Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/B8qBlFwrK9NGYtydp9aRjClxYXU.roa
File:                     B8qBlFwrK9NGYtydp9aRjClxYXU.roa (raw, json)
Hash identifier:          pZ9RS/+piNCqWqChstWLf2XtciCHOlDjjwtp5GXECQc=
Subject key identifier:   07:CA:81:94:5C:2B:2B:D3:46:62:DC:9D:A7:D6:91:8C:29:71:61:75
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188A0B53CB2494E15927FE961400162CB0A
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/B8qBlFwrK9NGYtydp9aRjClxYXU.roa
Signing time:             Fri 09 Jun 2023 15:10:12 +0000
ROA not before:           Fri 09 Jun 2023 15:10:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:a0:b5:3c:b2:49:4e:15:92:7f:e9:61:40:01:62:cb:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  9 15:10:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=07ca81945c2b2bd34662dc9da7d6918c29716175
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:4c:85:cb:93:ce:70:81:31:6b:51:0a:6e:d2:
                    9c:bf:d7:50:5d:15:60:b6:cd:97:2f:e1:b2:b3:d5:
                    7a:9d:f9:36:27:d8:1b:e3:ec:76:14:cb:b2:43:a3:
                    9f:5c:b6:8c:f0:f0:5a:2c:81:cc:d0:55:a8:77:f5:
                    e7:2b:b3:93:59:9b:11:ef:0a:de:a0:83:b8:64:d8:
                    40:3c:74:4f:86:7d:c7:bd:9c:8b:db:4c:89:1e:16:
                    ed:b0:e8:77:4f:79:06:95:9f:e5:d6:5e:53:79:66:
                    0b:72:89:b6:df:81:ba:0b:b9:39:ac:87:01:df:58:
                    e6:d7:c0:cf:de:a2:56:eb:2d:4d:b8:6b:0d:30:54:
                    d3:6d:88:2c:16:10:e8:1d:13:71:03:81:a2:a5:79:
                    11:c5:ec:c9:94:06:bd:74:2b:7f:3c:92:dd:68:1d:
                    53:61:08:ba:bc:11:8b:b8:ba:15:ee:2a:b2:5f:43:
                    41:03:58:45:8d:7a:d1:86:2b:8c:05:d8:c7:3c:3a:
                    a3:69:cf:b2:b9:39:c6:4c:48:b6:43:29:d3:b2:4c:
                    c8:f4:42:86:e1:49:56:76:c2:9d:28:92:fc:5f:d3:
                    71:f2:5b:92:ba:38:69:1a:5c:a8:6f:40:68:39:ed:
                    d7:bb:3c:f1:b0:7e:04:a5:1a:bd:48:40:a3:05:76:
                    f4:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:CA:81:94:5C:2B:2B:D3:46:62:DC:9D:A7:D6:91:8C:29:71:61:75
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/B8qBlFwrK9NGYtydp9aRjClxYXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         6c:0f:eb:21:33:52:5f:f0:68:a0:85:be:2d:ab:ae:f6:a2:8f:
         a2:b4:bf:61:12:24:0f:2a:da:7b:eb:e1:74:33:58:b9:03:59:
         b1:ea:c1:b0:79:ae:bd:9b:1b:af:2f:47:b2:80:41:b1:cb:de:
         be:5a:07:0a:cb:30:24:4d:53:b3:4c:50:85:f0:ea:7d:c8:7d:
         1a:46:af:14:8f:40:12:f5:0f:48:f5:28:7e:da:47:62:8a:67:
         f3:38:f2:19:49:84:70:85:28:9b:53:68:b0:5a:95:bc:33:e0:
         0f:73:6e:e7:6d:19:16:01:d8:05:09:d0:a1:2a:5a:87:63:6c:
         a2:ce:60:44:78:58:59:fa:8c:a8:dc:36:3f:a7:96:72:73:ed:
         1f:7b:80:7c:3c:f3:f5:a9:a3:1c:0a:17:c2:be:c0:1c:36:91:
         39:81:b3:0e:59:96:4b:4a:51:b4:2a:fd:da:39:ea:83:6b:c9:
         ae:39:69:a1:0a:4a:1e:a3:b1:5f:4f:4d:e3:46:a5:aa:4b:1f:
         81:33:15:b6:df:f6:f8:42:26:a0:1b:94:03:70:14:57:b2:5d:
         28:f5:18:fd:b3:ac:57:7b:66:4b:9f:d6:00:31:c3:da:0d:44:
         60:87:e3:0e:77:0b:53:e9:83:37:7d:ce:f5:a2:8d:52:47:5a:
         ad:d8:66:52
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYigtTyySU4Vkn/pYUABYssKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA5MTUxMDEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2NhODE5NDVjMmIyYmQzNDY2MmRjOWRhN2Q2OTE4YzI5NzE2MTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhEyFy5POcIExa1EKbtKcv9dQXRVg
ts2XL+Gys9V6nfk2J9gb4+x2FMuyQ6OfXLaM8PBaLIHM0FWod/XnK7OTWZsR7wre
oIO4ZNhAPHRPhn3HvZyL20yJHhbtsOh3T3kGlZ/l1l5TeWYLcom234G6C7k5rIcB
31jm18DP3qJW6y1NuGsNMFTTbYgsFhDoHRNxA4GipXkRxezJlAa9dCt/PJLdaB1T
YQi6vBGLuLoV7iqyX0NBA1hFjXrRhiuMBdjHPDqjac+yuTnGTEi2QynTskzI9EKG
4UlWdsKdKJL8X9Nx8luSujhpGlyob0BoOe3XuzzxsH4EpRq9SECjBXb0YQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAfKgZRcKyvTRmLcnafWkYwpcWF1MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQjhxQmxGd3JLOU5HWXR5ZHA5YVJqQ2x4WVhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGwP6yEzUl/waKCFvi2r
rvaij6K0v2ESJA8q2nvr4XQzWLkDWbHqwbB5rr2bG68vR7KAQbHL3r5aBwrLMCRN
U7NMUIXw6n3IfRpGrxSPQBL1D0j1KH7aR2KKZ/M48hlJhHCFKJtTaLBalbwz4A9z
budtGRYB2AUJ0KEqWodjbKLOYER4WFn6jKjcNj+nlnJz7R97gHw88/WpoxwKF8K+
wBw2kTmBsw5ZlktKUbQq/do56oNrya45aaEKSh6jsV9PTeNGpapLH4EzFbbf9vhC
JqAblANwFFeyXSj1GP2zrFd7Zkuf1gAxw9oNRGCH4w53C1Ppgzd9zvWijVJHWq3Y
ZlI=
-----END CERTIFICATE-----