Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3ontIcE5GzbtDG7k6vKaWBJHp8M.roa
File:                     3ontIcE5GzbtDG7k6vKaWBJHp8M.roa (raw, json)
Hash identifier:          RMawL6qTADFY2uwXkGhiFUtPi04/buNYUx0KNEnllbs=
Subject key identifier:   DE:89:ED:21:C1:39:1B:36:ED:0C:6E:E4:EA:F2:9A:58:12:47:A7:C3
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018947AB3E5635EAD008E2C47F401FE93584
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3ontIcE5GzbtDG7k6vKaWBJHp8M.roa
Signing time:             Wed 12 Jul 2023 01:15:52 +0000
ROA not before:           Wed 12 Jul 2023 01:15:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:47:ab:3e:56:35:ea:d0:08:e2:c4:7f:40:1f:e9:35:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 12 01:15:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=de89ed21c1391b36ed0c6ee4eaf29a581247a7c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:3e:53:75:34:0e:0c:6a:05:81:74:8c:dc:2a:
                    7c:27:32:16:86:22:eb:18:01:12:c8:2c:47:28:30:
                    de:7b:58:a7:2c:64:82:30:2c:4a:17:06:09:80:dc:
                    34:f0:5b:d7:c0:da:41:30:0b:6c:b7:07:b8:1a:01:
                    8a:72:33:13:8a:03:02:0c:65:f3:55:b2:20:ea:1d:
                    e7:60:1c:b4:f4:d2:e7:13:48:c3:1f:43:15:d6:03:
                    08:d5:39:b4:dd:2d:12:f6:5e:52:ba:90:87:e2:3a:
                    21:76:3f:09:90:00:d2:c7:cd:44:35:f6:1d:30:f8:
                    1c:6f:5e:22:82:c5:9d:47:33:fa:79:43:f5:75:5f:
                    e6:54:b7:45:dc:f0:95:16:1f:8c:f4:cf:44:44:c4:
                    f4:01:e1:50:a7:48:40:e7:69:ae:3d:5d:74:2b:4c:
                    61:13:26:55:e8:86:34:ce:b6:c3:31:53:f6:f9:69:
                    20:1d:ff:53:a3:39:22:b5:05:a0:b0:1e:8d:ff:dc:
                    43:bd:3e:c4:da:d8:7e:f1:95:b0:a1:b1:b9:e0:31:
                    0f:a2:93:5a:0a:24:aa:17:c0:ff:8c:a1:47:3b:14:
                    74:9f:0f:ed:6b:a9:7b:fa:99:90:f5:ed:15:76:e9:
                    1e:ad:a6:14:98:a6:76:0a:a2:38:d3:a7:c3:5f:5c:
                    d8:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:89:ED:21:C1:39:1B:36:ED:0C:6E:E4:EA:F2:9A:58:12:47:A7:C3
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3ontIcE5GzbtDG7k6vKaWBJHp8M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         78:13:48:47:dd:42:b4:d4:42:2d:78:15:64:6b:f3:95:a7:ba:
         33:fd:67:02:cc:e4:3c:3e:c1:d4:32:08:79:9b:a0:12:df:6e:
         8e:4c:86:2d:2c:00:90:34:44:3b:dd:87:b1:76:63:65:a5:42:
         0e:8f:9b:46:0e:1c:e5:a1:9b:5d:0c:c2:eb:ad:87:89:e4:42:
         0e:e9:70:89:5b:60:b6:46:20:e0:de:22:d6:f5:48:9b:02:65:
         67:f8:9b:90:df:e1:9e:2b:83:7d:b6:73:a6:ea:b6:87:76:73:
         a7:e7:e7:9b:0e:dd:dc:b5:1c:2d:16:e1:d2:03:3a:5e:20:3f:
         8e:d1:a7:22:8f:2a:6e:3a:c8:fe:7f:62:ea:b7:91:e9:71:c3:
         df:b5:4d:b7:be:5f:a8:59:08:d7:5d:78:73:fe:60:db:4c:c0:
         37:df:f1:7d:6d:90:48:bc:11:71:72:cd:df:3a:0d:16:62:1c:
         33:aa:6f:ad:89:6c:cb:c8:15:13:1e:46:89:30:05:bf:f7:64:
         cc:5d:8a:82:8b:06:16:a7:5e:77:d1:a5:29:b2:58:f3:a0:b7:
         84:02:56:59:28:11:b9:1d:61:bd:05:c4:f1:32:0d:f1:1b:53:
         3d:25:8f:2c:89:b2:2f:13:c9:7b:dc:81:d8:e4:a6:58:6f:0f:
         fd:5b:89:e2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlHqz5WNerQCOLEf0Af6TWEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzEyMDExNTUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTg5ZWQyMWMxMzkxYjM2ZWQwYzZlZTRlYWYyOWE1ODEyNDdhN2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApD5TdTQODGoFgXSM3Cp8JzIWhiLr
GAESyCxHKDDee1inLGSCMCxKFwYJgNw08FvXwNpBMAtstwe4GgGKcjMTigMCDGXz
VbIg6h3nYBy09NLnE0jDH0MV1gMI1Tm03S0S9l5SupCH4johdj8JkADSx81ENfYd
MPgcb14igsWdRzP6eUP1dV/mVLdF3PCVFh+M9M9ERMT0AeFQp0hA52muPV10K0xh
EyZV6IY0zrbDMVP2+WkgHf9TozkitQWgsB6N/9xDvT7E2th+8ZWwobG54DEPopNa
CiSqF8D/jKFHOxR0nw/ta6l7+pmQ9e0VdukeraYUmKZ2CqI406fDX1zYEQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFN6J7SHBORs27Qxu5OrymlgSR6fDMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvM29udEljRTVHemJ0REc3azZ2S2FXQkpIcDhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHgTSEfdQrTUQi14FWRr
85WnujP9ZwLM5Dw+wdQyCHmboBLfbo5Mhi0sAJA0RDvdh7F2Y2WlQg6Pm0YOHOWh
m10Mwuuth4nkQg7pcIlbYLZGIODeItb1SJsCZWf4m5Df4Z4rg322c6bqtod2c6fn
55sO3dy1HC0W4dIDOl4gP47RpyKPKm46yP5/Yuq3kelxw9+1Tbe+X6hZCNddeHP+
YNtMwDff8X1tkEi8EXFyzd86DRZiHDOqb62JbMvIFRMeRokwBb/3ZMxdioKLBhan
XnfRpSmyWPOgt4QCVlkoEbkdYb0FxPEyDfEbUz0ljyyJsi8TyXvcgdjkplhvD/1b
ieI=
-----END CERTIFICATE-----