Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3kvvw-dZ9cCfxQgB8OLFkJBNewM.roa
File:                     3kvvw-dZ9cCfxQgB8OLFkJBNewM.roa (raw, json)
Hash identifier:          G2xjQBLdT+xFScrrsyf5CVVf2IQ9hOGyF/ufgMzlWBY=
Subject key identifier:   DE:4B:EF:C3:E7:59:F5:C0:9F:C5:08:01:F0:E2:C5:90:90:4D:7B:03
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01889D45A8F65FEE998090669CB8A1B6E180
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3kvvw-dZ9cCfxQgB8OLFkJBNewM.roa
Signing time:             Thu 08 Jun 2023 23:09:28 +0000
ROA not before:           Thu 08 Jun 2023 23:09:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:9d:45:a8:f6:5f:ee:99:80:90:66:9c:b8:a1:b6:e1:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  8 23:09:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=de4befc3e759f5c09fc50801f0e2c590904d7b03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:4c:f3:0a:99:28:53:6b:12:42:63:04:63:39:
                    15:2e:bc:f5:b5:e9:8c:54:6c:26:6d:83:9f:f1:b5:
                    05:34:f2:3d:79:eb:31:7f:ad:24:43:88:82:57:6c:
                    dd:c1:90:43:29:0f:c8:ad:03:c8:a5:0f:b4:ac:22:
                    e0:99:b0:b4:b5:db:d7:74:f4:d4:32:2f:d8:fd:83:
                    93:e7:ce:9f:a5:40:03:c8:bb:bc:49:20:93:51:52:
                    05:6a:41:ef:5b:66:a0:26:0e:26:d6:78:11:5e:5a:
                    ae:ec:17:d1:e2:ac:3d:37:e2:3d:e9:b3:4a:47:8f:
                    f6:a6:b4:ae:49:c7:64:38:64:b6:7d:4d:86:0c:42:
                    f6:50:1f:0b:51:d7:e6:8b:dc:8f:5c:c8:71:c6:38:
                    5e:f8:9e:e8:db:20:dd:7f:a0:02:10:3c:a2:2c:74:
                    6f:0e:cd:d5:54:5d:6a:c8:28:59:7b:59:ba:55:cc:
                    75:16:7f:39:f2:7c:8a:e3:86:06:42:9e:45:7c:33:
                    41:d9:e8:53:8c:10:db:8a:6b:bc:2e:4b:e5:02:73:
                    cc:30:0f:7e:8e:56:05:f3:24:65:3c:9e:82:a4:e5:
                    94:bc:4c:6a:ed:ca:ce:11:19:be:9b:f8:b6:79:d8:
                    2f:c4:6a:4c:da:c9:5e:b7:6d:8c:86:f2:0b:ba:3b:
                    11:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:4B:EF:C3:E7:59:F5:C0:9F:C5:08:01:F0:E2:C5:90:90:4D:7B:03
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3kvvw-dZ9cCfxQgB8OLFkJBNewM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:47:44:bd:b4:2e:be:8c:ee:01:7f:9e:2e:39:c7:b8:b8:ab:
         59:ff:1b:b0:ff:ee:94:47:b9:45:19:08:32:38:83:79:59:00:
         c3:d7:e4:14:6c:56:7b:97:a1:66:56:0e:ab:6e:63:5f:0c:be:
         8b:f7:57:f8:1e:53:95:9f:a1:18:f7:e4:d0:9c:e5:62:73:0e:
         26:56:4f:85:57:97:06:20:e1:5d:53:18:af:08:84:b6:40:5e:
         f2:ba:fd:95:fb:04:6b:aa:3e:29:5d:09:88:12:b4:18:a8:77:
         1b:70:c2:9d:ec:b2:a3:09:20:f0:e5:a8:49:e5:7e:b3:f2:79:
         34:f9:f2:c8:04:1e:88:d0:ee:c0:b5:0a:f4:3b:08:4a:3c:12:
         7e:32:ae:e7:48:48:60:b2:db:f8:91:dd:28:00:3e:61:52:85:
         ad:73:23:14:d0:69:00:5f:44:98:96:3a:00:77:c1:e5:0a:d1:
         46:60:76:6a:76:cb:22:83:0b:4c:18:e2:a3:36:79:60:b3:ec:
         58:24:71:1c:52:c7:67:5a:85:19:5c:52:5f:6a:bf:92:b1:b9:
         e5:24:9e:13:3e:59:ea:9f:c7:66:cc:28:7f:97:ad:c1:26:dd:
         2d:74:28:d7:20:ac:fc:c0:0f:a3:1f:4a:de:92:86:30:c7:6a:
         8d:1c:0d:30
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYidRaj2X+6ZgJBmnLihtuGAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA4MjMwOTI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTRiZWZjM2U3NTlmNWMwOWZjNTA4MDFmMGUyYzU5MDkwNGQ3YjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEzzCpkoU2sSQmMEYzkVLrz1temM
VGwmbYOf8bUFNPI9eesxf60kQ4iCV2zdwZBDKQ/IrQPIpQ+0rCLgmbC0tdvXdPTU
Mi/Y/YOT586fpUADyLu8SSCTUVIFakHvW2agJg4m1ngRXlqu7BfR4qw9N+I96bNK
R4/2prSuScdkOGS2fU2GDEL2UB8LUdfmi9yPXMhxxjhe+J7o2yDdf6ACEDyiLHRv
Ds3VVF1qyChZe1m6Vcx1Fn858nyK44YGQp5FfDNB2ehTjBDbimu8LkvlAnPMMA9+
jlYF8yRlPJ6CpOWUvExq7crOERm+m/i2edgvxGpM2slet22MhvILujsR1wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFN5L78PnWfXAn8UIAfDixZCQTXsDMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvM2t2dnctZFo5Y0NmeFFnQjhPTEZrSkJOZXdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAA9HRL20Lr6M7gF/ni45
x7i4q1n/G7D/7pRHuUUZCDI4g3lZAMPX5BRsVnuXoWZWDqtuY18Mvov3V/geU5Wf
oRj35NCc5WJzDiZWT4VXlwYg4V1TGK8IhLZAXvK6/ZX7BGuqPildCYgStBiodxtw
wp3ssqMJIPDlqEnlfrPyeTT58sgEHojQ7sC1CvQ7CEo8En4yrudISGCy2/iR3SgA
PmFSha1zIxTQaQBfRJiWOgB3weUK0UZgdmp2yyKDC0wY4qM2eWCz7FgkcRxSx2da
hRlcUl9qv5KxueUknhM+Weqfx2bMKH+XrcEm3S10KNcgrPzAD6MfSt6ShjDHao0c
DTA=
-----END CERTIFICATE-----