Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Gh-xE8JcbSMq-PY3DQDo-Y0dXyc.roa
File:                     Gh-xE8JcbSMq-PY3DQDo-Y0dXyc.roa (raw, json)
Hash identifier:          CaP6aDZ0Hq0DBqfLJ/DkNzSik/kg8ciqv+I+OsuDfQQ=
Subject key identifier:   1A:1F:B1:13:C2:5C:6D:23:2A:F8:F6:37:0D:00:E8:F9:8D:1D:5F:27
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188D0C5CCF5B608CE06B8FB3887FAF35710
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Gh-xE8JcbSMq-PY3DQDo-Y0dXyc.roa
Signing time:             Sun 18 Jun 2023 23:10:03 +0000
ROA not before:           Sun 18 Jun 2023 23:10:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:d0:c5:cc:f5:b6:08:ce:06:b8:fb:38:87:fa:f3:57:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 18 23:10:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1a1fb113c25c6d232af8f6370d00e8f98d1d5f27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:bd:54:05:1b:88:90:f6:d3:86:34:f7:d2:73:
                    6e:f1:a3:d7:59:65:32:67:65:02:d3:18:c1:5b:69:
                    66:50:0b:42:92:6d:6f:b3:69:54:4c:b2:2f:3f:de:
                    df:dc:63:fe:f0:5b:0b:27:3d:15:f8:16:af:ca:45:
                    b4:21:60:99:b8:94:73:f0:05:c7:ab:bb:7d:7e:6b:
                    98:cc:7c:ba:fd:3f:ab:dd:f4:1d:4a:ab:ea:61:7a:
                    ea:33:2e:71:0c:21:f8:dc:f2:ee:ab:a3:71:d8:5c:
                    fb:e0:c3:76:a8:c7:af:83:31:5d:a2:56:d1:2b:64:
                    71:58:3b:c2:a4:b4:42:e3:ee:a4:da:70:65:e3:00:
                    3b:c9:82:f0:51:29:94:36:5c:95:f6:2f:58:86:c1:
                    4b:a2:cb:79:4a:3a:8a:a4:d0:c2:59:7a:37:a9:a9:
                    e3:3e:43:d8:a6:73:a8:9d:35:14:27:28:2a:93:ca:
                    14:a4:cb:f1:65:58:5d:94:ac:02:c8:a2:e3:df:91:
                    3f:71:26:ed:83:cf:f4:9e:14:8c:75:5b:d0:62:a0:
                    45:0b:91:13:df:2c:7d:0e:68:8e:7f:1f:48:d6:44:
                    89:49:df:30:a1:75:3d:c7:b2:e9:ab:a4:84:ad:1f:
                    9f:65:21:53:2f:f6:93:49:ec:e7:8b:2a:59:16:ff:
                    74:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:1F:B1:13:C2:5C:6D:23:2A:F8:F6:37:0D:00:E8:F9:8D:1D:5F:27
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Gh-xE8JcbSMq-PY3DQDo-Y0dXyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         05:a1:27:ae:6d:13:08:f6:bd:20:f5:3a:09:ae:0e:e5:f0:e3:
         9c:f8:03:7f:f9:47:4e:32:d5:81:d4:db:7c:73:b4:79:1f:7d:
         bb:4f:99:34:c0:4c:da:c2:b8:60:ca:65:d1:c5:76:b3:d9:5b:
         14:75:eb:0d:0a:d6:f3:a5:be:8a:46:98:65:44:72:f0:df:c3:
         31:dc:00:85:76:f6:55:1d:25:b0:e8:07:cb:dd:7b:c3:6e:07:
         53:c4:61:af:b4:55:64:78:15:f7:a0:8e:a9:aa:4d:7a:e9:6f:
         d2:69:ba:ce:56:d0:be:fa:ca:d1:ba:e0:fc:67:25:31:3e:ae:
         b6:16:14:c9:84:9a:98:df:47:44:f9:5b:48:65:4b:6f:1f:21:
         44:b5:59:e1:3e:ed:04:e2:16:3e:b0:58:fe:f1:41:88:f3:1b:
         14:70:dd:5c:e8:2f:37:f7:b7:b6:06:61:49:07:4e:11:e3:8c:
         30:c6:a1:5e:75:40:72:d8:cb:62:3c:df:97:5f:a6:81:9f:df:
         ee:0e:7b:25:42:d9:a4:47:18:0c:5f:77:8c:e1:f4:6f:4b:ec:
         1e:bc:88:91:59:c0:4c:47:14:ea:52:3c:e3:2d:43:03:60:cf:
         37:7a:a4:7e:20:7e:62:0c:62:dd:2e:94:fe:8b:70:92:90:d7:
         02:9b:ca:ca
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYjQxcz1tgjOBrj7OIf681cQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjE4MjMxMDAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTFmYjExM2MyNWM2ZDIzMmFmOGY2MzcwZDAwZThmOThkMWQ1ZjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx71UBRuIkPbThjT30nNu8aPXWWUy
Z2UC0xjBW2lmUAtCkm1vs2lUTLIvP97f3GP+8FsLJz0V+BavykW0IWCZuJRz8AXH
q7t9fmuYzHy6/T+r3fQdSqvqYXrqMy5xDCH43PLuq6Nx2Fz74MN2qMevgzFdolbR
K2RxWDvCpLRC4+6k2nBl4wA7yYLwUSmUNlyV9i9YhsFLost5SjqKpNDCWXo3qanj
PkPYpnOonTUUJygqk8oUpMvxZVhdlKwCyKLj35E/cSbtg8/0nhSMdVvQYqBFC5ET
3yx9DmiOfx9I1kSJSd8woXU9x7Lpq6SErR+fZSFTL/aTSezniypZFv90vQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBofsRPCXG0jKvj2Nw0A6PmNHV8nMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvR2gteEU4SmNiU01xLVBZM0RRRG8tWTBkWHljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAWhJ65tEwj2vSD1Ogmu
DuXw45z4A3/5R04y1YHU23xztHkffbtPmTTATNrCuGDKZdHFdrPZWxR16w0K1vOl
vopGmGVEcvDfwzHcAIV29lUdJbDoB8vde8NuB1PEYa+0VWR4FfegjqmqTXrpb9Jp
us5W0L76ytG64PxnJTE+rrYWFMmEmpjfR0T5W0hlS28fIUS1WeE+7QTiFj6wWP7x
QYjzGxRw3VzoLzf3t7YGYUkHThHjjDDGoV51QHLYy2I835dfpoGf3+4OeyVC2aRH
GAxfd4zh9G9L7B68iJFZwExHFOpSPOMtQwNgzzd6pH4gfmIMYt0ulP6LcJKQ1wKb
yso=
-----END CERTIFICATE-----