Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3XH5Hw_DIWRbHPF-dWq5WmMwghk.roa
File:                     3XH5Hw_DIWRbHPF-dWq5WmMwghk.roa (raw, json)
Hash identifier:          PlofW/E10BxWmix6wNjmGopQ8STbl7dg4zZZx+xeBZg=
Subject key identifier:   DD:71:F9:1F:0F:C3:21:64:5B:1C:F1:7E:75:6A:B9:5A:63:30:82:19
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188C076137E96E62F4D9586C22D69200FA3
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3XH5Hw_DIWRbHPF-dWq5WmMwghk.roa
Signing time:             Thu 15 Jun 2023 19:09:03 +0000
ROA not before:           Thu 15 Jun 2023 19:09:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:c0:76:13:7e:96:e6:2f:4d:95:86:c2:2d:69:20:0f:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 15 19:09:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dd71f91f0fc321645b1cf17e756ab95a63308219
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:2c:bf:ec:48:a4:a6:b4:0f:4e:6a:22:e1:1a:
                    09:d9:cc:ef:14:5a:74:83:63:70:97:c8:d1:f2:b3:
                    0c:88:57:98:43:4b:ba:01:1b:2b:52:76:e2:1f:1c:
                    92:c7:a3:d5:d2:81:c2:5c:ac:51:a0:f8:34:04:fb:
                    55:98:74:b8:4f:62:dc:05:27:aa:7a:90:2f:28:a2:
                    76:95:24:0b:fc:f9:3a:63:b0:c7:ea:8f:dd:79:ec:
                    67:dd:bc:91:20:99:7c:80:a9:2d:cd:a0:a2:e6:30:
                    06:9e:37:bb:30:d3:e8:b2:ac:20:23:60:f4:a6:14:
                    ce:4e:57:b6:d9:be:46:10:ed:1a:73:25:c6:4d:89:
                    30:50:1a:c6:38:0c:36:49:1b:50:79:72:3b:2f:cc:
                    da:dd:6a:a2:7d:e1:1e:1a:a9:26:56:8d:25:e1:0a:
                    20:44:5f:b8:fd:39:c2:9b:3b:8d:c8:75:06:32:3e:
                    57:9f:b6:fa:67:76:9c:4f:d5:3e:63:db:1f:5c:da:
                    9e:33:cd:f7:e2:99:17:0b:69:db:00:43:a9:cf:22:
                    30:02:f5:2d:31:9c:75:94:da:f6:54:5f:47:09:fd:
                    9d:c8:e4:0f:a3:53:56:fb:a1:16:b3:97:5c:07:64:
                    1b:e3:57:74:23:40:61:15:c1:f1:6b:63:09:4e:7c:
                    1d:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:71:F9:1F:0F:C3:21:64:5B:1C:F1:7E:75:6A:B9:5A:63:30:82:19
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3XH5Hw_DIWRbHPF-dWq5WmMwghk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:da:0e:79:1f:c2:de:9d:ec:4d:29:74:fc:6f:85:a7:76:a3:
         ee:18:a0:28:f5:c6:07:99:f0:85:57:1c:f5:28:a3:a7:26:d1:
         44:73:df:90:66:9e:bc:33:07:7a:b0:87:95:4e:0b:a1:f0:10:
         ed:1b:66:90:e6:61:15:83:3e:a0:46:60:30:ed:9e:7f:bd:48:
         85:7f:f3:c1:66:8a:7e:d3:ea:2e:ad:51:9c:aa:e5:b3:ec:ea:
         ec:b5:d6:fe:c2:ed:72:25:40:f5:59:a9:91:96:13:a5:4b:e1:
         09:06:92:79:04:48:50:79:f3:78:ff:79:bc:95:51:74:85:da:
         c3:67:0b:36:42:c4:23:19:b5:69:7c:c6:e3:ca:39:47:5d:82:
         93:73:1b:f3:b6:5d:5e:c2:48:69:75:95:86:0e:c7:34:a2:a3:
         29:c8:84:31:c5:ce:e2:dc:4f:76:9e:9f:db:3a:87:66:a4:15:
         c5:b1:8f:35:f2:12:2e:9a:97:07:01:cd:e7:62:47:1a:32:85:
         3f:49:7f:39:66:ab:85:96:5a:2d:2b:99:da:01:10:ed:4b:de:
         49:19:bd:99:7a:f0:ae:81:25:da:29:fd:6b:21:82:59:a5:f6:
         62:7a:ce:27:1d:8c:1f:a1:a2:e5:24:ab:28:62:ea:f1:5e:9a:
         d1:7c:26:70
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYjAdhN+luYvTZWGwi1pIA+jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjE1MTkwOTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDcxZjkxZjBmYzMyMTY0NWIxY2YxN2U3NTZhYjk1YTYzMzA4MjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqCy/7EikprQPTmoi4RoJ2czvFFp0
g2Nwl8jR8rMMiFeYQ0u6ARsrUnbiHxySx6PV0oHCXKxRoPg0BPtVmHS4T2LcBSeq
epAvKKJ2lSQL/Pk6Y7DH6o/deexn3byRIJl8gKktzaCi5jAGnje7MNPosqwgI2D0
phTOTle22b5GEO0acyXGTYkwUBrGOAw2SRtQeXI7L8za3WqifeEeGqkmVo0l4Qog
RF+4/TnCmzuNyHUGMj5Xn7b6Z3acT9U+Y9sfXNqeM8334pkXC2nbAEOpzyIwAvUt
MZx1lNr2VF9HCf2dyOQPo1NW+6EWs5dcB2Qb41d0I0BhFcHxa2MJTnwdWwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFN1x+R8PwyFkWxzxfnVquVpjMIIZMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvM1hINUh3X0RJV1JiSFBGLWRXcTVXbU13Z2hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFbaDnkfwt6d7E0pdPxv
had2o+4YoCj1xgeZ8IVXHPUoo6cm0URz35BmnrwzB3qwh5VOC6HwEO0bZpDmYRWD
PqBGYDDtnn+9SIV/88Fmin7T6i6tUZyq5bPs6uy11v7C7XIlQPVZqZGWE6VL4QkG
knkESFB583j/ebyVUXSF2sNnCzZCxCMZtWl8xuPKOUddgpNzG/O2XV7CSGl1lYYO
xzSioynIhDHFzuLcT3aen9s6h2akFcWxjzXyEi6alwcBzediRxoyhT9Jfzlmq4WW
Wi0rmdoBEO1L3kkZvZl68K6BJdop/Wshglml9mJ6zicdjB+houUkqyhi6vFemtF8
JnA=
-----END CERTIFICATE-----