Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CiKVkcrc37XVrULL0A3ns49Tvfc.roa
File:                     CiKVkcrc37XVrULL0A3ns49Tvfc.roa (raw, json)
Hash identifier:          x8R1PI6eDFDHBr4ZIj69WOpZM6+JQvGEHjMeotm1OMw=
Subject key identifier:   0A:22:95:91:CA:DC:DF:B5:D5:AD:42:CB:D0:0D:E7:B3:8F:53:BD:F7
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018859AE253486144890E35E75B8AC24028F
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CiKVkcrc37XVrULL0A3ns49Tvfc.roa
Signing time:             Fri 26 May 2023 20:09:24 +0000
ROA not before:           Fri 26 May 2023 20:09:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:59:ae:25:34:86:14:48:90:e3:5e:75:b8:ac:24:02:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 26 20:09:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0a229591cadcdfb5d5ad42cbd00de7b38f53bdf7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:33:b1:ba:b2:b9:89:6c:a9:30:12:22:2b:ac:
                    69:6a:bb:09:46:95:16:a4:d7:e9:7b:05:4d:d2:bb:
                    4e:1c:bc:be:0a:de:e0:7c:8e:15:80:1d:0c:df:eb:
                    d0:f6:06:10:26:fb:91:c8:50:84:89:08:bf:35:cf:
                    2f:ff:9f:11:da:ea:85:42:4d:66:fd:df:d8:48:79:
                    75:3d:08:9c:e0:8d:98:d0:74:66:80:e7:3d:22:44:
                    50:0e:3d:2f:75:89:fa:0f:32:f3:24:b9:ef:46:83:
                    78:d6:c9:71:de:22:ea:f0:cb:be:cb:16:7a:34:74:
                    49:53:4c:ca:86:0d:65:88:b3:7c:48:b5:95:57:a1:
                    c0:7b:ab:53:18:06:3f:97:fd:40:21:78:24:b7:f7:
                    dc:e0:2b:84:aa:f6:11:01:a2:ac:f4:1d:a2:15:29:
                    a1:74:e2:cd:66:2d:ce:4a:78:0a:82:d1:f9:29:2b:
                    2f:4e:66:02:53:0a:04:53:76:07:6d:28:98:e2:58:
                    18:9b:10:aa:5f:f3:c8:a4:6f:7e:79:57:34:c4:c2:
                    4b:78:b4:cc:85:3c:31:03:3e:ed:6e:06:75:5e:b4:
                    12:c0:89:d3:11:bf:bc:c1:62:8f:25:7d:ac:d7:b9:
                    11:e5:15:5b:0c:08:4d:2d:2d:5c:5f:bf:fb:69:04:
                    d1:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:22:95:91:CA:DC:DF:B5:D5:AD:42:CB:D0:0D:E7:B3:8F:53:BD:F7
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CiKVkcrc37XVrULL0A3ns49Tvfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         75:10:68:37:06:65:8d:52:ee:95:e7:07:e3:fc:8c:38:44:91:
         61:51:f8:e8:e9:6c:34:25:62:27:7b:e5:bd:41:88:02:85:4c:
         48:01:12:ce:a6:b5:45:82:94:0c:85:76:7f:23:7c:39:f6:95:
         d0:0e:cf:77:04:26:54:fc:a2:06:a7:25:b9:c9:0a:55:0f:46:
         de:5a:d0:9d:fe:74:a8:60:44:d4:54:ae:dd:7b:df:af:de:5b:
         57:1c:40:31:4c:5c:a5:80:3e:6b:19:6e:13:c3:db:57:a3:f7:
         d9:90:24:6c:2c:95:4d:a5:bd:74:04:eb:ee:ec:72:b6:8e:de:
         29:37:94:f2:23:78:a0:6a:c9:3b:2c:11:34:8f:7f:f1:89:09:
         54:e5:24:e3:ba:35:19:20:cf:40:9e:29:6a:80:61:5e:5c:47:
         dd:81:24:f2:9e:63:27:a6:c6:61:65:43:a8:52:e4:7a:be:62:
         ed:5c:ff:41:60:28:91:a9:9b:7b:06:0d:b6:58:e5:90:97:14:
         ef:64:78:76:03:a3:0a:1f:6c:f8:61:b6:c5:32:ef:a1:a0:84:
         5c:2d:85:99:d6:5e:fa:ff:7e:d0:96:b0:ff:ab:9a:1a:0f:2d:
         a3:78:6f:60:8f:0f:e0:03:1d:d1:ef:cb:92:ff:51:4c:9e:33:
         d5:63:3b:8a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhZriU0hhRIkONedbisJAKPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTI2MjAwOTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTIyOTU5MWNhZGNkZmI1ZDVhZDQyY2JkMDBkZTdiMzhmNTNiZGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0jOxurK5iWypMBIiK6xparsJRpUW
pNfpewVN0rtOHLy+Ct7gfI4VgB0M3+vQ9gYQJvuRyFCEiQi/Nc8v/58R2uqFQk1m
/d/YSHl1PQic4I2Y0HRmgOc9IkRQDj0vdYn6DzLzJLnvRoN41slx3iLq8Mu+yxZ6
NHRJU0zKhg1liLN8SLWVV6HAe6tTGAY/l/1AIXgkt/fc4CuEqvYRAaKs9B2iFSmh
dOLNZi3OSngKgtH5KSsvTmYCUwoEU3YHbSiY4lgYmxCqX/PIpG9+eVc0xMJLeLTM
hTwxAz7tbgZ1XrQSwInTEb+8wWKPJX2s17kR5RVbDAhNLS1cX7/7aQTRIwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAoilZHK3N+11a1Cy9AN57OPU733MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQ2lLVmtjcmMzN1hWclVMTDBBM25zNDlUdmZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHUQaDcGZY1S7pXnB+P8
jDhEkWFR+OjpbDQlYid75b1BiAKFTEgBEs6mtUWClAyFdn8jfDn2ldAOz3cEJlT8
oganJbnJClUPRt5a0J3+dKhgRNRUrt1736/eW1ccQDFMXKWAPmsZbhPD21ej99mQ
JGwslU2lvXQE6+7scraO3ik3lPIjeKBqyTssETSPf/GJCVTlJOO6NRkgz0CeKWqA
YV5cR92BJPKeYyemxmFlQ6hS5Hq+Yu1c/0FgKJGpm3sGDbZY5ZCXFO9keHYDowof
bPhhtsUy76GghFwthZnWXvr/ftCWsP+rmhoPLaN4b2CPD+ADHdHvy5L/UUyeM9Vj
O4o=
-----END CERTIFICATE-----