Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/9SJ5MHOxHQMnp01maJ8GPTZzWjc.roa
File:                     9SJ5MHOxHQMnp01maJ8GPTZzWjc.roa (raw, json)
Hash identifier:          5T6JMAQBBEPX1FVD65Vugl1zxizNkqgAcwgcFE8TWiA=
Subject key identifier:   F5:22:79:30:73:B1:1D:03:27:A7:4D:66:68:9F:06:3D:36:73:5A:37
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01896B0E003A3B6BFAA1DEF5F12D13B00A5F
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/9SJ5MHOxHQMnp01maJ8GPTZzWjc.roa
Signing time:             Tue 18 Jul 2023 22:10:26 +0000
ROA not before:           Tue 18 Jul 2023 22:10:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:6b:0e:00:3a:3b:6b:fa:a1:de:f5:f1:2d:13:b0:0a:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 18 22:10:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f522793073b11d0327a74d66689f063d36735a37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:0b:7a:8e:2e:65:5a:07:c3:ca:ff:e9:12:a9:
                    85:d7:7f:ed:62:09:c6:e5:2d:68:21:25:23:86:2c:
                    8b:51:8a:8f:51:53:b0:ed:ab:68:fe:f9:76:24:aa:
                    75:ba:22:f4:bc:ee:fc:18:33:11:39:51:55:74:6e:
                    48:6c:78:f1:15:3e:c2:f6:44:f7:2b:5e:8a:a1:93:
                    ab:a2:b0:08:be:12:1b:d5:ed:5b:64:b2:78:01:06:
                    c5:c4:97:39:65:8c:e8:07:bf:c8:fc:f3:fd:ea:7a:
                    31:81:8a:43:f1:e3:fa:57:2b:be:cb:a3:b7:16:31:
                    74:e9:eb:fd:18:18:07:73:15:66:f9:61:f4:fd:d9:
                    85:c6:67:43:1d:23:50:56:95:e2:12:34:de:72:01:
                    0c:95:69:db:e4:3a:b6:1c:b9:d0:a1:78:71:be:fd:
                    26:87:93:3c:14:3e:d9:9b:70:7d:44:d6:d1:e9:74:
                    83:0c:38:82:bc:38:3e:ff:56:c0:e0:a2:cb:da:20:
                    02:1a:64:d7:12:e4:c0:60:c5:5b:2a:98:e6:03:ea:
                    92:63:23:0d:f6:07:01:37:71:64:c2:56:36:6d:3f:
                    0f:8c:fa:35:1a:d8:73:6f:dd:ca:0e:8f:2c:77:7f:
                    8c:6d:ea:f2:eb:83:40:fb:da:87:c5:8b:02:9c:59:
                    1a:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:22:79:30:73:B1:1D:03:27:A7:4D:66:68:9F:06:3D:36:73:5A:37
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/9SJ5MHOxHQMnp01maJ8GPTZzWjc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         91:78:32:9f:eb:30:84:5c:38:57:0c:0a:1d:ae:a4:8b:a0:7b:
         d1:e6:81:15:7f:be:22:9a:7f:b2:c4:0a:1b:80:06:be:68:3e:
         4e:0a:44:d3:67:52:da:7c:ad:d7:f5:26:df:8a:e8:57:6b:93:
         fb:38:47:1d:d0:5f:03:60:9b:34:11:9e:96:04:01:af:44:25:
         c8:59:a0:05:64:08:f1:af:d6:c9:ef:7a:fd:56:77:57:c8:b5:
         0c:98:40:ea:d7:58:85:88:90:ea:e8:f2:da:4b:96:07:ee:d9:
         00:c5:28:e6:b5:2a:ed:b0:f1:30:be:9c:39:85:6c:4f:62:d6:
         81:e4:91:26:4d:38:90:d1:66:34:ba:28:51:2a:4f:1f:dc:c5:
         91:26:47:68:a6:d7:bf:46:60:5f:8a:51:88:88:7d:29:c2:b2:
         e9:5e:98:e5:c0:00:c6:5d:36:f7:99:b2:da:97:fb:c3:65:6b:
         96:6b:7b:39:cd:9d:a8:59:5b:63:ab:53:d7:6c:91:af:f1:b0:
         06:c4:e8:9d:1e:c2:d0:55:cc:30:64:eb:89:5e:17:4e:a0:dc:
         ff:b5:dc:35:d7:16:13:04:75:82:76:9a:92:f6:01:78:4f:52:
         ac:79:09:7c:f2:50:ca:fe:2c:bc:4d:e8:d1:e8:44:f7:fb:df:
         55:4c:67:8b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlrDgA6O2v6od718S0TsApfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzE4MjIxMDI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTIyNzkzMDczYjExZDAzMjdhNzRkNjY2ODlmMDYzZDM2NzM1YTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkgt6ji5lWgfDyv/pEqmF13/tYgnG
5S1oISUjhiyLUYqPUVOw7ato/vl2JKp1uiL0vO78GDMROVFVdG5IbHjxFT7C9kT3
K16KoZOrorAIvhIb1e1bZLJ4AQbFxJc5ZYzoB7/I/PP96noxgYpD8eP6Vyu+y6O3
FjF06ev9GBgHcxVm+WH0/dmFxmdDHSNQVpXiEjTecgEMlWnb5Dq2HLnQoXhxvv0m
h5M8FD7Zm3B9RNbR6XSDDDiCvDg+/1bA4KLL2iACGmTXEuTAYMVbKpjmA+qSYyMN
9gcBN3FkwlY2bT8PjPo1Gthzb93KDo8sd3+Mbery64NA+9qHxYsCnFkaOQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPUieTBzsR0DJ6dNZmifBj02c1o3MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvOVNKNU1IT3hIUU1ucDAxbWFKOEdQVFp6V2pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJF4Mp/rMIRcOFcMCh2u
pIuge9HmgRV/viKaf7LEChuABr5oPk4KRNNnUtp8rdf1Jt+K6Fdrk/s4Rx3QXwNg
mzQRnpYEAa9EJchZoAVkCPGv1snvev1Wd1fItQyYQOrXWIWIkOro8tpLlgfu2QDF
KOa1Ku2w8TC+nDmFbE9i1oHkkSZNOJDRZjS6KFEqTx/cxZEmR2im179GYF+KUYiI
fSnCsulemOXAAMZdNveZstqX+8Nla5ZreznNnahZW2OrU9dska/xsAbE6J0ewtBV
zDBk64leF06g3P+13DXXFhMEdYJ2mpL2AXhPUqx5CXzyUMr+LLxN6NHoRPf731VM
Z4s=
-----END CERTIFICATE-----