Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/IExjelj9iMR3aWP8rUbUaXL6u-A.roa
File:                     IExjelj9iMR3aWP8rUbUaXL6u-A.roa (raw, json)
Hash identifier:          01aMTg5k6G8JNvbhQNF2IMOEw9RJYY5QKMbLTQJr+9w=
Subject key identifier:   20:4C:63:7A:58:FD:88:C4:77:69:63:FC:AD:46:D4:69:72:FA:BB:E0
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018884993216BD9C2D4DA29213913CA25CEF
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/IExjelj9iMR3aWP8rUbUaXL6u-A.roa
Signing time:             Sun 04 Jun 2023 04:10:12 +0000
ROA not before:           Sun 04 Jun 2023 04:10:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:84:99:32:16:bd:9c:2d:4d:a2:92:13:91:3c:a2:5c:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  4 04:10:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=204c637a58fd88c4776963fcad46d46972fabbe0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:58:03:4f:29:00:41:d1:f4:ae:8e:e2:4e:05:
                    ed:27:2a:be:48:5b:c9:fb:95:43:b6:47:3e:ec:5d:
                    fb:80:c4:7f:c7:b5:07:27:20:aa:2a:ee:b6:1a:98:
                    13:1d:ef:46:4c:ba:d4:61:98:25:3e:a3:38:26:ec:
                    1f:fb:f8:87:3b:7b:27:45:cc:ef:52:ad:ab:1a:08:
                    87:5d:8f:63:78:8b:8e:bb:d2:78:28:4f:62:48:bd:
                    84:57:7d:ad:f1:3b:71:40:1d:02:16:21:89:3e:00:
                    61:8b:cf:9a:91:2d:64:72:5e:5d:1d:f9:0b:d7:d7:
                    d6:4c:30:c1:90:5f:66:05:25:d9:36:92:33:32:33:
                    4c:fd:e8:f0:bf:08:38:50:ea:ab:83:e8:37:9c:a8:
                    61:12:75:34:01:fc:f5:4c:f1:ad:ea:ff:a8:b8:9f:
                    f6:30:0b:87:bc:60:15:05:67:21:4b:6e:42:c6:e0:
                    e6:48:dc:d3:94:a8:02:56:2e:37:34:cc:b7:ba:c5:
                    b8:2c:28:84:32:df:f7:f3:03:28:7e:5c:c5:a5:32:
                    2b:61:b4:22:27:5f:63:2a:09:e4:5a:a9:18:00:07:
                    17:c1:d8:cc:29:28:ab:64:7f:c4:79:ce:11:31:69:
                    85:d6:ef:18:68:56:d2:80:c5:01:0e:93:03:34:a1:
                    1a:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:4C:63:7A:58:FD:88:C4:77:69:63:FC:AD:46:D4:69:72:FA:BB:E0
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/IExjelj9iMR3aWP8rUbUaXL6u-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         1d:c7:5a:d7:3a:02:16:47:5c:e2:a1:c6:35:2e:6b:b8:30:e8:
         08:fc:a5:25:c9:78:c5:5e:8f:85:58:4f:03:b0:24:8d:30:9d:
         31:bb:b2:86:55:da:fd:83:a0:63:e9:6d:d4:e5:e6:9e:23:76:
         ec:8e:3e:01:e9:10:ae:bf:66:a4:89:2c:9a:4c:0b:ac:6a:83:
         a8:dd:48:86:c5:f1:10:7a:53:c5:bd:24:5c:38:69:01:f0:47:
         50:86:b8:07:92:75:98:c8:cd:99:a4:e6:2b:0e:dc:5f:d6:8c:
         b6:1b:92:98:be:d4:2c:62:80:c1:2b:71:64:7a:02:21:2a:af:
         4c:d6:fd:26:1e:a1:27:56:49:71:d5:73:39:62:ac:6a:91:b4:
         d2:17:08:c9:62:57:1d:dc:b4:4d:cb:59:86:fa:be:73:0a:a9:
         da:93:8d:8b:7e:ca:38:1f:eb:fa:03:66:74:7e:f5:5e:64:83:
         f0:cd:2c:0f:a6:55:ae:c3:67:b0:c3:05:55:a7:35:68:bd:9f:
         3b:39:c4:3b:f1:83:63:61:d4:84:db:57:d5:8c:6b:dc:40:52:
         e8:be:34:93:8e:8c:dc:f0:c0:f1:26:51:dc:09:27:aa:60:57:
         6c:da:c2:62:e2:dc:78:e6:2b:ad:74:7b:7e:79:7d:fa:46:24:
         97:89:a3:c4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiEmTIWvZwtTaKSE5E8olzvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA0MDQxMDEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDRjNjM3YTU4ZmQ4OGM0Nzc2OTYzZmNhZDQ2ZDQ2OTcyZmFiYmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhFgDTykAQdH0ro7iTgXtJyq+SFvJ
+5VDtkc+7F37gMR/x7UHJyCqKu62GpgTHe9GTLrUYZglPqM4Juwf+/iHO3snRczv
Uq2rGgiHXY9jeIuOu9J4KE9iSL2EV32t8TtxQB0CFiGJPgBhi8+akS1kcl5dHfkL
19fWTDDBkF9mBSXZNpIzMjNM/ejwvwg4UOqrg+g3nKhhEnU0Afz1TPGt6v+ouJ/2
MAuHvGAVBWchS25CxuDmSNzTlKgCVi43NMy3usW4LCiEMt/38wMoflzFpTIrYbQi
J19jKgnkWqkYAAcXwdjMKSirZH/Eec4RMWmF1u8YaFbSgMUBDpMDNKEavQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCBMY3pY/YjEd2lj/K1G1Gly+rvgMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSUV4amVsajlpTVIzYVdQOHJVYlVhWEw2dS1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAB3HWtc6AhZHXOKhxjUu
a7gw6Aj8pSXJeMVej4VYTwOwJI0wnTG7soZV2v2DoGPpbdTl5p4jduyOPgHpEK6/
ZqSJLJpMC6xqg6jdSIbF8RB6U8W9JFw4aQHwR1CGuAeSdZjIzZmk5isO3F/WjLYb
kpi+1CxigMErcWR6AiEqr0zW/SYeoSdWSXHVczlirGqRtNIXCMliVx3ctE3LWYb6
vnMKqdqTjYt+yjgf6/oDZnR+9V5kg/DNLA+mVa7DZ7DDBVWnNWi9nzs5xDvxg2Nh
1ITbV9WMa9xAUui+NJOOjNzwwPEmUdwJJ6pgV2zawmLi3HjmK610e355ffpGJJeJ
o8Q=
-----END CERTIFICATE-----