Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Hoj1PQtx5DMTy3qmXM7doXmfiUQ.roa
File:                     Hoj1PQtx5DMTy3qmXM7doXmfiUQ.roa (raw, json)
Hash identifier:          mKVb5mmSQMUF96ULxFfnOc1A0iVIRpzu7R0cLw1R/6Y=
Subject key identifier:   1E:88:F5:3D:0B:71:E4:33:13:CB:7A:A6:5C:CE:DD:A1:79:9F:89:44
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188AB6F27F6E72B01C02A680101746EB21B
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Hoj1PQtx5DMTy3qmXM7doXmfiUQ.roa
Signing time:             Sun 11 Jun 2023 17:09:28 +0000
ROA not before:           Sun 11 Jun 2023 17:09:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:ab:6f:27:f6:e7:2b:01:c0:2a:68:01:01:74:6e:b2:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 11 17:09:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1e88f53d0b71e43313cb7aa65ccedda1799f8944
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:5b:03:56:a9:79:a9:52:9c:cf:11:ba:e9:39:
                    ef:d0:de:c2:eb:fd:61:3c:30:4d:dc:9f:c7:05:fa:
                    11:26:bd:7f:e2:bf:9b:6b:76:2c:2e:cd:3c:15:b6:
                    2b:0c:90:14:db:05:0f:3c:60:a0:26:14:9e:6c:f7:
                    bd:d6:a2:4b:fc:d1:06:be:6f:a9:ec:b5:91:48:46:
                    56:b7:19:d0:11:58:df:1d:b8:08:04:54:5b:c0:40:
                    00:96:83:2b:0a:4f:5f:c5:0d:a2:f4:55:3e:b4:80:
                    eb:7e:38:89:98:3c:2f:74:b7:ab:d1:fd:44:76:ac:
                    03:3d:e6:8d:49:bd:5c:f1:6e:bc:89:f1:b2:cc:e4:
                    a3:66:e1:37:37:1e:81:76:fd:45:1b:e7:14:53:11:
                    c4:d2:44:5e:85:ad:9a:ee:81:d0:cf:5f:62:81:26:
                    f9:3a:62:3c:2a:35:fd:e3:ab:b5:a4:98:e8:cf:9d:
                    f4:fa:a1:36:08:04:df:74:8e:c9:00:a8:93:19:74:
                    56:ba:71:94:39:2e:50:e9:b0:76:cd:eb:63:d3:8e:
                    5c:d8:a5:8f:53:a0:92:ab:36:64:5f:b0:e6:53:0f:
                    59:f6:97:f5:bf:84:e1:41:09:27:fd:c2:f1:03:41:
                    14:5d:09:1d:e3:f6:29:43:8f:f3:ed:38:73:8b:b7:
                    fa:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:88:F5:3D:0B:71:E4:33:13:CB:7A:A6:5C:CE:DD:A1:79:9F:89:44
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Hoj1PQtx5DMTy3qmXM7doXmfiUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         65:42:ed:47:08:d6:db:93:0d:44:4c:99:04:01:f5:f1:8e:9e:
         35:1a:9d:ad:b2:4a:95:ed:79:b9:8f:45:7f:3b:99:5f:b8:77:
         44:40:74:b6:a4:95:b4:d5:21:b3:1e:b7:13:88:9a:41:de:7a:
         78:17:09:53:7c:8c:57:c8:4e:4b:f9:34:41:2b:06:a4:b5:ec:
         e4:1f:66:23:c6:30:0d:31:a6:04:be:54:91:9e:9e:8f:31:fd:
         e5:d2:99:63:02:09:5b:36:c5:55:80:a6:9f:f7:5e:91:12:36:
         65:94:3f:49:7d:9b:5c:2b:ef:73:ee:98:5d:4e:b8:47:72:8a:
         aa:98:2e:cb:1f:b2:c3:79:1d:85:91:6b:af:a0:8d:e9:16:e6:
         df:96:d5:cd:70:da:95:90:01:01:be:f5:2a:30:6e:2a:7e:30:
         45:91:74:bb:ec:5d:28:05:5e:ef:10:48:eb:68:c0:36:a2:e7:
         20:d3:63:87:dc:a6:13:b0:ac:74:ad:e8:51:f0:b5:00:e6:ad:
         a9:46:4a:7a:94:7f:82:b9:61:f9:7a:5f:e6:1c:62:e7:04:3b:
         ef:10:84:de:30:e3:20:78:19:cc:61:a3:cc:68:5a:86:33:e4:
         71:ae:ba:72:50:26:d4:90:a5:ba:42:a2:f0:df:eb:25:49:b2:
         ba:e9:0a:e6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYirbyf25ysBwCpoAQF0brIbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjExMTcwOTI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTg4ZjUzZDBiNzFlNDMzMTNjYjdhYTY1Y2NlZGRhMTc5OWY4OTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhlsDVql5qVKczxG66Tnv0N7C6/1h
PDBN3J/HBfoRJr1/4r+ba3YsLs08FbYrDJAU2wUPPGCgJhSebPe91qJL/NEGvm+p
7LWRSEZWtxnQEVjfHbgIBFRbwEAAloMrCk9fxQ2i9FU+tIDrfjiJmDwvdLer0f1E
dqwDPeaNSb1c8W68ifGyzOSjZuE3Nx6Bdv1FG+cUUxHE0kReha2a7oHQz19igSb5
OmI8KjX946u1pJjoz530+qE2CATfdI7JAKiTGXRWunGUOS5Q6bB2zetj045c2KWP
U6CSqzZkX7DmUw9Z9pf1v4ThQQkn/cLxA0EUXQkd4/YpQ4/z7Thzi7f65wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFB6I9T0LceQzE8t6plzO3aF5n4lEMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSG9qMVBRdHg1RE1UeTNxbVhNN2RvWG1maVVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGVC7UcI1tuTDURMmQQB
9fGOnjUana2ySpXtebmPRX87mV+4d0RAdLaklbTVIbMetxOImkHeengXCVN8jFfI
Tkv5NEErBqS17OQfZiPGMA0xpgS+VJGeno8x/eXSmWMCCVs2xVWApp/3XpESNmWU
P0l9m1wr73PumF1OuEdyiqqYLssfssN5HYWRa6+gjekW5t+W1c1w2pWQAQG+9Sow
bip+MEWRdLvsXSgFXu8QSOtowDai5yDTY4fcphOwrHSt6FHwtQDmralGSnqUf4K5
Yfl6X+YcYucEO+8QhN4w4yB4Gcxho8xoWoYz5HGuunJQJtSQpbpCovDf6yVJsrrp
CuY=
-----END CERTIFICATE-----