Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1keFnvdYvp_R-92qQX--Ga88bVQ.roa
File:                     1keFnvdYvp_R-92qQX--Ga88bVQ.roa (raw, json)
Hash identifier:          AsPz8a/1hfhRXSSuYrgPkfwXj47AdHK9tlC6KeeP5u8=
Subject key identifier:   D6:47:85:9E:F7:58:BE:9F:D1:FB:DD:AA:41:7F:BE:19:AF:3C:6D:54
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01886FC904611C5FF8D286BF24CB2A3091DB
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1keFnvdYvp_R-92qQX--Ga88bVQ.roa
Signing time:             Wed 31 May 2023 03:10:24 +0000
ROA not before:           Wed 31 May 2023 03:10:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:6f:c9:04:61:1c:5f:f8:d2:86:bf:24:cb:2a:30:91:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 31 03:10:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d647859ef758be9fd1fbddaa417fbe19af3c6d54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:dc:b0:34:99:ef:f6:5d:72:de:14:f9:21:55:
                    bc:b2:02:94:dc:c1:d1:5c:41:fc:e5:e4:84:c5:d3:
                    b4:83:fd:f9:cc:65:1a:1b:33:37:68:39:fd:b4:e0:
                    ab:94:d8:c1:5d:07:7a:07:b0:a6:bf:36:4c:b4:10:
                    c8:e0:6e:eb:25:b0:fe:fb:93:56:a7:02:ea:af:10:
                    78:13:8d:e4:ee:e0:c5:bf:bb:47:36:6f:fc:dd:cc:
                    61:e1:68:31:c6:7b:b2:20:16:1a:97:1e:e2:e4:67:
                    62:dc:bf:ed:f6:b6:d4:9b:c9:b3:37:53:05:b3:ee:
                    3a:3a:d4:1e:9a:ec:c4:a6:24:ea:78:ed:bb:8d:a9:
                    c1:6e:73:ec:6d:20:e0:63:8d:52:73:8d:71:c6:07:
                    02:b1:7d:cd:33:7a:b3:22:6c:eb:3d:c4:c9:24:8c:
                    97:66:65:9d:bb:cb:7a:59:f5:8a:35:86:f9:5b:20:
                    4c:45:03:24:00:f6:3c:8f:6e:be:3b:f6:1d:c8:40:
                    dc:c8:99:8b:c3:96:36:67:f3:23:9a:ed:aa:56:6f:
                    4b:fa:16:3b:0f:13:79:1c:2f:af:fa:0f:42:b8:f3:
                    5d:e1:38:4e:01:08:6b:fb:a8:3a:01:81:34:74:fc:
                    f1:c0:57:2e:b8:3c:de:f4:e5:34:b0:59:70:42:c7:
                    17:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:47:85:9E:F7:58:BE:9F:D1:FB:DD:AA:41:7F:BE:19:AF:3C:6D:54
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1keFnvdYvp_R-92qQX--Ga88bVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         9b:6f:28:be:26:b4:f7:39:14:a2:e1:e3:53:35:80:aa:98:26:
         8b:01:37:cf:f7:40:c2:1e:94:ef:e6:da:24:29:0a:93:91:9e:
         7a:5e:b1:13:93:0d:a1:f8:a8:f5:5d:22:c3:32:e8:e0:17:90:
         44:41:f9:e1:51:3c:68:f8:48:d5:55:cf:fc:c5:a5:1b:9e:89:
         f1:23:b4:b4:14:d1:80:fc:29:3e:d4:4e:52:e3:c4:a1:bc:57:
         55:df:20:ed:b3:ca:c7:75:65:76:2f:15:4c:04:60:5a:9f:a6:
         a0:85:63:ea:92:87:ed:76:01:fb:48:97:7d:47:29:e5:a5:ef:
         ae:51:ac:28:33:cb:15:5c:3f:ed:ff:dd:73:33:81:e5:7a:01:
         1a:68:d5:f3:df:5f:13:19:0c:66:52:10:92:91:f9:24:90:b6:
         6d:1c:14:e9:25:1f:04:86:6a:97:18:50:e5:63:da:30:b7:71:
         36:f1:ba:ac:b8:6a:9f:55:53:07:1f:4c:63:2f:55:14:a1:d3:
         1c:58:45:55:fb:81:c2:c2:b5:93:ef:21:66:b0:e7:e3:c6:82:
         51:4f:4f:26:94:09:6f:47:ef:5a:0f:94:ae:c7:f6:23:8d:70:
         c1:6b:b0:8d:c3:78:b3:9f:7d:20:ed:f5:05:12:0e:a7:1a:4e:
         0e:ca:00:0c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhvyQRhHF/40oa/JMsqMJHbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTMxMDMxMDI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjQ3ODU5ZWY3NThiZTlmZDFmYmRkYWE0MTdmYmUxOWFmM2M2ZDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNywNJnv9l1y3hT5IVW8sgKU3MHR
XEH85eSExdO0g/35zGUaGzM3aDn9tOCrlNjBXQd6B7CmvzZMtBDI4G7rJbD++5NW
pwLqrxB4E43k7uDFv7tHNm/83cxh4WgxxnuyIBYalx7i5Gdi3L/t9rbUm8mzN1MF
s+46OtQemuzEpiTqeO27janBbnPsbSDgY41Sc41xxgcCsX3NM3qzImzrPcTJJIyX
ZmWdu8t6WfWKNYb5WyBMRQMkAPY8j26+O/YdyEDcyJmLw5Y2Z/Mjmu2qVm9L+hY7
DxN5HC+v+g9CuPNd4ThOAQhr+6g6AYE0dPzxwFcuuDze9OU0sFlwQscXOQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNZHhZ73WL6f0fvdqkF/vhmvPG1UMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMWtlRm52ZFl2cF9SLTkycVFYLS1HYTg4YlZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJtvKL4mtPc5FKLh41M1
gKqYJosBN8/3QMIelO/m2iQpCpORnnpesROTDaH4qPVdIsMy6OAXkERB+eFRPGj4
SNVVz/zFpRueifEjtLQU0YD8KT7UTlLjxKG8V1XfIO2zysd1ZXYvFUwEYFqfpqCF
Y+qSh+12AftIl31HKeWl765RrCgzyxVcP+3/3XMzgeV6ARpo1fPfXxMZDGZSEJKR
+SSQtm0cFOklHwSGapcYUOVj2jC3cTbxuqy4ap9VUwcfTGMvVRSh0xxYRVX7gcLC
tZPvIWaw5+PGglFPTyaUCW9H71oPlK7H9iONcMFrsI3DeLOffSDt9QUSDqcaTg7K
AAw=
-----END CERTIFICATE-----