Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-LazQeWr-U4CghhjCP__WU6zbdQ.roa
File:                     1-LazQeWr-U4CghhjCP__WU6zbdQ.roa (raw, json)
Hash identifier:          GSrv0/QmxgImQ6iYmEF4P6NdY30MJGi9NwTMUuUADZo=
Subject key identifier:   F8:B6:B3:41:E5:AB:F9:4E:02:82:18:63:08:FF:FF:59:4E:B3:6D:D4
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188582E89150096C3583E2E362E777CDAA8
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-LazQeWr-U4CghhjCP__WU6zbdQ.roa
Signing time:             Fri 26 May 2023 13:10:24 +0000
ROA not before:           Fri 26 May 2023 13:10:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:58:2e:89:15:00:96:c3:58:3e:2e:36:2e:77:7c:da:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 26 13:10:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f8b6b341e5abf94e0282186308ffff594eb36dd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:f5:30:17:5d:78:59:ef:a7:32:f7:a0:04:e4:
                    93:a5:7b:41:30:16:a6:d7:60:55:d3:b5:7c:00:a9:
                    ea:df:12:d5:57:7d:ac:bc:2b:b6:f6:9c:e6:9a:36:
                    4d:3b:a9:fc:de:bd:a2:4a:5c:24:0a:d7:c9:5e:c9:
                    06:29:50:4d:55:b8:6c:3b:9e:5d:c5:4c:6e:cd:a0:
                    c7:d3:dd:76:07:a9:00:89:7f:15:45:ef:2d:55:ea:
                    c9:26:fa:a7:c7:db:6c:96:35:84:f3:28:77:ef:7b:
                    07:08:de:41:6e:6c:0f:72:bb:4c:87:0f:ff:0e:8d:
                    7d:bf:22:4e:b7:2f:80:fe:08:57:a1:62:3c:c6:f6:
                    96:2c:58:54:90:2a:3e:48:b1:d6:f7:16:07:20:66:
                    c1:3b:07:ad:d5:f8:18:55:47:d0:32:bd:ce:ab:ad:
                    5f:29:54:9b:9b:f5:0f:f9:33:ed:f8:0c:ed:8a:c6:
                    23:c3:eb:5c:59:8b:27:2f:f5:72:1c:27:4b:01:d2:
                    74:cb:8f:06:d2:b1:ca:68:3a:c5:cd:f6:e6:8e:b2:
                    dc:3f:6a:a2:d2:55:31:b7:83:16:6d:74:6f:75:45:
                    3b:5f:b3:36:e6:62:b6:0f:2e:23:78:28:56:8b:30:
                    f8:d9:f8:e8:43:83:49:62:54:44:69:43:5b:10:71:
                    09:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:B6:B3:41:E5:AB:F9:4E:02:82:18:63:08:FF:FF:59:4E:B3:6D:D4
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-LazQeWr-U4CghhjCP__WU6zbdQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         af:f9:30:a2:ba:ea:c1:5e:ce:92:50:a4:d4:8b:46:95:28:27:
         81:e1:89:0b:6c:56:a2:a7:2d:e4:81:7d:64:f3:26:fe:f1:45:
         84:e0:1e:d6:b7:a5:22:7e:f1:c5:de:25:f1:55:d6:89:d7:9d:
         f0:ae:04:1e:b0:c5:41:0d:65:9f:6b:9a:d3:4b:ae:eb:52:6f:
         48:9b:45:e9:65:03:ec:fc:1c:c2:cf:b9:3f:78:5e:e6:be:45:
         9e:4c:0e:ba:ee:e1:0c:64:5c:ef:aa:83:db:94:77:7b:50:14:
         37:3e:7a:f7:e2:72:a3:7c:ba:a5:73:33:a0:35:75:27:ac:15:
         2d:54:ea:e1:22:00:5f:88:6c:62:0f:49:c7:52:e7:e2:64:3a:
         80:71:8a:27:2b:ee:60:8e:f0:df:69:65:25:96:bf:a2:ec:ea:
         1b:b1:d0:cb:61:0d:c0:0d:84:70:5f:21:43:90:dd:e3:bf:2d:
         c0:54:bc:09:e9:57:0e:a8:d9:25:73:1e:f1:db:18:cd:3b:36:
         36:a5:28:21:1f:e2:14:83:93:c2:0d:97:04:d8:9a:8f:f6:72:
         b3:c7:43:2e:a3:f9:7a:d7:61:52:2b:bf:3b:1a:69:62:ca:98:
         75:70:df:a9:84:95:c7:a8:d5:22:17:fe:31:d2:30:6b:3e:18:
         50:c8:f1:62
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYhYLokVAJbDWD4uNi53fNqoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTI2MTMxMDI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGI2YjM0MWU1YWJmOTRlMDI4MjE4NjMwOGZmZmY1OTRlYjM2ZGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPUwF114We+nMvegBOSTpXtBMBam
12BV07V8AKnq3xLVV32svCu29pzmmjZNO6n83r2iSlwkCtfJXskGKVBNVbhsO55d
xUxuzaDH0912B6kAiX8VRe8tVerJJvqnx9tsljWE8yh373sHCN5BbmwPcrtMhw//
Do19vyJOty+A/ghXoWI8xvaWLFhUkCo+SLHW9xYHIGbBOwet1fgYVUfQMr3Oq61f
KVSbm/UP+TPt+AztisYjw+tcWYsnL/VyHCdLAdJ0y48G0rHKaDrFzfbmjrLcP2qi
0lUxt4MWbXRvdUU7X7M25mK2Dy4jeChWizD42fjoQ4NJYlREaUNbEHEJ8wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPi2s0Hlq/lOAoIYYwj//1lOs23UMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMS1MYXpRZVdyLVU0Q2doaGpDUF9fV1U2emJkUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNWUvNzk4NDQ3LTIxZjQtNDVhYi05OWRjLTFhYmUzYWMxMGFh
Ni8xL2NnUjc0VnNuV1FMYzloZmNQUTRXM0I4d2dDSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAwBggrBgEFBQcBBwEB/wQhMB8wDAQCAAEwBgMEA8EAGDAP
BAIAAjAJAwcAIAEGfABkMA0GCSqGSIb3DQEBCwUAA4IBAQCv+TCiuurBXs6SUKTU
i0aVKCeB4YkLbFaipy3kgX1k8yb+8UWE4B7Wt6UifvHF3iXxVdaJ153wrgQesMVB
DWWfa5rTS67rUm9Im0XpZQPs/BzCz7k/eF7mvkWeTA667uEMZFzvqoPblHd7UBQ3
Pnr34nKjfLqlczOgNXUnrBUtVOrhIgBfiGxiD0nHUufiZDqAcYonK+5gjvDfaWUl
lr+i7OobsdDLYQ3ADYRwXyFDkN3jvy3AVLwJ6VcOqNklcx7x2xjNOzY2pSghH+IU
g5PCDZcE2JqP9nKzx0Muo/l612FSK787Gmliyph1cN+phJXHqNUiF/4x0jBrPhhQ
yPFi
-----END CERTIFICATE-----