Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/I8jKrOgsNA7pe9uBPCdjH0rPU3A.roa
File:                     I8jKrOgsNA7pe9uBPCdjH0rPU3A.roa (raw, json)
Hash identifier:          1B1XRmgKGt2ONYFoDyZliw5GHSPl7yWaoNt6p5JYL1Y=
Subject key identifier:   23:C8:CA:AC:E8:2C:34:0E:E9:7B:DB:81:3C:27:63:1F:4A:CF:53:70
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0189360E3ECA0640314D74BEFFF7B23FB309
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/I8jKrOgsNA7pe9uBPCdjH0rPU3A.roa
Signing time:             Sat 08 Jul 2023 15:10:50 +0000
ROA not before:           Sat 08 Jul 2023 15:10:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:36:0e:3e:ca:06:40:31:4d:74:be:ff:f7:b2:3f:b3:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul  8 15:10:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=23c8caace82c340ee97bdb813c27631f4acf5370
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:42:44:71:aa:88:db:f3:1d:d9:f8:bb:96:98:
                    a9:05:a4:bd:82:39:f4:a7:c9:d9:f5:ab:b8:fb:41:
                    88:eb:a0:c3:42:24:82:13:11:97:5a:15:6c:9c:85:
                    72:7a:e5:1f:fe:4b:dc:85:63:61:a9:a8:58:bc:8d:
                    e7:fa:14:c3:a3:1b:f5:b4:78:f6:16:ae:23:ec:04:
                    dd:6b:46:6c:95:b9:7a:17:b4:32:be:45:d7:d4:10:
                    e0:80:0b:ef:be:0b:67:cd:9c:db:5b:12:5a:60:34:
                    71:51:6f:a7:5f:92:e2:fc:99:2c:0f:cc:07:78:fa:
                    92:11:64:0e:24:bb:66:25:f8:cc:85:c7:52:af:30:
                    a1:d9:1e:b0:47:04:b4:90:92:9e:40:bd:8a:c5:26:
                    7c:6a:f8:e2:0e:70:21:14:73:9c:db:da:0f:35:f8:
                    4c:87:c8:13:a4:16:38:ca:a5:3c:b3:e0:ca:e8:5d:
                    e1:83:83:e3:b2:1d:80:24:70:c2:3b:1d:6c:d1:2f:
                    51:69:1d:6b:a5:f7:7f:39:fa:c8:c7:47:6a:16:fa:
                    68:d6:13:15:34:83:4d:2d:f4:21:7b:84:d5:14:be:
                    bf:d4:55:82:7c:28:63:00:41:af:ee:79:72:39:2c:
                    68:bb:45:ee:cb:a3:98:0f:eb:e3:4d:e0:4b:02:e8:
                    b7:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:C8:CA:AC:E8:2C:34:0E:E9:7B:DB:81:3C:27:63:1F:4A:CF:53:70
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/I8jKrOgsNA7pe9uBPCdjH0rPU3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         49:72:fd:79:b5:e3:89:2a:04:7a:a2:0f:e5:1b:41:a3:6e:30:
         04:c8:e1:b4:2c:99:03:38:a1:d8:00:f9:49:c7:26:ec:f1:67:
         fd:46:21:f0:c9:d3:07:38:65:73:aa:c8:76:a5:a1:91:4f:fa:
         35:5d:ae:df:57:90:78:3c:85:67:ea:d0:05:7f:9c:f0:d8:db:
         26:31:14:82:a9:aa:72:13:cd:ce:77:ed:98:70:2a:f4:4b:af:
         1a:ab:11:89:02:b0:2e:74:9b:4c:4a:69:b8:a1:48:4a:bf:62:
         b8:d3:e9:e9:6a:f9:fa:7f:09:ec:93:91:47:f2:80:67:4c:d9:
         90:dc:92:ef:ef:cf:6f:cb:3a:3a:9a:ca:42:1f:3e:aa:e2:6b:
         0c:88:18:b5:c6:82:08:74:5c:fc:7f:0f:9a:34:d4:7c:78:8d:
         05:5b:c8:f7:d2:06:8d:80:e9:dd:12:df:76:c2:a2:c8:6a:aa:
         10:39:7c:84:bc:35:53:83:4d:04:0b:a7:bd:da:2b:37:73:70:
         54:3e:ad:3a:99:4c:72:d2:f3:b3:06:a0:04:04:df:2b:33:70:
         d7:ec:4f:b9:ea:38:ec:c6:fe:b4:f9:b2:9a:03:1e:8c:bc:43:
         1b:b9:c3:99:5e:10:6b:03:e9:65:55:bf:4c:e7:34:02:25:89:
         22:64:37:08
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYk2Dj7KBkAxTXS+//eyP7MJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzA4MTUxMDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2M4Y2FhY2U4MmMzNDBlZTk3YmRiODEzYzI3NjMxZjRhY2Y1MzcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEJEcaqI2/Md2fi7lpipBaS9gjn0
p8nZ9au4+0GI66DDQiSCExGXWhVsnIVyeuUf/kvchWNhqahYvI3n+hTDoxv1tHj2
Fq4j7ATda0Zslbl6F7QyvkXX1BDggAvvvgtnzZzbWxJaYDRxUW+nX5Li/JksD8wH
ePqSEWQOJLtmJfjMhcdSrzCh2R6wRwS0kJKeQL2KxSZ8avjiDnAhFHOc29oPNfhM
h8gTpBY4yqU8s+DK6F3hg4Pjsh2AJHDCOx1s0S9RaR1rpfd/OfrIx0dqFvpo1hMV
NINNLfQhe4TVFL6/1FWCfChjAEGv7nlyOSxou0Xuy6OYD+vjTeBLAui3DwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCPIyqzoLDQO6XvbgTwnYx9Kz1NwMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSThqS3JPZ3NOQTdwZTl1QlBDZGpIMHJQVTNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEly/Xm144kqBHqiD+Ub
QaNuMATI4bQsmQM4odgA+UnHJuzxZ/1GIfDJ0wc4ZXOqyHaloZFP+jVdrt9XkHg8
hWfq0AV/nPDY2yYxFIKpqnITzc537ZhwKvRLrxqrEYkCsC50m0xKabihSEq/YrjT
6elq+fp/CeyTkUfygGdM2ZDcku/vz2/LOjqaykIfPqriawyIGLXGggh0XPx/D5o0
1Hx4jQVbyPfSBo2A6d0S33bCoshqqhA5fIS8NVODTQQLp73aKzdzcFQ+rTqZTHLS
87MGoAQE3yszcNfsT7nqOOzG/rT5spoDHoy8Qxu5w5leEGsD6WVVv0znNAIliSJk
Nwg=
-----END CERTIFICATE-----