Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/0pZW2BcaV9QoVNRUKRNvm_UwUc8.roa
File:                     0pZW2BcaV9QoVNRUKRNvm_UwUc8.roa (raw, json)
Hash identifier:          eFXmMtGUOGCzm67dGWmYe+TwTGKixLowgNo/bo0uAu0=
Subject key identifier:   D2:96:56:D8:17:1A:57:D4:28:54:D4:54:29:13:6F:9B:F5:30:51:CF
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188383125C826B59F41FE890D5B603FA754
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/0pZW2BcaV9QoVNRUKRNvm_UwUc8.roa
Signing time:             Sat 20 May 2023 08:05:24 +0000
ROA not before:           Sat 20 May 2023 08:05:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:188:3830:4dd9/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:38:31:25:c8:26:b5:9f:41:fe:89:0d:5b:60:3f:a7:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 20 08:05:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d29656d8171a57d42854d45429136f9bf53051cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:ad:41:21:49:25:7e:b2:96:39:8e:5a:0f:06:
                    7b:1a:e1:a6:ee:ba:4e:25:d9:f2:64:90:de:82:da:
                    d4:3a:b3:c5:04:33:01:cf:12:a5:13:04:60:37:e0:
                    40:b1:58:85:1b:38:cd:96:21:8d:7a:0a:c9:e6:85:
                    93:61:56:0a:9e:92:19:5b:ee:e4:24:f3:bf:23:d7:
                    4b:4f:cd:96:f6:f4:25:55:d4:b8:04:d8:8c:71:52:
                    ff:e5:43:6f:bb:8a:7a:ec:92:9e:a5:79:d5:a7:1d:
                    cf:50:17:b5:d8:a5:16:d3:bd:b7:6a:11:52:e2:11:
                    a8:4c:9d:de:93:de:20:ce:27:c7:b4:6b:60:22:21:
                    d4:a7:eb:c9:fd:4f:96:2e:46:fb:45:5f:89:b1:41:
                    c7:df:f9:fd:77:44:21:52:1b:4c:1d:b8:34:cf:23:
                    88:3e:0a:ff:ce:df:69:cc:4b:ea:84:c6:16:0e:37:
                    4b:c1:8f:4c:74:88:5e:3f:fc:36:bc:05:3d:6e:10:
                    af:10:e0:2a:b4:7e:c0:03:2b:cd:4e:91:36:fd:64:
                    c3:bb:f6:c0:02:26:a4:d9:4c:de:5b:c3:46:74:f6:
                    f1:3e:08:d9:f1:84:5b:c2:01:4c:0b:67:e6:50:dd:
                    c1:55:ac:23:e1:d3:5b:eb:12:fd:24:80:ec:28:d1:
                    a6:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:96:56:D8:17:1A:57:D4:28:54:D4:54:29:13:6F:9B:F5:30:51:CF
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/0pZW2BcaV9QoVNRUKRNvm_UwUc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:09:39:e0:77:1f:e1:99:55:1b:63:3b:13:05:4c:e3:ce:af:
         89:e6:0a:3a:f4:3a:cb:5d:3a:a3:45:18:15:dc:6c:46:46:81:
         af:b6:1b:b5:02:63:10:03:9e:2f:f0:b7:46:33:bc:89:73:a9:
         5d:01:92:55:d6:98:ba:50:fa:4b:aa:30:6f:5a:17:bb:ba:60:
         ba:66:95:c0:ca:63:f2:e6:8c:6e:d3:e1:06:ac:b5:58:22:df:
         a8:ba:8d:b6:a6:aa:a4:b8:c5:6d:8d:5e:cd:4b:c4:04:f6:ae:
         1b:94:45:43:59:61:fa:cf:c4:07:df:35:83:6b:85:c4:94:e6:
         6a:e9:6a:f6:ba:08:fe:17:3d:0e:e0:e4:c0:50:c4:29:be:2b:
         7d:c8:42:6d:55:13:d7:1d:a4:30:d8:9d:a8:0b:f5:17:bb:64:
         48:e9:7b:15:ca:20:13:71:29:93:5c:e6:07:e6:98:98:35:e5:
         85:02:5b:d2:a5:87:b9:08:20:13:b2:b7:2d:ad:67:e8:b3:6a:
         50:4d:b5:d6:bd:61:83:45:6a:1b:9b:9c:8f:29:53:45:bd:df:
         9d:43:ae:4f:86:1f:dc:01:96:02:56:eb:f6:2c:12:06:59:0f:
         cb:57:10:47:66:ff:7a:6b:85:ce:be:10:b9:db:f0:04:e2:47:
         4c:e3:c0:04
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYg4MSXIJrWfQf6JDVtgP6dUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTIwMDgwNTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjk2NTZkODE3MWE1N2Q0Mjg1NGQ0NTQyOTEzNmY5YmY1MzA1MWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk61BIUklfrKWOY5aDwZ7GuGm7rpO
JdnyZJDegtrUOrPFBDMBzxKlEwRgN+BAsViFGzjNliGNegrJ5oWTYVYKnpIZW+7k
JPO/I9dLT82W9vQlVdS4BNiMcVL/5UNvu4p67JKepXnVpx3PUBe12KUW0723ahFS
4hGoTJ3ek94gzifHtGtgIiHUp+vJ/U+WLkb7RV+JsUHH3/n9d0QhUhtMHbg0zyOI
Pgr/zt9pzEvqhMYWDjdLwY9MdIheP/w2vAU9bhCvEOAqtH7AAyvNTpE2/WTDu/bA
Aiak2UzeW8NGdPbxPgjZ8YRbwgFMC2fmUN3BVawj4dNb6xL9JIDsKNGmAwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNKWVtgXGlfUKFTUVCkTb5v1MFHPMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMHBaVzJCY2FWOVFvVk5SVUtSTnZtX1V3VWM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADIJOeB3H+GZVRtjOxMF
TOPOr4nmCjr0OstdOqNFGBXcbEZGga+2G7UCYxADni/wt0YzvIlzqV0BklXWmLpQ
+kuqMG9aF7u6YLpmlcDKY/LmjG7T4QastVgi36i6jbamqqS4xW2NXs1LxAT2rhuU
RUNZYfrPxAffNYNrhcSU5mrpava6CP4XPQ7g5MBQxCm+K33IQm1VE9cdpDDYnagL
9Re7ZEjpexXKIBNxKZNc5gfmmJg15YUCW9Klh7kIIBOyty2tZ+izalBNtda9YYNF
ahubnI8pU0W9351Drk+GH9wBlgJW6/YsEgZZD8tXEEdm/3prhc6+ELnb8ATiR0zj
wAQ=
-----END CERTIFICATE-----