Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-LqyveK6HMHKU_rvkBzEtNeXBNc.roa
File:                     1-LqyveK6HMHKU_rvkBzEtNeXBNc.roa (raw, json)
Hash identifier:          Pb2xOXbNng7v0z92gdVWOLnSZ6IGwjlT+tf1OwskWYE=
Subject key identifier:   F8:BA:B2:BD:E2:BA:1C:C1:CA:53:FA:EF:90:1C:C4:B4:D7:97:04:D7
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0189525CAB895D0C28CA3F486757DF9C7945
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-LqyveK6HMHKU_rvkBzEtNeXBNc.roa
Signing time:             Fri 14 Jul 2023 03:05:52 +0000
ROA not before:           Fri 14 Jul 2023 03:05:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:189:525b:f7cc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:52:5c:ab:89:5d:0c:28:ca:3f:48:67:57:df:9c:79:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 14 03:05:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f8bab2bde2ba1cc1ca53faef901cc4b4d79704d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:78:4d:34:54:76:5c:de:cc:c2:8e:c4:08:0a:
                    f8:81:e0:fc:dd:cd:05:5d:5a:06:e5:a4:31:fc:c5:
                    83:cf:20:e3:80:82:ad:06:3e:c2:ac:f6:77:81:ad:
                    12:70:37:85:51:df:79:bc:81:00:c4:fb:34:65:53:
                    80:30:cc:73:69:01:7c:00:43:ae:36:73:4c:63:ab:
                    ab:86:5b:61:ab:1e:ee:75:26:b9:d2:bf:f7:48:21:
                    4d:e5:30:8a:e8:62:c3:e1:01:0c:4e:53:b9:f0:71:
                    1d:ab:90:96:13:de:68:7b:52:0b:4e:28:90:29:53:
                    ce:57:9f:6e:c5:1c:73:de:e0:4c:14:d3:b1:2c:ea:
                    e0:ff:73:83:e3:39:38:16:44:d5:eb:eb:2c:03:fa:
                    37:3a:ae:71:60:d7:38:32:77:b7:69:9a:e7:32:d1:
                    79:15:de:28:87:3b:c2:6c:08:33:ca:0b:ff:fc:a9:
                    ea:2d:01:82:27:3c:b3:ac:92:f2:1e:16:5f:39:35:
                    65:ad:b6:e7:9c:a0:ed:84:c7:b9:84:e5:5d:87:7c:
                    29:af:7a:69:28:7c:d1:35:4f:4e:8e:6b:6b:1c:a1:
                    d3:a1:ac:46:11:5a:04:d3:ec:b6:a6:5f:7b:9e:8f:
                    75:92:81:7d:66:82:6b:3b:61:03:ea:d8:8c:e5:8c:
                    37:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:BA:B2:BD:E2:BA:1C:C1:CA:53:FA:EF:90:1C:C4:B4:D7:97:04:D7
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-LqyveK6HMHKU_rvkBzEtNeXBNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         b5:d2:d0:ac:fc:20:a0:37:97:15:80:2f:79:4e:5c:0c:b7:77:
         ee:3a:d7:ea:44:5a:57:90:be:dd:95:05:22:e6:11:28:88:c4:
         6f:ee:43:50:a1:d0:16:c8:01:08:3a:c3:d7:83:71:bd:51:57:
         af:f4:8b:8f:dc:09:a7:23:33:73:be:5c:4b:44:bb:04:44:ef:
         bf:0d:1c:f1:f4:76:55:1b:8b:ea:c3:a8:77:c9:40:62:4f:5c:
         1e:0d:95:5f:5d:61:c5:4a:c5:ae:10:37:04:f8:33:1c:fc:f9:
         66:1c:79:e1:0c:2c:21:16:29:d5:7a:67:71:89:e1:8c:ec:66:
         1f:e5:aa:5e:a4:ac:31:a3:ed:6b:c4:dd:02:2b:31:03:13:e7:
         51:10:71:a6:e6:79:b3:6c:c6:34:73:88:41:75:75:b3:4f:dd:
         bf:ee:e1:0c:4b:fc:10:47:87:a0:ed:bf:c6:c9:48:80:59:48:
         f3:fe:98:e0:d0:25:b9:24:6d:ca:63:0d:a1:7e:bb:0b:d8:da:
         56:9a:e4:8e:c9:d1:7a:f6:84:38:01:7f:ce:32:0a:40:90:2c:
         a3:17:09:83:31:5b:2c:71:bf:b1:96:0e:30:81:b5:ec:12:41:
         76:63:a1:55:db:30:0d:0e:c6:3c:d6:7c:a4:c8:27:e9:57:c4:
         e1:71:a9:a2
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYlSXKuJXQwoyj9IZ1ffnHlFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzE0MDMwNTUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGJhYjJiZGUyYmExY2MxY2E1M2ZhZWY5MDFjYzRiNGQ3OTcwNGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg3hNNFR2XN7Mwo7ECAr4geD83c0F
XVoG5aQx/MWDzyDjgIKtBj7CrPZ3ga0ScDeFUd95vIEAxPs0ZVOAMMxzaQF8AEOu
NnNMY6urhlthqx7udSa50r/3SCFN5TCK6GLD4QEMTlO58HEdq5CWE95oe1ILTiiQ
KVPOV59uxRxz3uBMFNOxLOrg/3OD4zk4FkTV6+ssA/o3Oq5xYNc4Mne3aZrnMtF5
Fd4ohzvCbAgzygv//KnqLQGCJzyzrJLyHhZfOTVlrbbnnKDthMe5hOVdh3wpr3pp
KHzRNU9OjmtrHKHToaxGEVoE0+y2pl97no91koF9ZoJrO2ED6tiM5Yw3/QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPi6sr3iuhzBylP675AcxLTXlwTXMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMS1McXl2ZUs2SE1IS1VfcnZrQnpFdE5lWEJOYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNWUvNzk4NDQ3LTIxZjQtNDVhYi05OWRjLTFhYmUzYWMxMGFh
Ni8xL2NnUjc0VnNuV1FMYzloZmNQUTRXM0I4d2dDSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAwBggrBgEFBQcBBwEB/wQhMB8wDAQCAAEwBgMEA8EAGDAP
BAIAAjAJAwcAIAEGfABkMA0GCSqGSIb3DQEBCwUAA4IBAQC10tCs/CCgN5cVgC95
TlwMt3fuOtfqRFpXkL7dlQUi5hEoiMRv7kNQodAWyAEIOsPXg3G9UVev9IuP3Amn
IzNzvlxLRLsERO+/DRzx9HZVG4vqw6h3yUBiT1weDZVfXWHFSsWuEDcE+DMc/Plm
HHnhDCwhFinVemdxieGM7GYf5apepKwxo+1rxN0CKzEDE+dREHGm5nmzbMY0c4hB
dXWzT92/7uEMS/wQR4eg7b/GyUiAWUjz/pjg0CW5JG3KYw2hfrsL2NpWmuSOydF6
9oQ4AX/OMgpAkCyjFwmDMVsscb+xlg4wgbXsEkF2Y6FV2zANDsY81nykyCfpV8Th
cami
-----END CERTIFICATE-----