Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/5OpTEJKJfqEL7LgagoqSNEzWl1U.roa
File:                     5OpTEJKJfqEL7LgagoqSNEzWl1U.roa (raw, json)
Hash identifier:          XJINfp0+NyZYgvBDlozac/vd6v/ZI9DRdV4oGlfIhao=
Subject key identifier:   E4:EA:53:10:92:89:7E:A1:0B:EC:B8:1A:82:8A:92:34:4C:D6:97:55
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188D02102ED731EE6CB965DD1E5C2147A10
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/5OpTEJKJfqEL7LgagoqSNEzWl1U.roa
Signing time:             Sun 18 Jun 2023 20:10:04 +0000
ROA not before:           Sun 18 Jun 2023 20:10:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:d0:21:02:ed:73:1e:e6:cb:96:5d:d1:e5:c2:14:7a:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 18 20:10:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e4ea531092897ea10becb81a828a92344cd69755
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:f6:d9:89:9d:46:24:07:ba:95:9b:eb:4b:30:
                    02:c1:97:4c:bc:3d:c6:a6:76:8d:28:57:6a:1c:be:
                    2c:df:94:c2:22:a0:c2:6e:05:7d:07:e8:57:a6:18:
                    6c:d1:41:47:a8:ac:e0:d0:f2:84:4f:7d:7e:3d:27:
                    db:4b:c5:57:db:4c:be:05:d9:b6:a4:d3:46:25:d6:
                    7e:e2:f0:a8:09:b0:c8:97:0d:bc:41:19:15:f6:00:
                    7e:db:1f:8e:6a:09:3e:48:3e:2c:5f:58:fa:97:d0:
                    cc:89:44:6a:79:1a:b7:57:13:e6:58:df:a8:cb:59:
                    25:fe:7b:64:f7:c3:a8:00:96:35:cc:36:1f:82:19:
                    4e:93:8a:8a:8c:15:48:62:00:da:f1:40:0f:ff:6d:
                    4c:e5:97:91:42:cd:07:81:85:5a:34:d2:17:28:a5:
                    51:2d:a7:57:90:5d:3e:55:83:06:c0:b5:d1:2b:ca:
                    18:1a:96:60:12:ba:79:47:e4:6a:5c:ea:f4:68:4a:
                    f7:c0:ef:2f:97:4f:4b:f2:29:7e:0b:a2:55:6d:b7:
                    78:fe:4b:66:f3:31:8d:fb:3e:0c:8d:a3:2e:bc:dc:
                    72:73:ee:a3:6f:1f:7a:ab:21:01:4a:d7:7f:a1:92:
                    eb:1a:b9:0b:7e:fd:96:04:56:45:b6:1a:a1:02:a4:
                    d6:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:EA:53:10:92:89:7E:A1:0B:EC:B8:1A:82:8A:92:34:4C:D6:97:55
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/5OpTEJKJfqEL7LgagoqSNEzWl1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:89:64:af:90:a3:39:dc:5f:2b:33:b1:7d:a7:c9:6c:fb:a8:
         83:74:3a:9a:dc:a7:51:f5:bc:98:c1:2d:5a:30:c3:45:e8:30:
         17:06:3e:00:da:2c:c7:14:5f:df:70:c0:8a:1f:0f:69:0d:25:
         81:87:0e:91:18:44:2d:6d:b2:39:43:f2:02:38:7e:7a:43:57:
         bc:6a:ed:77:db:aa:53:16:8f:a1:6a:73:1c:67:91:8f:ed:70:
         1f:9d:21:41:eb:16:f4:fc:ce:a6:cf:e6:04:4e:fa:e4:4e:0d:
         8b:ac:8c:9d:ef:6f:d2:f5:5c:b7:d5:03:18:a8:32:4e:4f:fa:
         98:ff:a5:11:a5:f6:91:6a:18:f9:7d:a8:bb:71:ff:ba:cf:57:
         c6:9c:94:54:53:dc:15:8c:e3:6b:37:f7:3b:63:0f:13:7c:b5:
         d5:ec:72:90:7f:d4:97:b1:83:65:30:17:6d:34:80:41:61:c2:
         63:bd:c2:46:4f:46:bd:89:3a:a2:c9:c5:f6:ab:80:64:a1:2b:
         5e:bd:b5:14:eb:85:27:6c:f2:3d:0e:25:14:01:30:01:17:84:
         ae:8d:28:d8:e9:18:c6:79:08:1e:ef:10:2d:b6:74:e4:58:85:
         79:f4:34:d8:2b:76:b9:fd:10:8f:5a:97:11:d3:ef:6f:5d:a7:
         24:e0:fd:eb
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYjQIQLtcx7my5Zd0eXCFHoQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjE4MjAxMDA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGVhNTMxMDkyODk3ZWExMGJlY2I4MWE4MjhhOTIzNDRjZDY5NzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAufbZiZ1GJAe6lZvrSzACwZdMvD3G
pnaNKFdqHL4s35TCIqDCbgV9B+hXphhs0UFHqKzg0PKET31+PSfbS8VX20y+Bdm2
pNNGJdZ+4vCoCbDIlw28QRkV9gB+2x+Oagk+SD4sX1j6l9DMiURqeRq3VxPmWN+o
y1kl/ntk98OoAJY1zDYfghlOk4qKjBVIYgDa8UAP/21M5ZeRQs0HgYVaNNIXKKVR
LadXkF0+VYMGwLXRK8oYGpZgErp5R+RqXOr0aEr3wO8vl09L8il+C6JVbbd4/ktm
8zGN+z4MjaMuvNxyc+6jbx96qyEBStd/oZLrGrkLfv2WBFZFthqhAqTWJQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOTqUxCSiX6hC+y4GoKKkjRM1pdVMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNU9wVEVKS0pmcUVMN0xnYWdvcVNORXpXbDFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHCJZK+QozncXyszsX2n
yWz7qIN0Oprcp1H1vJjBLVoww0XoMBcGPgDaLMcUX99wwIofD2kNJYGHDpEYRC1t
sjlD8gI4fnpDV7xq7XfbqlMWj6FqcxxnkY/tcB+dIUHrFvT8zqbP5gRO+uRODYus
jJ3vb9L1XLfVAxioMk5P+pj/pRGl9pFqGPl9qLtx/7rPV8aclFRT3BWM42s39ztj
DxN8tdXscpB/1Jexg2UwF200gEFhwmO9wkZPRr2JOqLJxfargGShK169tRTrhSds
8j0OJRQBMAEXhK6NKNjpGMZ5CB7vEC22dORYhXn0NNgrdrn9EI9alxHT729dpyTg
/es=
-----END CERTIFICATE-----