Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/8kuaMIb4Olv27ZiOs9bbBlao9wU.roa
File:                     8kuaMIb4Olv27ZiOs9bbBlao9wU.roa (raw, json)
Hash identifier:          RvaNSR+Y5Feniv7BoDvO1O4wYtHGA4Cr8Py4gLBBFH8=
Subject key identifier:   F2:4B:9A:30:86:F8:3A:5B:F6:ED:98:8E:B3:D6:DB:06:56:A8:F7:05
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018783166F43E83C597FBA4E14CB80777E44
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/8kuaMIb4Olv27ZiOs9bbBlao9wU.roa
Signing time:             Sat 15 Apr 2023 04:04:58 +0000
ROA not before:           Sat 15 Apr 2023 04:04:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:187:8316:6129/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:83:16:6f:43:e8:3c:59:7f:ba:4e:14:cb:80:77:7e:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 15 04:04:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f24b9a3086f83a5bf6ed988eb3d6db0656a8f705
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:5b:9a:1d:05:e2:6f:dc:09:be:bf:0c:ed:44:
                    c8:d3:c3:ba:aa:f4:85:a6:c0:58:f8:9e:dc:f1:f2:
                    60:72:34:36:75:53:d7:ce:b7:fa:5b:bc:29:97:2d:
                    7c:28:af:55:2e:33:f9:0b:dd:88:92:70:b8:eb:35:
                    a9:82:c6:df:c1:c7:67:6c:52:21:ad:ab:5f:a5:31:
                    5e:a4:41:68:f6:b2:64:6e:be:a2:59:02:b8:92:b5:
                    e4:c3:31:cd:8a:58:a5:bd:8d:3c:7c:df:81:bf:67:
                    0a:ae:b7:71:02:7f:3d:b1:d8:0e:2c:fa:93:61:1c:
                    96:73:c5:bd:1a:1a:50:98:f2:5a:c6:7f:00:f0:ce:
                    27:74:68:77:7a:f7:7d:a2:3e:a0:21:9d:9d:e4:63:
                    37:87:dd:33:8c:af:ae:c9:df:fe:f0:ef:95:ab:17:
                    2b:81:da:76:94:e4:7f:33:f7:4b:41:a0:75:22:90:
                    4d:4a:a2:ed:03:d8:53:ea:e9:59:18:cc:c4:7d:d9:
                    d8:62:31:ce:d9:20:27:81:b0:73:46:ea:34:eb:a5:
                    16:29:95:fb:84:63:80:ca:6a:4e:ee:17:3c:89:99:
                    85:0a:a9:2f:24:3a:ed:78:ee:19:26:10:af:f2:d7:
                    1b:03:87:10:35:44:56:23:d0:07:12:45:d0:4f:5f:
                    59:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:4B:9A:30:86:F8:3A:5B:F6:ED:98:8E:B3:D6:DB:06:56:A8:F7:05
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/8kuaMIb4Olv27ZiOs9bbBlao9wU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         96:d0:0e:b2:75:d1:e7:1b:6d:7c:64:62:71:dd:b9:be:bf:16:
         88:0b:c9:71:fc:36:48:21:86:8a:3b:6f:b7:fc:13:bf:34:53:
         8e:0c:95:7e:4e:84:80:47:db:cb:9d:9d:4f:74:e5:8e:e1:5f:
         18:d2:7b:1e:44:89:e2:f7:34:42:d4:74:da:58:81:a9:62:8d:
         0b:62:7e:73:88:71:04:38:cf:b6:d1:00:c0:47:4e:74:48:91:
         f7:fe:03:76:dc:69:d6:ea:88:f9:ea:b5:b1:e4:25:fb:17:46:
         d3:62:92:0f:29:a1:bd:9b:d5:4f:fe:e3:08:f8:a3:32:31:04:
         ef:72:a8:28:9f:8e:58:84:9e:a4:b0:3a:73:5e:ea:fe:1a:aa:
         74:a8:a2:ca:05:fd:96:cf:c4:34:18:f8:4a:e9:da:19:17:d8:
         45:d4:1d:a5:de:63:b3:ef:5b:b4:c2:eb:75:e7:4c:17:ca:8b:
         b3:0e:5c:d2:71:fc:9c:3f:75:b5:95:b5:a9:ab:b6:d2:ce:f5:
         b8:08:a5:b8:bd:5b:18:05:33:a5:94:9d:25:a2:4e:9a:e0:20:
         48:1a:e1:38:4d:44:69:75:02:cf:dc:90:b0:41:80:8b:b4:ad:
         83:95:0c:5e:92:f4:06:b6:80:f9:2b:22:e6:8b:3f:84:1b:f9:
         aa:9c:e5:7f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYeDFm9D6DxZf7pOFMuAd35EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDE1MDQwNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjRiOWEzMDg2ZjgzYTViZjZlZDk4OGViM2Q2ZGIwNjU2YThmNzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhVuaHQXib9wJvr8M7UTI08O6qvSF
psBY+J7c8fJgcjQ2dVPXzrf6W7wply18KK9VLjP5C92IknC46zWpgsbfwcdnbFIh
ratfpTFepEFo9rJkbr6iWQK4krXkwzHNililvY08fN+Bv2cKrrdxAn89sdgOLPqT
YRyWc8W9GhpQmPJaxn8A8M4ndGh3evd9oj6gIZ2d5GM3h90zjK+uyd/+8O+Vqxcr
gdp2lOR/M/dLQaB1IpBNSqLtA9hT6ulZGMzEfdnYYjHO2SAngbBzRuo066UWKZX7
hGOAympO7hc8iZmFCqkvJDrteO4ZJhCv8tcbA4cQNURWI9AHEkXQT19ZUwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPJLmjCG+Dpb9u2YjrPW2wZWqPcFMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvOGt1YU1JYjRPbHYyN1ppT3M5YmJCbGFvOXdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJbQDrJ10ecbbXxkYnHd
ub6/FogLyXH8Nkghhoo7b7f8E780U44MlX5OhIBH28udnU905Y7hXxjSex5EieL3
NELUdNpYgalijQtifnOIcQQ4z7bRAMBHTnRIkff+A3bcadbqiPnqtbHkJfsXRtNi
kg8pob2b1U/+4wj4ozIxBO9yqCifjliEnqSwOnNe6v4aqnSoosoF/ZbPxDQY+Erp
2hkX2EXUHaXeY7PvW7TC63XnTBfKi7MOXNJx/Jw/dbWVtamrttLO9bgIpbi9WxgF
M6WUnSWiTprgIEga4ThNRGl1As/ckLBBgIu0rYOVDF6S9Aa2gPkrIuaLP4Qb+aqc
5X8=
-----END CERTIFICATE-----