Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/8iW54nS9BdlzwTRh18A4ZTp5-kk.roa
File:                     8iW54nS9BdlzwTRh18A4ZTp5-kk.roa (raw, json)
Hash identifier:          NCP9qdMbfyAXlm8iFrvLD0m1urM5JPBFeJ4VxgjyFGk=
Subject key identifier:   F2:25:B9:E2:74:BD:05:D9:73:C1:34:61:D7:C0:38:65:3A:79:FA:49
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01888CBFAE75E1E6A31C4D90B4B9200FE0D7
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/8iW54nS9BdlzwTRh18A4ZTp5-kk.roa
Signing time:             Mon 05 Jun 2023 18:09:12 +0000
ROA not before:           Mon 05 Jun 2023 18:09:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:8c:bf:ae:75:e1:e6:a3:1c:4d:90:b4:b9:20:0f:e0:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  5 18:09:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f225b9e274bd05d973c13461d7c038653a79fa49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:b3:09:55:25:ed:65:99:ab:4f:93:af:9a:c7:
                    36:e1:c7:b6:d6:24:5a:b4:dd:31:76:d9:c3:92:e3:
                    f5:e3:84:33:86:bf:4e:e7:c5:93:41:1d:9d:2d:90:
                    0a:0a:e5:44:0b:36:bf:84:6a:f7:6d:c6:c0:62:c9:
                    18:e4:89:63:da:30:44:ea:88:a2:95:8e:42:8d:2d:
                    3c:1f:fc:41:52:fe:d7:64:0b:08:7f:a5:16:52:5c:
                    97:5e:d1:04:dc:71:ca:d4:07:c4:73:44:49:e4:10:
                    dd:5b:9b:2b:0e:d2:e4:9a:27:3e:bf:49:db:14:bc:
                    da:f4:d3:06:d1:8c:7d:75:0e:8f:7a:84:91:06:79:
                    68:6b:db:41:39:84:68:31:c8:f4:ea:a0:1d:e8:86:
                    80:e0:2a:d8:fb:23:74:56:3b:4e:15:97:bb:64:5d:
                    69:24:af:b1:0e:88:d1:20:81:3d:4d:ce:5a:8b:e3:
                    11:ed:1a:46:4e:8f:c1:f5:ea:5e:f0:ce:30:73:ca:
                    b4:74:87:15:f1:49:1f:00:58:e6:e7:1c:39:61:8c:
                    49:89:fe:69:2f:90:69:f1:1a:b7:d4:f7:04:f4:b6:
                    67:d1:ed:ad:8e:d6:77:e8:ad:6e:30:b2:80:b0:d2:
                    50:66:6a:59:1a:0d:af:ca:70:27:5d:0a:88:18:a7:
                    e2:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:25:B9:E2:74:BD:05:D9:73:C1:34:61:D7:C0:38:65:3A:79:FA:49
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/8iW54nS9BdlzwTRh18A4ZTp5-kk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:d3:f7:f0:0f:a8:ce:3e:7f:7d:b2:e9:48:f9:96:1b:e3:b1:
         05:85:3b:aa:83:ba:10:19:56:34:cd:0c:16:c3:62:8a:5e:b8:
         d1:55:d6:7e:ea:c7:2c:5b:9c:08:60:f8:2a:f3:7e:09:f4:c3:
         42:70:e1:6f:b9:70:5e:85:4e:62:86:ef:39:b8:fc:82:e4:ba:
         79:f2:3b:f1:f1:16:85:c7:29:72:90:3c:84:20:e3:c7:b6:24:
         e8:bf:dc:35:5e:72:2f:e5:f7:40:b2:61:6f:fa:97:e6:d0:ea:
         a8:0f:c3:38:50:b7:de:4a:86:6f:38:74:0e:07:a4:59:6a:d4:
         3d:f8:14:b3:7c:a8:3b:c8:12:3a:ce:fa:0b:4c:aa:cf:86:d5:
         7d:86:d0:48:b7:d6:f8:09:6c:5d:98:04:b6:21:6a:5e:6e:42:
         03:14:d0:10:e3:e1:18:72:17:07:b4:a9:4a:5c:02:03:72:88:
         4a:9b:78:1e:c7:e5:1d:a2:04:53:0f:5e:81:17:0c:7f:a7:f0:
         a5:9b:8a:71:d9:a4:f4:c9:38:13:bc:18:78:b0:2e:58:e8:bd:
         70:75:0e:2a:45:55:84:54:10:0c:c0:53:dc:82:2b:e6:ad:89:
         bf:4f:2a:c6:e9:a5:08:08:cc:10:f9:9f:f9:10:f1:c2:70:ec:
         0e:81:1d:8a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiMv6514eajHE2QtLkgD+DXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA1MTgwOTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjI1YjllMjc0YmQwNWQ5NzNjMTM0NjFkN2MwMzg2NTNhNzlmYTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgrMJVSXtZZmrT5Ovmsc24ce21iRa
tN0xdtnDkuP144Qzhr9O58WTQR2dLZAKCuVECza/hGr3bcbAYskY5Ilj2jBE6oii
lY5CjS08H/xBUv7XZAsIf6UWUlyXXtEE3HHK1AfEc0RJ5BDdW5srDtLkmic+v0nb
FLza9NMG0Yx9dQ6PeoSRBnloa9tBOYRoMcj06qAd6IaA4CrY+yN0VjtOFZe7ZF1p
JK+xDojRIIE9Tc5ai+MR7RpGTo/B9epe8M4wc8q0dIcV8UkfAFjm5xw5YYxJif5p
L5Bp8Rq31PcE9LZn0e2tjtZ36K1uMLKAsNJQZmpZGg2vynAnXQqIGKfitQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPIlueJ0vQXZc8E0YdfAOGU6efpJMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvOGlXNTRuUzlCZGx6d1RSaDE4QTRaVHA1LWtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHrT9/APqM4+f32y6Uj5
lhvjsQWFO6qDuhAZVjTNDBbDYopeuNFV1n7qxyxbnAhg+Crzfgn0w0Jw4W+5cF6F
TmKG7zm4/ILkunnyO/HxFoXHKXKQPIQg48e2JOi/3DVeci/l90CyYW/6l+bQ6qgP
wzhQt95Khm84dA4HpFlq1D34FLN8qDvIEjrO+gtMqs+G1X2G0Ei31vgJbF2YBLYh
al5uQgMU0BDj4RhyFwe0qUpcAgNyiEqbeB7H5R2iBFMPXoEXDH+n8KWbinHZpPTJ
OBO8GHiwLljovXB1DipFVYRUEAzAU9yCK+atib9PKsbppQgIzBD5n/kQ8cJw7A6B
HYo=
-----END CERTIFICATE-----