Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/D68eSvEwjdLer72cJj112Th8PWk.roa
File:                     D68eSvEwjdLer72cJj112Th8PWk.roa (raw, json)
Hash identifier:          2J2y0foGhJpD1KDuv+ZOKy2L6ndREzJo4jgz2mqee3A=
Subject key identifier:   0F:AF:1E:4A:F1:30:8D:D2:DE:AF:BD:9C:26:3D:75:D9:38:7C:3D:69
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0189891958B6C376BD8AE03DE0962221BDA4
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/D68eSvEwjdLer72cJj112Th8PWk.roa
Signing time:             Mon 24 Jul 2023 18:11:26 +0000
ROA not before:           Mon 24 Jul 2023 18:11:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:89:19:58:b6:c3:76:bd:8a:e0:3d:e0:96:22:21:bd:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 24 18:11:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0faf1e4af1308dd2deafbd9c263d75d9387c3d69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:d4:fc:52:10:ee:a2:fe:69:c5:af:ca:9e:8a:
                    5b:6f:a6:82:9b:88:fb:0b:ea:ee:0f:8b:f4:26:b1:
                    aa:32:89:c9:d2:c0:e2:c4:46:6b:67:f4:08:89:a1:
                    07:c1:0d:84:7f:81:4c:a9:ce:5e:37:7f:29:20:b5:
                    26:e5:6f:e2:54:a4:9a:db:83:f6:99:a8:09:4a:68:
                    0a:13:47:66:1d:49:ae:16:86:1a:ce:cd:95:49:24:
                    73:1e:1b:a6:79:e8:9a:95:ed:f5:c7:7f:be:90:35:
                    c4:56:39:bd:49:ac:43:32:f9:59:f7:22:7e:18:9a:
                    70:09:f0:fb:b7:85:5f:a1:a6:7b:63:6f:96:80:ea:
                    f6:e1:a0:11:75:75:1d:84:a4:e8:d4:46:ef:c9:48:
                    42:22:3f:3b:b7:8c:bf:93:77:c1:6e:1f:02:53:4d:
                    b7:86:b6:a9:1e:e8:9b:6a:ed:cd:ca:ee:60:1c:79:
                    39:9a:8f:4a:f1:c2:b2:a3:18:57:d2:77:ae:7d:dc:
                    20:f2:1f:f5:af:15:f6:18:c7:42:f5:a9:7e:bd:a0:
                    c3:00:d8:5c:bb:4d:85:66:b4:91:8d:36:83:7c:0b:
                    fb:f7:7c:93:4f:7a:b9:01:e5:62:8b:42:78:f2:24:
                    08:a9:85:31:fa:17:bb:a2:a3:4b:10:05:65:4a:66:
                    4e:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:AF:1E:4A:F1:30:8D:D2:DE:AF:BD:9C:26:3D:75:D9:38:7C:3D:69
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/D68eSvEwjdLer72cJj112Th8PWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2f:61:71:68:e9:20:dc:2b:7c:a0:1f:c4:2f:14:9b:79:d4:06:
         8d:60:ba:c7:f9:23:44:db:14:c1:ec:bf:58:a0:92:cb:a4:4d:
         d4:dc:30:e4:1e:99:cb:d1:94:32:2d:53:c8:12:38:31:cc:4d:
         6d:3b:c5:ea:fe:6b:ee:a2:67:e9:38:a8:c9:03:85:42:e4:b8:
         56:48:88:06:af:46:c5:60:df:e3:73:e3:b3:b8:b1:c7:93:6a:
         50:b1:ea:cf:00:6e:83:48:ef:3e:82:a7:e6:b1:0d:74:e3:7d:
         d7:cf:84:43:68:0e:bd:3a:4d:4d:fe:08:df:e1:ac:41:03:0c:
         6b:09:b6:cd:89:cb:16:a6:91:a8:a1:2f:25:96:4f:6b:8f:77:
         e2:09:db:21:33:0a:47:66:2d:cc:2f:77:6a:e6:0c:21:40:d5:
         d3:ab:20:ba:ed:82:c5:c8:10:12:9b:7a:a9:50:70:f7:27:a1:
         84:ac:54:39:92:bc:2c:3c:85:73:c5:9f:32:57:4b:ab:62:68:
         b6:ed:28:ff:84:75:10:f4:a9:40:92:68:c7:39:78:f7:84:a2:
         0a:48:d6:18:92:8b:90:1f:c8:21:61:39:65:32:68:52:69:03:
         49:ac:95:9a:66:58:69:3a:2e:76:e2:c3:d8:c4:5e:39:c3:27:
         f4:95:d2:8c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYmJGVi2w3a9iuA94JYiIb2kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzI0MTgxMTI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmFmMWU0YWYxMzA4ZGQyZGVhZmJkOWMyNjNkNzVkOTM4N2MzZDY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhdT8UhDuov5pxa/Knopbb6aCm4j7
C+ruD4v0JrGqMonJ0sDixEZrZ/QIiaEHwQ2Ef4FMqc5eN38pILUm5W/iVKSa24P2
magJSmgKE0dmHUmuFoYazs2VSSRzHhumeeiale31x3++kDXEVjm9SaxDMvlZ9yJ+
GJpwCfD7t4VfoaZ7Y2+WgOr24aARdXUdhKTo1EbvyUhCIj87t4y/k3fBbh8CU023
hrapHuibau3Nyu5gHHk5mo9K8cKyoxhX0neufdwg8h/1rxX2GMdC9al+vaDDANhc
u02FZrSRjTaDfAv793yTT3q5AeVii0J48iQIqYUx+he7oqNLEAVlSmZOKQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFA+vHkrxMI3S3q+9nCY9ddk4fD1pMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvRDY4ZVN2RXdqZExlcjcyY0pqMTEyVGg4UFdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAC9hcWjpINwrfKAfxC8U
m3nUBo1gusf5I0TbFMHsv1igksukTdTcMOQemcvRlDItU8gSODHMTW07xer+a+6i
Z+k4qMkDhULkuFZIiAavRsVg3+Nz47O4sceTalCx6s8AboNI7z6Cp+axDXTjfdfP
hENoDr06TU3+CN/hrEEDDGsJts2JyxamkaihLyWWT2uPd+IJ2yEzCkdmLcwvd2rm
DCFA1dOrILrtgsXIEBKbeqlQcPcnoYSsVDmSvCw8hXPFnzJXS6tiaLbtKP+EdRD0
qUCSaMc5ePeEogpI1hiSi5AfyCFhOWUyaFJpA0mslZpmWGk6Lnbiw9jEXjnDJ/SV
0ow=
-----END CERTIFICATE-----