWr6yWkIIODCcuEO
bjRk3yALBBGx2dlaCGwXzPexUKqFdSUDXR/GrJoEStDk0nkEHmULQiNRiybGHqe0
oOxhTNKED2A+SzP+ejNVxcNKN3ZGWAxKMRZfCW4GKoYrQGowjWe8OtvcVRmsVOkP
JaSx+RTC6zoVrtwqtHfcdu37dSlX9fzilSteYaqa6owJgSasmF3v4FJd1ngjh6Zq
WLVLfmyZNkST5BnGtWev18+XVL+txRp7zTpDtiDWCf6VFsy80p54oirnki7maDg+
HZfmxYlHRBsjGa+xTsSIy0zIMw/6Z1NS82sQD0ICm8isv+zn9XPULUxvg/J0O2XP
Vzg=
-----END CERTIFICATE-----