Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2xQfM_Ouh-LL-enqsz_5qCUJL7M.roa
File:                     2xQfM_Ouh-LL-enqsz_5qCUJL7M.roa (raw, json)
Hash identifier:          //Z8FiJ6NBU7ubYisMjdNnay9Y20kJ4eXhoAQlTl/ok=
Subject key identifier:   DB:14:1F:33:F3:AE:87:E2:CB:F9:E9:EA:B3:3F:F9:A8:25:09:2F:B3
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01896C5B424259E8C8742C5B854FF67E5702
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2xQfM_Ouh-LL-enqsz_5qCUJL7M.roa
Signing time:             Wed 19 Jul 2023 04:14:27 +0000
ROA not before:           Wed 19 Jul 2023 04:14:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:6c:5b:42:42:59:e8:c8:74:2c:5b:85:4f:f6:7e:57:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 19 04:14:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=db141f33f3ae87e2cbf9e9eab33ff9a825092fb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:42:ca:fb:02:1b:6c:5c:c7:a7:1d:5e:87:e0:
                    65:ce:8c:4d:8f:e8:a0:70:94:db:5a:e0:02:d9:ad:
                    28:5a:eb:51:90:b2:2b:10:e4:1d:43:d1:9a:4c:c6:
                    68:87:9b:9e:06:12:fc:a5:9e:45:f4:e9:3a:84:60:
                    dc:2c:a6:23:ea:34:e1:a3:98:49:8f:69:97:51:74:
                    de:8e:82:d7:dc:ac:85:95:13:63:c3:ae:a1:e4:e8:
                    42:55:98:62:99:1f:74:e8:2b:f0:f9:5e:ed:38:31:
                    d1:b6:5f:36:fd:a9:ca:3f:06:cd:5e:22:92:ad:83:
                    2e:59:75:f2:2e:ed:8c:c5:eb:45:4f:c6:fd:58:6f:
                    86:55:9d:41:69:12:50:80:6c:65:b6:ec:ec:f8:df:
                    23:5e:61:ec:81:b9:0f:0e:ab:38:f6:eb:aa:70:22:
                    b9:6d:ee:e0:6f:d8:da:ae:32:bf:4b:e4:5e:76:92:
                    df:36:65:55:7b:92:77:07:ae:d4:0d:18:2f:dd:71:
                    fd:72:4a:1f:81:65:fe:42:2b:3d:6c:ae:2a:02:7d:
                    96:c5:91:b6:5c:d2:a2:0c:70:70:a5:9c:6f:96:7e:
                    a9:90:35:47:b3:2a:82:7b:42:69:7d:1f:b8:93:27:
                    16:34:ae:a2:42:b6:ee:9a:b8:24:8c:98:4c:2b:92:
                    e7:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:14:1F:33:F3:AE:87:E2:CB:F9:E9:EA:B3:3F:F9:A8:25:09:2F:B3
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2xQfM_Ouh-LL-enqsz_5qCUJL7M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         9b:be:c4:f1:d9:61:45:1a:33:78:c4:97:44:92:95:01:1b:b2:
         4b:78:48:07:ec:bd:9b:e9:32:ff:a1:4a:3c:7e:a5:3d:79:75:
         3f:d5:7e:05:56:e1:8d:da:50:c9:4a:f2:73:57:49:fe:5b:13:
         99:0a:8f:ca:eb:d8:9f:f1:e0:5b:04:8b:4c:0d:70:a2:ca:71:
         01:94:c0:01:cf:d6:cc:6d:41:7c:8d:d6:aa:48:6c:76:65:0e:
         52:62:64:f1:6f:23:20:57:77:19:e0:3d:51:a0:19:ce:a4:b6:
         13:51:cd:82:9c:b8:f8:17:54:66:59:ea:3c:75:cc:46:f4:ce:
         f5:37:90:31:73:2a:56:42:69:fc:40:ee:40:d5:ba:0f:29:24:
         9c:8c:08:64:63:ce:32:d8:df:f7:bc:c9:e7:e9:5e:ec:a9:d0:
         2d:46:44:28:aa:75:17:0b:fa:7d:72:b7:98:a2:ea:81:35:37:
         b1:59:b5:ae:6b:12:22:a8:7f:85:c2:9f:b8:03:af:75:7c:07:
         25:7d:67:af:60:75:9a:24:df:b1:5c:94:2c:b7:c2:72:71:09:
         fb:33:80:c3:92:fe:00:48:17:5a:02:22:a9:c9:27:0d:c9:ae:
         10:50:9b:a2:7f:e4:55:c8:32:66:76:4c:3d:61:9f:89:77:49:
         8b:80:98:18
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlsW0JCWejIdCxbhU/2flcCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzE5MDQxNDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjE0MWYzM2YzYWU4N2UyY2JmOWU5ZWFiMzNmZjlhODI1MDkyZmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvELK+wIbbFzHpx1eh+BlzoxNj+ig
cJTbWuAC2a0oWutRkLIrEOQdQ9GaTMZoh5ueBhL8pZ5F9Ok6hGDcLKYj6jTho5hJ
j2mXUXTejoLX3KyFlRNjw66h5OhCVZhimR906Cvw+V7tODHRtl82/anKPwbNXiKS
rYMuWXXyLu2MxetFT8b9WG+GVZ1BaRJQgGxltuzs+N8jXmHsgbkPDqs49uuqcCK5
be7gb9jarjK/S+RedpLfNmVVe5J3B67UDRgv3XH9ckofgWX+Qis9bK4qAn2WxZG2
XNKiDHBwpZxvln6pkDVHsyqCe0JpfR+4kycWNK6iQrbumrgkjJhMK5LngQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNsUHzPzrofiy/np6rM/+aglCS+zMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMnhRZk1fT3VoLUxMLWVucXN6XzVxQ1VKTDdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJu+xPHZYUUaM3jEl0SS
lQEbskt4SAfsvZvpMv+hSjx+pT15dT/VfgVW4Y3aUMlK8nNXSf5bE5kKj8rr2J/x
4FsEi0wNcKLKcQGUwAHP1sxtQXyN1qpIbHZlDlJiZPFvIyBXdxngPVGgGc6kthNR
zYKcuPgXVGZZ6jx1zEb0zvU3kDFzKlZCafxA7kDVug8pJJyMCGRjzjLY3/e8yefp
Xuyp0C1GRCiqdRcL+n1yt5ii6oE1N7FZta5rEiKof4XCn7gDr3V8ByV9Z69gdZok
37FclCy3wnJxCfszgMOS/gBIF1oCIqnJJw3JrhBQm6J/5FXIMmZ2TD1hn4l3SYuA
mBg=
-----END CERTIFICATE-----