Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/HWYIRtqlZsz0fNhmoLIEwdt9l-4.roa
File:                     HWYIRtqlZsz0fNhmoLIEwdt9l-4.roa (raw, json)
Hash identifier:          FIEGHKLeCln9xS8DOsrQfFS4ljlPxbosLAxUzB0bOIs=
Subject key identifier:   1D:66:08:46:DA:A5:66:CC:F4:7C:D8:66:A0:B2:04:C1:DB:7D:97:EE
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01893C4A01F370EE82C0C42CE995BBC564A1
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/HWYIRtqlZsz0fNhmoLIEwdt9l-4.roa
Signing time:             Sun 09 Jul 2023 20:13:50 +0000
ROA not before:           Sun 09 Jul 2023 20:13:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:3c:4a:01:f3:70:ee:82:c0:c4:2c:e9:95:bb:c5:64:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul  9 20:13:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1d660846daa566ccf47cd866a0b204c1db7d97ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c4:85:f7:fb:8c:e8:8e:52:23:77:7a:17:0d:
                    6c:02:7f:08:b0:dc:1a:57:ea:02:1d:93:2f:1f:7d:
                    1a:ac:07:f1:37:fe:c9:90:69:54:9b:21:b3:93:7f:
                    94:9f:97:57:cf:3f:4d:89:9d:3f:7e:f8:b1:9d:03:
                    57:39:3d:0e:9b:41:4e:12:ae:01:15:75:8a:1e:e9:
                    a2:82:8d:c3:b4:e9:86:bc:fa:38:7a:07:ac:e9:ad:
                    c7:dd:72:e1:66:ed:bb:78:3e:85:0f:af:33:63:ff:
                    a4:f4:06:d6:c4:18:72:65:53:be:a1:13:95:d8:0b:
                    82:b4:1d:ae:92:8d:b5:ad:04:b4:ea:46:20:f8:08:
                    8d:95:f4:a3:b4:6a:a7:b7:45:bc:6e:e9:19:9d:b5:
                    12:4a:40:8d:b7:66:30:79:41:1e:41:5f:e6:6d:06:
                    d1:95:18:1a:a2:94:c9:7d:0b:a4:95:6a:ab:d0:2c:
                    dd:02:c6:50:34:b5:45:de:51:cf:17:f4:a8:51:ca:
                    63:8b:d2:93:a0:98:0c:64:93:e5:2e:cd:37:29:0f:
                    d6:70:05:6e:e8:fe:5d:23:dd:51:76:3a:a2:f0:77:
                    6f:57:e9:c3:b9:7e:6f:e8:f2:1f:6a:39:f9:e5:91:
                    de:60:3b:9f:2d:98:6b:53:7e:be:16:1e:32:f5:a6:
                    eb:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:66:08:46:DA:A5:66:CC:F4:7C:D8:66:A0:B2:04:C1:DB:7D:97:EE
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/HWYIRtqlZsz0fNhmoLIEwdt9l-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         59:f2:89:a3:11:07:38:8c:bb:be:0d:47:e1:bf:44:f8:31:15:
         51:52:91:8a:d4:4f:a8:a2:98:f3:fd:21:1c:7e:f2:e8:0b:3d:
         14:61:71:da:1b:9d:a4:f6:41:3b:65:93:ba:fd:bb:bb:19:66:
         cf:32:0a:24:92:8f:da:f8:d5:0a:fb:4f:ac:7e:3c:70:07:7b:
         e6:5f:fd:6f:b8:4a:35:36:13:ab:25:37:f2:9c:13:0a:cd:8f:
         6a:49:68:38:d4:61:a9:32:f6:6c:db:b9:8e:76:80:5c:f9:41:
         7e:51:4a:c8:08:3d:79:ba:4c:43:1f:cb:2b:d5:df:4c:f9:a4:
         f5:c7:4d:eb:54:f0:14:4b:30:32:f8:cd:eb:eb:14:51:88:18:
         b2:9b:85:b7:98:eb:ef:b7:a7:ec:9c:fa:d1:4c:38:0b:c5:74:
         2e:e1:9b:ca:fe:06:a7:f6:6a:ab:4d:2e:3f:88:df:6b:59:48:
         47:e2:a1:b8:a1:ef:7f:f7:b7:0d:1f:04:5e:f2:c3:12:20:b1:
         4f:c9:8e:cd:73:f0:06:09:15:e8:7f:53:fa:0a:ee:99:15:3b:
         60:5c:fa:fd:01:6e:bc:1d:dc:83:41:be:fb:41:e4:78:f1:01:
         7a:ed:fd:0e:07:e9:52:e1:91:39:34:92:83:97:44:65:71:59:
         b0:43:ca:08
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYk8SgHzcO6CwMQs6ZW7xWShMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzA5MjAxMzUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDY2MDg0NmRhYTU2NmNjZjQ3Y2Q4NjZhMGIyMDRjMWRiN2Q5N2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsSF9/uM6I5SI3d6Fw1sAn8IsNwa
V+oCHZMvH30arAfxN/7JkGlUmyGzk3+Un5dXzz9NiZ0/fvixnQNXOT0Om0FOEq4B
FXWKHumigo3DtOmGvPo4eges6a3H3XLhZu27eD6FD68zY/+k9AbWxBhyZVO+oROV
2AuCtB2uko21rQS06kYg+AiNlfSjtGqnt0W8bukZnbUSSkCNt2YweUEeQV/mbQbR
lRgaopTJfQuklWqr0CzdAsZQNLVF3lHPF/SoUcpji9KToJgMZJPlLs03KQ/WcAVu
6P5dI91Rdjqi8HdvV+nDuX5v6PIfajn55ZHeYDufLZhrU36+Fh4y9abrvQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFB1mCEbapWbM9HzYZqCyBMHbfZfuMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSFdZSVJ0cWxac3owZk5obW9MSUV3ZHQ5bC00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFnyiaMRBziMu74NR+G/
RPgxFVFSkYrUT6iimPP9IRx+8ugLPRRhcdobnaT2QTtlk7r9u7sZZs8yCiSSj9r4
1Qr7T6x+PHAHe+Zf/W+4SjU2E6slN/KcEwrNj2pJaDjUYaky9mzbuY52gFz5QX5R
SsgIPXm6TEMfyyvV30z5pPXHTetU8BRLMDL4zevrFFGIGLKbhbeY6++3p+yc+tFM
OAvFdC7hm8r+Bqf2aqtNLj+I32tZSEfiobih73/3tw0fBF7ywxIgsU/Jjs1z8AYJ
Feh/U/oK7pkVO2Bc+v0Bbrwd3INBvvtB5HjxAXrt/Q4H6VLhkTk0koOXRGVxWbBD
ygg=
-----END CERTIFICATE-----