Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CD96Gk0BkUs4OzHGVT4yZMyW2lQ.roa
File:                     CD96Gk0BkUs4OzHGVT4yZMyW2lQ.roa (raw, json)
Hash identifier:          pUkPnGZgPvhR1sEp+aBcBlPYd5BrSL1+H5x35K51JTQ=
Subject key identifier:   08:3F:7A:1A:4D:01:91:4B:38:3B:31:C6:55:3E:32:64:CC:96:DA:54
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188394778155FE8B5DAF768EE5D492FC0DD
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CD96Gk0BkUs4OzHGVT4yZMyW2lQ.roa
Signing time:             Sat 20 May 2023 13:09:24 +0000
ROA not before:           Sat 20 May 2023 13:09:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:39:47:78:15:5f:e8:b5:da:f7:68:ee:5d:49:2f:c0:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 20 13:09:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=083f7a1a4d01914b383b31c6553e3264cc96da54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:a5:66:88:86:29:86:ea:6b:41:e8:36:84:53:
                    b1:00:b3:f8:c2:15:d8:be:0b:cd:fb:a0:a5:5c:5d:
                    a3:c2:7d:c3:2a:3b:7d:15:47:d0:59:26:2d:73:f8:
                    75:26:12:38:51:f5:af:10:51:0f:9a:fb:e0:3e:53:
                    18:2b:fa:55:c5:db:a7:29:09:e4:88:9d:fa:4a:ac:
                    a5:77:35:bc:e5:f7:6a:62:37:5a:97:ba:95:02:79:
                    02:8c:0a:7d:34:81:48:5e:b3:e9:e2:eb:80:39:c1:
                    cc:f8:e7:e0:96:d3:d6:54:67:d2:af:7a:0d:35:63:
                    62:7e:7b:d6:ca:a5:f7:53:59:c1:41:03:5d:07:9b:
                    4c:e8:e9:35:8f:78:1b:6c:86:84:7d:4b:1d:e9:ca:
                    50:7e:8f:fc:ac:f8:5e:de:4f:8e:4e:35:a1:19:d0:
                    49:ed:ec:d0:75:4c:ee:ea:c6:c8:e1:bf:bb:c6:c7:
                    8e:b9:bc:b7:46:d1:04:2b:47:53:75:f3:3c:11:76:
                    5c:ae:7e:10:0a:3c:67:e3:0f:d4:95:b5:d2:4c:be:
                    c7:12:a5:9c:a8:d6:b4:be:92:ac:0a:89:e5:d1:c6:
                    b2:37:e4:77:5a:08:a0:58:73:54:09:39:59:01:9d:
                    84:0f:23:1b:ec:48:4c:88:5b:d6:0c:d0:43:91:62:
                    9a:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:3F:7A:1A:4D:01:91:4B:38:3B:31:C6:55:3E:32:64:CC:96:DA:54
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CD96Gk0BkUs4OzHGVT4yZMyW2lQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         92:35:33:f0:91:07:ae:b7:85:fa:be:f3:61:d7:52:9e:40:c3:
         8b:4a:d0:f7:4d:a7:02:a7:48:7d:0a:0d:6c:ac:f6:be:43:67:
         a4:61:b8:e6:07:54:8f:6e:29:5b:37:26:0e:2c:00:ef:83:a9:
         4e:91:cf:6e:08:ae:63:eb:43:65:f5:04:fe:fb:39:1d:58:bc:
         61:f1:0f:d1:86:de:cc:87:da:92:d1:3e:6e:aa:20:be:d7:52:
         32:b8:cc:90:3c:4b:80:0e:77:78:37:b2:26:27:65:ac:e5:73:
         93:4b:78:6b:15:b4:47:5e:ae:97:b9:fe:70:69:31:3e:f0:fe:
         3f:2d:a9:36:8c:e3:48:2d:d0:39:8d:1d:fd:c7:88:46:78:67:
         9b:cb:51:2c:64:7e:18:81:c9:00:68:41:90:f6:db:50:3e:35:
         9e:d6:41:4a:6e:ff:9d:35:d5:d2:23:5f:0f:3f:e4:8e:23:4f:
         7f:49:db:47:14:6c:56:00:77:e1:4d:4f:8f:3b:49:b3:bb:c3:
         e0:9f:22:4c:6f:72:9b:5e:09:3e:c9:35:df:b5:65:c8:62:f4:
         d1:a7:db:04:05:02:47:47:d6:ad:5c:94:b2:66:b7:11:85:10:
         13:a0:0a:68:0f:9f:4a:13:6d:2a:cc:34:9f:c2:88:6f:67:13:
         7d:81:ca:e2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYg5R3gVX+i12vdo7l1JL8DdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTIwMTMwOTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODNmN2ExYTRkMDE5MTRiMzgzYjMxYzY1NTNlMzI2NGNjOTZkYTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqVmiIYphuprQeg2hFOxALP4whXY
vgvN+6ClXF2jwn3DKjt9FUfQWSYtc/h1JhI4UfWvEFEPmvvgPlMYK/pVxdunKQnk
iJ36SqyldzW85fdqYjdal7qVAnkCjAp9NIFIXrPp4uuAOcHM+OfgltPWVGfSr3oN
NWNifnvWyqX3U1nBQQNdB5tM6Ok1j3gbbIaEfUsd6cpQfo/8rPhe3k+OTjWhGdBJ
7ezQdUzu6sbI4b+7xseOuby3RtEEK0dTdfM8EXZcrn4QCjxn4w/UlbXSTL7HEqWc
qNa0vpKsConl0cayN+R3WgigWHNUCTlZAZ2EDyMb7EhMiFvWDNBDkWKakQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAg/ehpNAZFLODsxxlU+MmTMltpUMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQ0Q5NkdrMEJrVXM0T3pIR1ZUNHlaTXlXMmxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJI1M/CRB663hfq+82HX
Up5Aw4tK0PdNpwKnSH0KDWys9r5DZ6RhuOYHVI9uKVs3Jg4sAO+DqU6Rz24IrmPr
Q2X1BP77OR1YvGHxD9GG3syH2pLRPm6qIL7XUjK4zJA8S4AOd3g3siYnZazlc5NL
eGsVtEderpe5/nBpMT7w/j8tqTaM40gt0DmNHf3HiEZ4Z5vLUSxkfhiByQBoQZD2
21A+NZ7WQUpu/5011dIjXw8/5I4jT39J20cUbFYAd+FNT487SbO7w+CfIkxvcpte
CT7JNd+1Zchi9NGn2wQFAkdH1q1clLJmtxGFEBOgCmgPn0oTbSrMNJ/CiG9nE32B
yuI=
-----END CERTIFICATE-----