Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/C_-KrlJCX-oDgCoa1Wz3xQ1cqk4.roa
File:                     C_-KrlJCX-oDgCoa1Wz3xQ1cqk4.roa (raw, json)
Hash identifier:          lP3d+xANkL1qLjb27UCdBqgB8W7tVKnKhPxb5pJ6RDM=
Subject key identifier:   0B:FF:8A:AE:52:42:5F:EA:03:80:2A:1A:D5:6C:F7:C5:0D:5C:AA:4E
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01874A028EDD76981624F368766FE64C4236
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/C_-KrlJCX-oDgCoa1Wz3xQ1cqk4.roa
Signing time:             Tue 04 Apr 2023 02:04:54 +0000
ROA not before:           Tue 04 Apr 2023 02:04:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4a02:29be/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:4a:02:8e:dd:76:98:16:24:f3:68:76:6f:e6:4c:42:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  4 02:04:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0bff8aae52425fea03802a1ad56cf7c50d5caa4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:ee:f0:96:6f:84:b3:6d:bf:90:21:ae:cc:26:
                    0d:30:95:2f:7e:86:36:c0:de:dc:5f:74:9a:70:0a:
                    3e:11:b2:42:32:0d:a4:64:34:85:a4:06:4f:99:8c:
                    ea:28:63:84:94:a6:3b:56:c5:5f:34:55:bd:35:c0:
                    85:4d:76:14:56:10:99:7c:38:7e:93:d1:9c:ea:30:
                    4b:b3:6a:72:88:c5:0d:60:e7:27:67:cd:f9:5b:5d:
                    b3:e3:dc:fb:39:aa:39:b5:1f:b0:d4:3f:57:9a:b8:
                    7e:eb:fa:9f:b5:38:07:92:15:55:79:7c:55:5b:7d:
                    88:7b:2b:7e:22:cc:60:ef:ee:68:1e:4d:37:e7:9c:
                    b6:bc:6b:35:a3:8f:af:3b:c3:6d:7a:6e:ea:15:ce:
                    a5:e2:04:b9:3e:7e:68:db:3a:16:e6:3d:e0:a2:61:
                    f3:8c:7a:d5:89:ee:02:83:c5:a4:77:43:08:4a:75:
                    c9:fe:3e:b1:34:f7:de:59:4f:cd:f3:d6:ef:13:e7:
                    9d:b7:29:5e:3b:b3:95:db:da:1e:9c:5b:c7:63:dd:
                    80:2e:a1:0a:5f:68:82:42:d2:7e:ed:39:f4:13:f9:
                    4d:c0:9a:fb:b2:65:4e:3a:b3:c4:b9:96:e2:a7:e6:
                    ff:98:2c:9b:ca:d1:66:86:a3:1b:f9:53:05:26:79:
                    a1:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:FF:8A:AE:52:42:5F:EA:03:80:2A:1A:D5:6C:F7:C5:0D:5C:AA:4E
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/C_-KrlJCX-oDgCoa1Wz3xQ1cqk4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:4e:92:ad:36:d1:15:ea:8a:e4:32:ff:dc:7a:ef:c6:a8:a0:
         ad:46:8d:38:2c:79:29:a0:31:cd:9c:09:6f:96:22:70:f1:5d:
         32:0f:cb:b4:ad:57:41:5e:ac:5b:6f:b5:e1:94:c1:1b:f6:f7:
         32:73:44:f7:96:60:75:01:9f:3b:52:ff:9c:db:f6:b4:9b:70:
         a5:68:97:23:20:a4:24:ee:a1:26:85:2a:5e:5e:58:b0:c0:9d:
         b2:d6:58:74:ed:13:9d:48:e6:1c:fb:f7:fb:bb:ee:bb:39:39:
         f0:5e:38:5c:25:9f:36:02:9c:19:33:e1:6e:5a:8a:08:a7:41:
         f5:4d:4a:34:2b:1d:15:16:a7:f4:10:cd:da:4b:56:b9:2b:fc:
         f5:54:ec:9e:22:14:9d:3b:7d:52:71:dc:66:e2:ef:c0:77:d4:
         80:ca:b4:aa:c9:2f:70:98:72:5d:ea:72:71:21:3a:2c:5d:a0:
         f6:22:ca:ee:98:12:6f:c9:6d:ed:fb:67:9a:53:c1:7a:aa:eb:
         a6:d3:f1:af:93:1d:0a:45:13:8c:7c:0b:11:41:11:68:46:ac:
         cf:24:3f:bc:7b:19:aa:f7:80:45:e2:f4:fc:85:f4:1f:29:d6:
         f8:76:59:12:41:e9:af:2d:99:00:6f:00:51:75:c2:62:6a:48:
         93:e2:3c:31
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdKAo7ddpgWJPNodm/mTEI2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDA0MDIwNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmZmOGFhZTUyNDI1ZmVhMDM4MDJhMWFkNTZjZjdjNTBkNWNhYTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAju7wlm+Es22/kCGuzCYNMJUvfoY2
wN7cX3SacAo+EbJCMg2kZDSFpAZPmYzqKGOElKY7VsVfNFW9NcCFTXYUVhCZfDh+
k9Gc6jBLs2pyiMUNYOcnZ835W12z49z7Oao5tR+w1D9Xmrh+6/qftTgHkhVVeXxV
W32Ieyt+Isxg7+5oHk0355y2vGs1o4+vO8Ntem7qFc6l4gS5Pn5o2zoW5j3gomHz
jHrVie4Cg8Wkd0MISnXJ/j6xNPfeWU/N89bvE+edtyleO7OV29oenFvHY92ALqEK
X2iCQtJ+7Tn0E/lNwJr7smVOOrPEuZbip+b/mCybytFmhqMb+VMFJnmhmQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAv/iq5SQl/qA4AqGtVs98UNXKpOMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQ18tS3JsSkNYLW9EZ0NvYTFXejN4UTFjcWs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHBOkq020RXqiuQy/9x6
78aooK1GjTgseSmgMc2cCW+WInDxXTIPy7StV0FerFtvteGUwRv29zJzRPeWYHUB
nztS/5zb9rSbcKVolyMgpCTuoSaFKl5eWLDAnbLWWHTtE51I5hz79/u77rs5OfBe
OFwlnzYCnBkz4W5aiginQfVNSjQrHRUWp/QQzdpLVrkr/PVU7J4iFJ07fVJx3Gbi
78B31IDKtKrJL3CYcl3qcnEhOixdoPYiyu6YEm/Jbe37Z5pTwXqq66bT8a+THQpF
E4x8CxFBEWhGrM8kP7x7Gar3gEXi9PyF9B8p1vh2WRJB6a8tmQBvAFF1wmJqSJPi
PDE=
-----END CERTIFICATE-----