Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2RatTXwnPo6gjM770U7NhdUu1mk.roa
File:                     2RatTXwnPo6gjM770U7NhdUu1mk.roa (raw, json)
Hash identifier:          nSbqtKVcUopD4eoIugM2hTmZbx37Xa6DV4gH32Hn+gU=
Subject key identifier:   D9:16:AD:4D:7C:27:3E:8E:A0:8C:CE:FB:D1:4E:CD:85:D5:2E:D6:69
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01894A345919F8C2E5366E39F5AD31B93D11
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2RatTXwnPo6gjM770U7NhdUu1mk.roa
Signing time:             Wed 12 Jul 2023 13:04:51 +0000
ROA not before:           Wed 12 Jul 2023 13:04:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:189:4a33:c1ce/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:4a:34:59:19:f8:c2:e5:36:6e:39:f5:ad:31:b9:3d:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 12 13:04:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d916ad4d7c273e8ea08ccefbd14ecd85d52ed669
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:b5:11:a3:d2:48:61:16:f2:b3:a6:ce:82:1e:
                    bd:db:66:f4:94:63:9e:c9:72:0e:d7:02:d2:b2:19:
                    65:b4:c8:ed:b8:75:d4:3d:b8:fa:87:48:17:ac:28:
                    4d:2b:49:9a:ff:19:51:c8:fb:8b:df:c4:c0:ff:fe:
                    48:a3:85:ef:aa:77:4b:6d:69:02:1a:c7:98:20:fd:
                    19:dc:f4:f7:8f:c6:75:19:ba:5f:02:ef:f6:a3:24:
                    d6:3e:75:78:53:bb:bd:30:e6:1a:de:d2:26:68:5a:
                    79:ad:5c:5b:be:4f:c8:d4:07:38:87:63:71:23:cb:
                    45:3c:fc:a6:79:4d:03:d4:80:95:97:c8:df:87:5d:
                    35:4a:64:5f:d2:82:cd:27:43:f6:a0:7e:6a:05:6d:
                    dd:23:7f:95:15:d8:a0:14:39:b6:de:9b:43:2a:9a:
                    b8:53:78:dd:4a:00:55:b9:5a:5d:46:27:62:e3:5e:
                    e7:06:89:36:c7:57:f6:92:db:c7:2c:60:f2:27:40:
                    a4:e6:0b:80:b4:28:e4:7f:3f:96:ea:a9:19:5a:c5:
                    d6:e2:5a:76:36:5c:a8:0b:64:aa:fb:12:43:59:8d:
                    7f:38:02:28:74:3e:30:87:51:bc:7c:fe:54:f1:fc:
                    a7:37:b4:2e:c1:ab:50:bc:0d:d9:7e:44:6f:65:95:
                    1f:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:16:AD:4D:7C:27:3E:8E:A0:8C:CE:FB:D1:4E:CD:85:D5:2E:D6:69
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2RatTXwnPo6gjM770U7NhdUu1mk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         46:40:48:2a:b3:b6:80:ae:2b:61:d8:91:3d:4e:41:cc:2e:a2:
         18:bc:f3:21:7e:0f:3f:3b:7f:1b:8d:dd:7b:ad:f6:55:ab:ae:
         c7:b4:8b:cf:d7:c5:5e:39:7a:be:74:99:9f:26:a9:64:13:6f:
         84:c9:cd:21:b3:a4:3b:7b:82:58:11:b7:ea:85:f4:3c:75:92:
         f6:79:98:c1:9a:b2:be:d7:20:fa:bf:29:eb:14:97:46:ff:d2:
         3d:1e:19:48:83:60:06:4f:67:d0:f0:88:ed:f5:d2:f5:9f:2d:
         83:6d:1e:48:45:f4:2f:7d:94:74:a2:be:f8:16:75:47:13:ec:
         0b:4f:e7:56:e7:58:45:80:48:e0:55:b2:4c:aa:fc:e2:6b:b6:
         f8:d8:f8:80:cf:1b:ab:4a:d1:c7:1b:ea:3d:a2:be:f0:89:26:
         be:1e:7a:44:56:e1:2c:15:40:59:b4:83:02:f2:a9:dc:e1:df:
         a0:0c:ad:5f:20:8e:b9:5a:ff:f5:8d:db:8d:30:f8:ad:ca:aa:
         e6:d2:9e:2d:b1:61:1d:70:f9:f9:ef:99:db:7f:01:42:26:99:
         af:0d:61:92:bf:28:0b:c2:20:c1:a3:9c:95:d3:03:9f:83:a1:
         b9:da:71:68:52:59:3c:d0:3c:07:98:a8:93:1d:93:8a:71:28:
         ca:6a:4a:f4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlKNFkZ+MLlNm459a0xuT0RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzEyMTMwNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTE2YWQ0ZDdjMjczZThlYTA4Y2NlZmJkMTRlY2Q4NWQ1MmVkNjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgLURo9JIYRbys6bOgh6922b0lGOe
yXIO1wLSshlltMjtuHXUPbj6h0gXrChNK0ma/xlRyPuL38TA//5Io4XvqndLbWkC
GseYIP0Z3PT3j8Z1GbpfAu/2oyTWPnV4U7u9MOYa3tImaFp5rVxbvk/I1Ac4h2Nx
I8tFPPymeU0D1ICVl8jfh101SmRf0oLNJ0P2oH5qBW3dI3+VFdigFDm23ptDKpq4
U3jdSgBVuVpdRidi417nBok2x1f2ktvHLGDyJ0Ck5guAtCjkfz+W6qkZWsXW4lp2
NlyoC2Sq+xJDWY1/OAIodD4wh1G8fP5U8fynN7QuwatQvA3ZfkRvZZUf+wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNkWrU18Jz6OoIzO+9FOzYXVLtZpMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMlJhdFRYd25QbzZnak03NzBVN05oZFV1MW1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEZASCqztoCuK2HYkT1O
Qcwuohi88yF+Dz87fxuN3Xut9lWrrse0i8/XxV45er50mZ8mqWQTb4TJzSGzpDt7
glgRt+qF9Dx1kvZ5mMGasr7XIPq/KesUl0b/0j0eGUiDYAZPZ9DwiO310vWfLYNt
HkhF9C99lHSivvgWdUcT7AtP51bnWEWASOBVskyq/OJrtvjY+IDPG6tK0ccb6j2i
vvCJJr4eekRW4SwVQFm0gwLyqdzh36AMrV8gjrla//WN240w+K3KqubSni2xYR1w
+fnvmdt/AUImma8NYZK/KAvCIMGjnJXTA5+DobnacWhSWTzQPAeYqJMdk4pxKMpq
SvQ=
-----END CERTIFICATE-----