Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/4fjFXepQqJLoNs1CR1ZCTAc-iKc.roa
File:                     4fjFXepQqJLoNs1CR1ZCTAc-iKc.roa (raw, json)
Hash identifier:          BqnrTMaNK6VqDJnlS+8hLM1ZiglJvgSLCcYIB4s8qxQ=
Subject key identifier:   E1:F8:C5:5D:EA:50:A8:92:E8:36:CD:42:47:56:42:4C:07:3E:88:A7
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018868457E46B8DAE5D5485664A70134376F
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/4fjFXepQqJLoNs1CR1ZCTAc-iKc.roa
Signing time:             Mon 29 May 2023 16:09:24 +0000
ROA not before:           Mon 29 May 2023 16:09:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:68:45:7e:46:b8:da:e5:d5:48:56:64:a7:01:34:37:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 29 16:09:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e1f8c55dea50a892e836cd424756424c073e88a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:32:20:d8:46:da:66:59:7e:77:fd:82:cc:bd:
                    aa:45:96:f2:4e:95:cd:13:e1:ac:50:e9:6b:3b:d9:
                    78:cd:69:e2:a2:0e:62:e4:35:ab:81:98:a1:96:ad:
                    87:a1:1c:27:1d:68:29:0a:0f:e0:ac:b8:8e:55:68:
                    6a:d4:5d:40:b6:fe:3e:15:f4:a0:20:36:4f:38:d7:
                    0e:a5:32:fd:f6:98:06:e0:40:94:17:ac:ff:68:79:
                    c9:07:40:e2:0a:ec:f1:16:cc:5b:ad:c7:7d:27:fa:
                    9c:38:79:68:f4:ab:d8:51:aa:ec:b8:a1:de:4c:67:
                    ed:b2:bb:58:6a:2b:57:c7:39:12:a7:a6:ea:2a:a9:
                    41:05:45:5a:77:4c:e9:d8:dc:d2:25:9a:d1:90:e8:
                    7f:58:80:3a:ed:ad:b1:62:2d:fd:f7:1b:3c:6d:f1:
                    30:ce:41:ea:12:d0:cd:cc:bb:cc:5a:1a:b1:4d:cf:
                    a5:11:03:25:5e:42:f7:5a:e5:7c:7a:13:ec:00:ca:
                    b1:31:65:b1:0d:c7:b2:52:87:99:9e:b3:c5:08:f8:
                    bd:b9:89:1a:83:9d:bf:b6:36:e8:cf:d7:aa:63:8a:
                    5d:40:c8:8e:e5:23:d9:49:a4:ff:8a:37:a5:2e:ba:
                    f9:e9:ae:7a:e6:c5:21:fe:f9:4f:d8:fc:c8:f5:73:
                    85:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:F8:C5:5D:EA:50:A8:92:E8:36:CD:42:47:56:42:4C:07:3E:88:A7
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/4fjFXepQqJLoNs1CR1ZCTAc-iKc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2b:dd:35:0f:8f:e3:27:4b:ad:42:af:41:05:4c:67:34:9f:21:
         c4:88:96:a8:ea:a1:33:dd:88:e2:55:64:a6:f7:ad:13:1d:21:
         d0:94:29:8e:93:f5:4d:84:10:5a:61:2c:9e:a3:e5:f7:c5:da:
         07:44:80:83:62:ab:f5:7c:f9:6e:ec:4a:96:51:5f:0b:6c:53:
         7e:f4:23:ec:29:77:85:b4:e5:48:c8:86:ad:1c:1d:b6:cc:92:
         4e:75:00:64:26:65:29:cb:9d:93:29:92:11:7c:4a:9b:11:b6:
         06:b6:ff:8d:ad:92:6f:78:06:2e:53:11:d9:c3:8a:1a:da:15:
         fb:c4:67:e5:6e:3d:27:ac:99:a3:b8:21:ce:e1:1f:5c:2b:01:
         13:2f:8c:eb:73:a6:69:01:eb:23:86:d8:31:1c:a3:2c:dd:f4:
         83:4d:fd:8b:77:1d:ee:3e:c2:df:71:dd:c5:53:13:7c:45:4e:
         fa:fb:dd:17:1e:7e:45:83:67:5c:b1:42:fb:97:23:62:e8:17:
         35:41:de:34:42:25:1c:f5:21:5e:19:a9:7d:66:ed:c6:22:af:
         f7:1f:63:06:87:9b:94:1e:a0:02:c8:96:c8:33:a7:63:66:68:
         b4:51:bb:4e:ae:f3:5d:33:14:a5:ec:66:29:af:96:85:30:af:
         1a:b7:0c:33
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhoRX5GuNrl1UhWZKcBNDdvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTI5MTYwOTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWY4YzU1ZGVhNTBhODkyZTgzNmNkNDI0NzU2NDI0YzA3M2U4OGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujIg2EbaZll+d/2CzL2qRZbyTpXN
E+GsUOlrO9l4zWniog5i5DWrgZihlq2HoRwnHWgpCg/grLiOVWhq1F1Atv4+FfSg
IDZPONcOpTL99pgG4ECUF6z/aHnJB0DiCuzxFsxbrcd9J/qcOHlo9KvYUarsuKHe
TGftsrtYaitXxzkSp6bqKqlBBUVad0zp2NzSJZrRkOh/WIA67a2xYi399xs8bfEw
zkHqEtDNzLvMWhqxTc+lEQMlXkL3WuV8ehPsAMqxMWWxDceyUoeZnrPFCPi9uYka
g52/tjboz9eqY4pdQMiO5SPZSaT/ijelLrr56a565sUh/vlP2PzI9XOFUQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOH4xV3qUKiS6DbNQkdWQkwHPoinMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNGZqRlhlcFFxSkxvTnMxQ1IxWkNUQWMtaUtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACvdNQ+P4ydLrUKvQQVM
ZzSfIcSIlqjqoTPdiOJVZKb3rRMdIdCUKY6T9U2EEFphLJ6j5ffF2gdEgINiq/V8
+W7sSpZRXwtsU370I+wpd4W05UjIhq0cHbbMkk51AGQmZSnLnZMpkhF8SpsRtga2
/42tkm94Bi5TEdnDihraFfvEZ+VuPSesmaO4Ic7hH1wrARMvjOtzpmkB6yOG2DEc
oyzd9INN/Yt3He4+wt9x3cVTE3xFTvr73RcefkWDZ1yxQvuXI2LoFzVB3jRCJRz1
IV4ZqX1m7cYir/cfYwaHm5QeoALIlsgzp2NmaLRRu06u810zFKXsZimvloUwrxq3
DDM=
-----END CERTIFICATE-----