Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/A_9BHnbV-u6ocUISlIbJHDr361A.roa
File:                     A_9BHnbV-u6ocUISlIbJHDr361A.roa (raw, json)
Hash identifier:          B1bD95tNjWHHVc1JYqsxR0hc4Ok11gkDHjg2lr3gb1E=
Subject key identifier:   03:FF:41:1E:76:D5:FA:EE:A8:71:42:12:94:86:C9:1C:3A:F7:EB:50
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188DB7F77590B9C98DAAD1FA00DF0433277
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/A_9BHnbV-u6ocUISlIbJHDr361A.roa
Signing time:             Wed 21 Jun 2023 01:09:03 +0000
ROA not before:           Wed 21 Jun 2023 01:09:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:db:7f:77:59:0b:9c:98:da:ad:1f:a0:0d:f0:43:32:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 21 01:09:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=03ff411e76d5faeea87142129486c91c3af7eb50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:ab:2c:27:a7:20:87:16:14:85:2b:5a:78:58:
                    ce:e7:aa:22:fa:7f:73:06:55:01:c8:9d:1a:de:0a:
                    78:ec:77:c4:c5:75:1d:b6:ee:61:85:fe:9e:cb:04:
                    4e:31:aa:63:97:e6:f2:69:8b:7c:64:6e:bb:a1:cd:
                    26:f4:ed:89:6a:8e:72:16:69:4d:76:16:85:ec:9b:
                    f8:46:eb:f8:1e:3f:02:ae:51:8e:f8:52:ef:3f:11:
                    49:20:bd:f5:2a:78:f4:60:da:b1:16:31:0e:a0:53:
                    a4:95:39:1b:f4:57:c6:8a:67:30:3d:51:8a:70:37:
                    84:4d:fd:0a:c3:10:91:cd:c0:46:bf:74:90:b0:60:
                    75:cf:e1:1b:e9:c7:4a:6c:06:f6:b9:83:6a:4e:15:
                    2f:29:0a:5d:b8:f1:9c:92:52:c5:ae:be:b2:35:ab:
                    0a:bf:d1:e2:0b:85:23:b7:69:d5:e0:db:2f:cd:ad:
                    f6:9f:91:44:a9:0b:df:d0:a5:e4:28:6b:4c:6c:c9:
                    8c:03:34:88:1b:87:d1:d0:81:38:73:5a:0e:25:45:
                    f6:67:fc:56:cf:9f:e3:26:8d:be:d6:99:af:bb:79:
                    1a:e8:72:f5:76:85:60:be:13:85:7b:9a:c2:81:17:
                    82:cf:86:cd:78:58:8d:4c:8a:5f:b0:42:51:72:64:
                    14:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:FF:41:1E:76:D5:FA:EE:A8:71:42:12:94:86:C9:1C:3A:F7:EB:50
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/A_9BHnbV-u6ocUISlIbJHDr361A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:3f:b6:cc:fa:ce:05:9a:db:7d:fb:70:7d:a9:6b:d1:58:1e:
         3e:7b:99:f9:5f:06:41:64:04:df:fc:52:b9:6b:c0:48:69:5d:
         57:3b:f5:bf:05:dc:40:d6:92:0b:03:e2:e0:17:2b:14:a9:cb:
         d6:af:93:a2:41:04:04:0e:ab:50:35:04:c7:72:01:f7:de:61:
         7f:0f:bd:5c:18:3f:c1:44:ba:01:a1:d0:d5:d9:a2:fb:87:fd:
         9d:d4:3f:19:6b:8a:e3:58:04:27:a1:70:01:db:06:29:cf:0e:
         1e:0d:fc:9c:6d:f3:8b:b4:26:64:68:1a:d4:0e:78:07:b3:66:
         73:69:6b:3b:2a:a0:cc:4a:13:e1:ab:41:04:e3:72:56:3e:65:
         11:e5:30:9c:72:37:ba:a5:33:e4:6f:32:45:15:f8:a8:19:75:
         1d:ec:5a:f7:61:49:fe:d2:4a:30:ba:14:ae:5a:5a:ae:c0:9a:
         61:de:72:25:c4:56:1a:5c:98:7c:f7:39:46:b5:c7:67:e5:ac:
         a9:e6:4a:8e:41:81:5b:2b:a5:5e:7a:15:4f:b2:c7:93:8a:00:
         4b:26:98:bb:ca:e8:4f:95:0e:4f:64:84:89:2f:60:f3:b8:0e:
         62:d8:b9:01:9e:0f:a9:05:40:11:4b:27:68:ca:cc:e0:a5:b4:
         fe:5f:72:aa
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYjbf3dZC5yY2q0foA3wQzJ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjIxMDEwOTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2ZmNDExZTc2ZDVmYWVlYTg3MTQyMTI5NDg2YzkxYzNhZjdlYjUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlqssJ6cghxYUhStaeFjO56oi+n9z
BlUByJ0a3gp47HfExXUdtu5hhf6eywROMapjl+byaYt8ZG67oc0m9O2Jao5yFmlN
dhaF7Jv4Ruv4Hj8CrlGO+FLvPxFJIL31Knj0YNqxFjEOoFOklTkb9FfGimcwPVGK
cDeETf0KwxCRzcBGv3SQsGB1z+Eb6cdKbAb2uYNqThUvKQpduPGcklLFrr6yNasK
v9HiC4Ujt2nV4Nsvza32n5FEqQvf0KXkKGtMbMmMAzSIG4fR0IE4c1oOJUX2Z/xW
z5/jJo2+1pmvu3ka6HL1doVgvhOFe5rCgReCz4bNeFiNTIpfsEJRcmQUCwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAP/QR521fruqHFCEpSGyRw69+tQMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQV85QkhuYlYtdTZvY1VJU2xJYkpIRHIzNjFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACA/tsz6zgWa2337cH2p
a9FYHj57mflfBkFkBN/8UrlrwEhpXVc79b8F3EDWkgsD4uAXKxSpy9avk6JBBAQO
q1A1BMdyAffeYX8PvVwYP8FEugGh0NXZovuH/Z3UPxlriuNYBCehcAHbBinPDh4N
/Jxt84u0JmRoGtQOeAezZnNpazsqoMxKE+GrQQTjclY+ZRHlMJxyN7qlM+RvMkUV
+KgZdR3sWvdhSf7SSjC6FK5aWq7AmmHeciXEVhpcmHz3OUa1x2flrKnmSo5BgVsr
pV56FU+yx5OKAEsmmLvK6E+VDk9khIkvYPO4DmLYuQGeD6kFQBFLJ2jKzOCltP5f
cqo=
-----END CERTIFICATE-----