Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/9loj68PvX4F2a1DVO7HcY44jkvE.roa
File:                     9loj68PvX4F2a1DVO7HcY44jkvE.roa (raw, json)
Hash identifier:          yW5JEA/bAX7RnL8uVwjqZbLe7crEtRN2pp/XAUWA4Sg=
Subject key identifier:   F6:5A:23:EB:C3:EF:5F:81:76:6B:50:D5:3B:B1:DC:63:8E:23:92:F1
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018954877ACFD6EA2D9E657876D82D0D4044
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/9loj68PvX4F2a1DVO7HcY44jkvE.roa
Signing time:             Fri 14 Jul 2023 13:11:52 +0000
ROA not before:           Fri 14 Jul 2023 13:11:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:54:87:7a:cf:d6:ea:2d:9e:65:78:76:d8:2d:0d:40:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 14 13:11:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f65a23ebc3ef5f81766b50d53bb1dc638e2392f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:d1:95:ec:6f:80:7a:c3:77:d1:70:22:a9:b0:
                    fc:28:00:ec:82:28:a7:5a:62:70:8b:11:c9:39:4f:
                    a8:0a:a3:e5:0e:95:e1:0e:89:bb:41:cf:19:60:65:
                    94:bf:c0:58:15:17:37:83:24:e3:cb:fb:4a:36:e6:
                    68:01:a1:ea:83:d3:b0:8b:73:13:e5:87:1e:b8:57:
                    e4:ea:2e:4a:c4:d3:0e:7b:5d:64:5b:ea:77:43:a9:
                    7e:67:3b:01:5a:a4:4f:e8:f1:19:75:cd:91:1f:c2:
                    01:1d:78:d9:f6:76:14:e6:26:c9:5c:ed:6a:a0:2a:
                    38:4c:49:63:a4:65:68:a8:13:32:e5:2f:7b:62:c7:
                    e5:c2:b4:62:f6:ad:1d:eb:86:77:7d:38:2d:48:04:
                    b0:9c:61:18:cc:cc:0a:45:19:80:08:16:9a:9d:75:
                    90:23:f0:d7:91:9c:b5:ca:57:2d:46:86:3a:66:e6:
                    89:78:b4:dc:78:59:0c:28:7a:a4:80:ad:8c:b2:26:
                    10:06:f1:74:50:9b:78:7a:de:48:5a:43:90:43:2d:
                    91:6a:ca:33:78:1a:92:01:7c:b7:ad:b8:41:bb:6d:
                    92:71:fa:b2:04:3a:74:51:ee:b1:b3:0c:1f:69:9c:
                    c5:d2:47:79:d1:0a:77:70:c9:52:45:58:d2:13:cf:
                    0f:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:5A:23:EB:C3:EF:5F:81:76:6B:50:D5:3B:B1:DC:63:8E:23:92:F1
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/9loj68PvX4F2a1DVO7HcY44jkvE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         99:bd:a4:52:83:b0:af:d3:5d:44:2b:a0:38:cb:7b:51:d4:4a:
         76:0b:55:38:8c:cf:f1:51:41:a2:99:52:cd:99:99:0a:3c:9c:
         e1:3c:ed:33:b5:78:e5:9d:51:f8:54:95:74:fc:1a:e6:45:cb:
         e8:77:3d:45:2f:98:4a:6a:0e:10:fb:df:1f:75:83:e5:28:3a:
         a2:ee:c7:50:30:88:30:80:d9:f5:ab:3e:3d:d2:75:a6:d0:ca:
         76:e8:9c:c8:42:f9:31:77:9d:bf:c3:d2:9b:d5:67:ac:af:f6:
         b1:5c:a4:2b:a8:57:c0:df:07:5b:5d:a5:29:c9:a5:7a:ef:93:
         2c:1b:75:79:f7:f1:0c:26:07:75:39:86:9c:44:93:29:a1:68:
         0a:68:ad:a0:65:f8:92:b8:a8:91:46:ec:ea:80:6f:bb:e2:e4:
         7c:ab:14:08:35:ba:c2:af:70:28:13:05:be:c8:6d:ab:8b:97:
         3d:4d:87:77:80:14:2c:c0:e9:8f:86:b5:80:17:2d:69:45:90:
         85:83:c0:4d:14:0a:5f:d0:69:06:4b:68:3b:86:ad:d9:cf:3f:
         15:ca:b4:c4:6d:16:c9:51:d3:3a:12:13:3d:28:d4:d4:2b:2a:
         ea:a0:cf:1e:9e:ad:44:ec:7d:97:95:1e:77:60:91:c0:4d:1a:
         28:39:5a:0e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlUh3rP1uotnmV4dtgtDUBEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzE0MTMxMTUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjVhMjNlYmMzZWY1ZjgxNzY2YjUwZDUzYmIxZGM2MzhlMjM5MmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNGV7G+AesN30XAiqbD8KADsgiin
WmJwixHJOU+oCqPlDpXhDom7Qc8ZYGWUv8BYFRc3gyTjy/tKNuZoAaHqg9Owi3MT
5YceuFfk6i5KxNMOe11kW+p3Q6l+ZzsBWqRP6PEZdc2RH8IBHXjZ9nYU5ibJXO1q
oCo4TEljpGVoqBMy5S97YsflwrRi9q0d64Z3fTgtSASwnGEYzMwKRRmACBaanXWQ
I/DXkZy1ylctRoY6ZuaJeLTceFkMKHqkgK2MsiYQBvF0UJt4et5IWkOQQy2Rasoz
eBqSAXy3rbhBu22ScfqyBDp0Ue6xswwfaZzF0kd50Qp3cMlSRVjSE88P9QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPZaI+vD71+BdmtQ1Tux3GOOI5LxMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvOWxvajY4UHZYNEYyYTFEVk83SGNZNDRqa3ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJm9pFKDsK/TXUQroDjL
e1HUSnYLVTiMz/FRQaKZUs2ZmQo8nOE87TO1eOWdUfhUlXT8GuZFy+h3PUUvmEpq
DhD73x91g+UoOqLux1AwiDCA2fWrPj3SdabQynbonMhC+TF3nb/D0pvVZ6yv9rFc
pCuoV8DfB1tdpSnJpXrvkywbdXn38QwmB3U5hpxEkymhaAporaBl+JK4qJFG7OqA
b7vi5HyrFAg1usKvcCgTBb7IbauLlz1Nh3eAFCzA6Y+GtYAXLWlFkIWDwE0UCl/Q
aQZLaDuGrdnPPxXKtMRtFslR0zoSEz0o1NQrKuqgzx6erUTsfZeVHndgkcBNGig5
Wg4=
-----END CERTIFICATE-----