Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1G75L_6waiS78oUGyF0M13e5g58.roa
File:                     1G75L_6waiS78oUGyF0M13e5g58.roa (raw, json)
Hash identifier:          QQLkG50Dwe0oCXK7758uJNlVr4LVimdXmkGGCiufgPI=
Subject key identifier:   D4:6E:F9:2F:FE:B0:6A:24:BB:F2:85:06:C8:5D:0C:D7:77:B9:83:9F
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01893A5AB709B67412CA04E562118B27EE83
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1G75L_6waiS78oUGyF0M13e5g58.roa
Signing time:             Sun 09 Jul 2023 11:12:50 +0000
ROA not before:           Sun 09 Jul 2023 11:12:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:3a:5a:b7:09:b6:74:12:ca:04:e5:62:11:8b:27:ee:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul  9 11:12:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d46ef92ffeb06a24bbf28506c85d0cd777b9839f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:d9:63:e7:9c:1c:28:10:29:2a:98:cf:56:dd:
                    6f:55:99:2c:29:7a:96:d8:9d:42:53:b8:39:f1:85:
                    e9:e0:38:a9:7a:25:d3:45:5c:e7:32:7a:b4:57:f2:
                    e1:29:a3:8c:cf:30:a7:73:4c:ba:17:90:07:da:e4:
                    d1:86:80:19:c7:ca:50:9a:aa:1a:6c:ab:cf:39:a3:
                    f4:f5:83:42:19:58:59:4e:1c:c5:01:01:c6:f4:a7:
                    37:c0:f6:33:af:c8:e8:7e:1b:22:db:fb:eb:d0:ec:
                    7e:79:b7:82:46:4b:96:5a:32:fc:d3:41:77:c1:af:
                    80:0c:41:d5:4f:15:89:7a:7e:c1:0a:ce:01:37:aa:
                    b1:dd:be:71:bb:e4:54:e4:92:6f:63:68:24:d8:5b:
                    25:35:5b:07:96:92:d3:47:94:94:20:a2:cc:be:1d:
                    c3:d7:73:95:bf:56:45:bc:f1:d3:bc:c0:8b:83:e3:
                    d8:da:a1:db:8b:cb:c6:10:14:52:97:ed:0d:67:94:
                    3e:1c:62:e7:13:89:3e:75:80:a6:e8:e9:9f:74:d1:
                    24:eb:85:1a:f8:9f:68:c5:a9:1e:57:c9:97:aa:11:
                    57:86:ea:ae:b2:db:8b:19:83:b8:a2:44:72:93:c1:
                    2e:c0:0d:ba:a4:e9:70:81:4e:dd:d1:29:16:e8:77:
                    bb:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:6E:F9:2F:FE:B0:6A:24:BB:F2:85:06:C8:5D:0C:D7:77:B9:83:9F
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1G75L_6waiS78oUGyF0M13e5g58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:2a:06:b5:41:18:62:a6:81:1f:b7:8a:77:05:7c:fb:7f:87:
         3c:d5:20:1d:b9:29:b3:d9:e3:26:bf:84:5f:33:ba:9d:fd:c6:
         30:8a:61:49:52:54:79:67:15:ec:e6:34:c9:81:96:86:a6:5e:
         8d:95:e6:69:98:f2:a8:6a:94:b0:36:40:85:41:7f:3e:78:56:
         2a:ce:3c:e2:53:f8:95:91:9c:af:2e:f5:07:0c:3e:40:37:01:
         15:26:d4:d1:d2:96:77:b9:8f:b3:58:5c:fc:77:ff:9f:02:d1:
         30:b7:9e:3b:ec:2c:ee:f2:75:23:45:62:8e:be:62:fe:66:12:
         bd:f3:fe:09:39:fb:26:a9:f5:45:48:51:ca:4f:03:36:25:ef:
         4e:d2:e4:15:1a:07:db:e1:bf:09:00:1f:25:f9:2f:d9:fe:ca:
         38:cd:b6:be:18:a6:d6:da:12:1d:5f:c5:b8:30:b8:89:c5:24:
         34:3c:8b:05:38:69:19:bc:f0:2d:3f:df:71:50:3c:c0:1a:63:
         38:b2:83:84:91:d3:c4:0d:3a:10:6e:64:73:bf:f7:68:6e:20:
         06:20:2d:a8:5b:f2:27:b6:22:74:89:e6:7b:2d:bb:d7:3e:48:
         56:14:73:5b:d8:ce:f6:bb:e9:f3:1c:4c:7d:3b:ae:89:22:09:
         81:6d:5e:28
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYk6WrcJtnQSygTlYhGLJ+6DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzA5MTExMjUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDZlZjkyZmZlYjA2YTI0YmJmMjg1MDZjODVkMGNkNzc3Yjk4MzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9lj55wcKBApKpjPVt1vVZksKXqW
2J1CU7g58YXp4DipeiXTRVznMnq0V/LhKaOMzzCnc0y6F5AH2uTRhoAZx8pQmqoa
bKvPOaP09YNCGVhZThzFAQHG9Kc3wPYzr8jofhsi2/vr0Ox+ebeCRkuWWjL800F3
wa+ADEHVTxWJen7BCs4BN6qx3b5xu+RU5JJvY2gk2FslNVsHlpLTR5SUIKLMvh3D
13OVv1ZFvPHTvMCLg+PY2qHbi8vGEBRSl+0NZ5Q+HGLnE4k+dYCm6OmfdNEk64Ua
+J9oxakeV8mXqhFXhuqustuLGYO4okRyk8EuwA26pOlwgU7d0SkW6He7VwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNRu+S/+sGoku/KFBshdDNd3uYOfMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMUc3NUxfNndhaVM3OG9VR3lGME0xM2U1ZzU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFYqBrVBGGKmgR+3incF
fPt/hzzVIB25KbPZ4ya/hF8zup39xjCKYUlSVHlnFezmNMmBloamXo2V5mmY8qhq
lLA2QIVBfz54VirOPOJT+JWRnK8u9QcMPkA3ARUm1NHSlne5j7NYXPx3/58C0TC3
njvsLO7ydSNFYo6+Yv5mEr3z/gk5+yap9UVIUcpPAzYl707S5BUaB9vhvwkAHyX5
L9n+yjjNtr4YptbaEh1fxbgwuInFJDQ8iwU4aRm88C0/33FQPMAaYziyg4SR08QN
OhBuZHO/92huIAYgLahb8ie2InSJ5nstu9c+SFYUc1vYzva76fMcTH07rokiCYFt
Xig=
-----END CERTIFICATE-----