Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/29O9c8LcpcOiQkIHDUaMkHslsms.roa
File:                     29O9c8LcpcOiQkIHDUaMkHslsms.roa (raw, json)
Hash identifier:          urChMwQlXd57DjUwpeHrzk9H4dxTjtX2zCY5F3gN9D4=
Subject key identifier:   DB:D3:BD:73:C2:DC:A5:C3:A2:42:42:07:0D:46:8C:90:7B:25:B2:6B
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018965E9D911C6B89F9E0445A21764A4D0F0
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/29O9c8LcpcOiQkIHDUaMkHslsms.roa
Signing time:             Mon 17 Jul 2023 22:12:51 +0000
ROA not before:           Mon 17 Jul 2023 22:12:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:65:e9:d9:11:c6:b8:9f:9e:04:45:a2:17:64:a4:d0:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 17 22:12:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dbd3bd73c2dca5c3a24242070d468c907b25b26b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:9c:ea:13:62:0c:66:0d:fc:90:93:95:1a:2c:
                    62:1c:40:f9:86:51:03:ff:97:55:13:51:3f:94:35:
                    b5:06:01:56:df:66:70:33:21:b6:5f:7e:ab:fd:85:
                    2b:bc:d1:6e:47:13:e8:da:1a:73:10:90:b9:52:19:
                    15:e1:c0:73:32:ad:d8:86:fd:6e:35:61:ce:f9:07:
                    ff:ed:5f:5d:b0:2c:0e:2e:72:04:50:a5:ea:c8:35:
                    ef:33:0a:d3:a2:0f:28:ab:c0:ac:46:ac:92:4c:4a:
                    5a:d0:a4:10:0b:50:84:e1:f1:20:e5:23:89:1e:8e:
                    5a:75:89:47:4f:7e:81:96:d5:b3:ec:06:57:9e:a5:
                    08:41:5f:ca:d7:6a:4e:89:e5:bb:da:dd:ea:de:f9:
                    19:a2:a4:ac:33:d3:a3:dd:42:ff:ac:b4:d7:ea:f0:
                    9b:9f:08:f3:37:3a:54:b1:f9:55:8b:2a:1d:9c:43:
                    8c:ea:aa:cc:56:be:5f:f5:44:7f:9b:3e:74:12:74:
                    17:d8:2f:5d:8c:87:60:26:68:43:72:cd:9b:c7:b0:
                    14:c3:d4:84:c9:b5:2f:a3:6a:0a:24:41:ef:79:cd:
                    d8:08:36:bc:f6:37:00:be:bb:8b:b8:2a:de:7a:6d:
                    57:b5:a9:f6:f9:ee:64:78:88:e6:29:2b:0a:1b:2c:
                    46:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:D3:BD:73:C2:DC:A5:C3:A2:42:42:07:0D:46:8C:90:7B:25:B2:6B
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/29O9c8LcpcOiQkIHDUaMkHslsms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:db:c4:94:c6:5d:41:f9:3f:86:17:79:10:45:fc:bc:f5:21:
         9c:6a:d0:a6:db:3a:69:2a:ca:34:72:d0:3f:02:37:a4:c0:3a:
         75:8e:e4:ce:74:39:0b:77:01:6b:3f:13:fc:74:b2:f3:02:a8:
         ee:10:82:0c:97:a0:ce:cf:45:c5:a6:3e:92:bd:62:70:fe:09:
         4f:22:17:25:fe:4b:84:af:9a:46:ad:79:a4:f8:e3:71:80:08:
         1f:e4:a0:42:8d:a4:21:65:8b:80:1a:e2:0d:9c:5f:36:25:c9:
         77:84:04:3c:df:47:ca:39:10:88:4f:87:67:70:9d:71:09:f8:
         94:35:fa:bb:de:6b:18:0b:37:26:b3:9a:1c:48:7e:3a:44:7d:
         0c:46:b3:50:ff:ed:ce:cc:e2:a5:33:ee:d8:a1:09:e8:41:57:
         18:c6:c2:a7:41:f3:f2:e6:60:a9:36:b9:cf:f2:01:c8:09:aa:
         39:9f:ae:39:f3:ab:03:ce:04:3d:14:23:af:79:1b:cc:7f:c2:
         93:92:01:7a:5a:96:79:5d:cc:e9:d0:97:56:61:e6:cd:05:fe:
         bc:df:fe:60:ce:1b:85:92:8d:f0:0a:f5:23:f0:45:61:16:51:
         44:45:a2:01:46:7a:ff:27:66:9a:c7:8d:80:9d:36:78:16:60:
         90:cb:90:a5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYll6dkRxrifngRFohdkpNDwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzE3MjIxMjUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmQzYmQ3M2MyZGNhNWMzYTI0MjQyMDcwZDQ2OGM5MDdiMjViMjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6JzqE2IMZg38kJOVGixiHED5hlED
/5dVE1E/lDW1BgFW32ZwMyG2X36r/YUrvNFuRxPo2hpzEJC5UhkV4cBzMq3Yhv1u
NWHO+Qf/7V9dsCwOLnIEUKXqyDXvMwrTog8oq8CsRqySTEpa0KQQC1CE4fEg5SOJ
Ho5adYlHT36BltWz7AZXnqUIQV/K12pOieW72t3q3vkZoqSsM9Oj3UL/rLTX6vCb
nwjzNzpUsflViyodnEOM6qrMVr5f9UR/mz50EnQX2C9djIdgJmhDcs2bx7AUw9SE
ybUvo2oKJEHvec3YCDa89jcAvruLuCreem1Xtan2+e5keIjmKSsKGyxGrwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNvTvXPC3KXDokJCBw1GjJB7JbJrMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMjlPOWM4TGNwY09pUWtJSERVYU1rSHNsc21zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABjbxJTGXUH5P4YXeRBF
/Lz1IZxq0KbbOmkqyjRy0D8CN6TAOnWO5M50OQt3AWs/E/x0svMCqO4QggyXoM7P
RcWmPpK9YnD+CU8iFyX+S4SvmkateaT443GACB/koEKNpCFli4Aa4g2cXzYlyXeE
BDzfR8o5EIhPh2dwnXEJ+JQ1+rveaxgLNyazmhxIfjpEfQxGs1D/7c7M4qUz7tih
CehBVxjGwqdB8/LmYKk2uc/yAcgJqjmfrjnzqwPOBD0UI695G8x/wpOSAXpalnld
zOnQl1Zh5s0F/rzf/mDOG4WSjfAK9SPwRWEWUURFogFGev8nZprHjYCdNngWYJDL
kKU=
-----END CERTIFICATE-----