Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/IKNji5NvIU9XiT4PiLJO_ky9y0I.roa
File:                     IKNji5NvIU9XiT4PiLJO_ky9y0I.roa (raw, json)
Hash identifier:          HJXpGvLm0t8QV/AVuB9EnsHDxE05Un09UWoHWYXjrLI=
Subject key identifier:   20:A3:63:8B:93:6F:21:4F:57:89:3E:0F:88:B2:4E:FE:4C:BD:CB:42
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018804102FE600A64EECBA5F6F1A7DA26CE1
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/IKNji5NvIU9XiT4PiLJO_ky9y0I.roa
Signing time:             Wed 10 May 2023 05:09:09 +0000
ROA not before:           Wed 10 May 2023 05:09:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:04:10:2f:e6:00:a6:4e:ec:ba:5f:6f:1a:7d:a2:6c:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 10 05:09:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=20a3638b936f214f57893e0f88b24efe4cbdcb42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:8e:ab:29:30:99:b7:d5:3c:4a:5a:fc:0a:1e:
                    09:72:16:d2:35:ed:2b:61:96:d4:67:fa:ce:2e:d1:
                    76:19:d6:62:86:13:24:ce:7e:9a:97:df:c7:49:68:
                    7a:e4:fc:72:bb:bc:86:73:18:ba:4f:73:3d:48:4d:
                    73:66:53:6f:cd:98:b1:4d:c4:7b:9d:fc:4a:0c:ef:
                    b0:a5:2f:b6:cf:ee:71:42:df:e8:98:5f:fa:e7:09:
                    52:33:6b:2a:eb:fe:9e:3c:c3:4f:15:94:39:69:b9:
                    3e:29:0a:7b:8b:f5:c3:76:ba:37:b8:88:31:80:a5:
                    ca:de:fa:7a:79:07:21:ed:7f:c5:ed:59:a3:d9:f8:
                    87:71:55:87:a9:8b:14:15:3b:50:40:61:84:65:3a:
                    92:8f:11:79:b0:e8:cb:b2:d6:96:c0:67:50:8e:20:
                    1e:7e:37:eb:44:10:59:51:f4:b5:17:cc:36:2d:bc:
                    a0:78:8c:d4:35:36:03:65:f8:9c:eb:17:65:db:5b:
                    fd:d7:76:38:5a:80:fa:27:f2:9d:41:81:7b:00:63:
                    de:2d:7b:a5:95:cc:02:7d:09:e3:27:d8:1a:73:61:
                    2c:f0:64:76:af:88:8f:6b:19:2e:ef:54:b2:d6:33:
                    c2:1f:b5:f9:79:bd:b1:5c:6c:a2:1b:17:2e:d7:b2:
                    26:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:A3:63:8B:93:6F:21:4F:57:89:3E:0F:88:B2:4E:FE:4C:BD:CB:42
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/IKNji5NvIU9XiT4PiLJO_ky9y0I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         19:e0:d0:23:fa:6d:fe:b7:f7:38:7e:36:5e:10:08:c1:0d:1a:
         5c:c6:97:d8:04:e9:e0:21:d4:db:20:86:5c:58:57:73:54:f8:
         b1:76:4a:20:d3:16:ad:0e:71:d4:c3:91:24:f0:ff:53:8d:6f:
         01:89:ba:db:6e:8b:aa:f6:c4:b9:a1:80:df:6a:de:0e:b0:3e:
         1b:3b:c7:96:87:b1:4a:81:7e:41:a1:c2:dc:bb:61:eb:0c:56:
         40:7c:b6:10:76:5b:4f:60:35:d0:29:d2:f8:db:8b:e1:e3:97:
         e5:42:d6:95:09:e6:06:54:84:ad:3d:d0:ec:dd:2c:4e:c0:fc:
         1f:f4:89:6a:79:2f:5c:41:69:8a:07:2b:79:a2:49:b2:0b:0d:
         1c:d5:9e:7a:47:d5:83:ec:7d:9d:39:3c:53:24:25:6b:7c:7e:
         d9:dd:e5:50:b8:03:aa:c4:91:cd:16:2e:ae:14:c9:f6:09:8c:
         02:5f:0d:6c:82:87:11:3b:4a:35:b1:7f:b0:6b:0c:aa:ff:4f:
         16:99:40:c0:db:72:33:90:02:7d:65:12:47:29:5d:f6:92:8b:
         0c:e3:ca:ee:b1:46:44:6f:8b:4b:7b:78:e8:ef:4e:a2:36:a8:
         21:cd:2f:7c:fe:33:03:29:b0:6a:45:a1:09:d5:b3:b8:75:95:
         af:34:d0:73
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgEEC/mAKZO7Lpfbxp9omzhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTEwMDUwOTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGEzNjM4YjkzNmYyMTRmNTc4OTNlMGY4OGIyNGVmZTRjYmRjYjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApI6rKTCZt9U8Slr8Ch4JchbSNe0r
YZbUZ/rOLtF2GdZihhMkzn6al9/HSWh65Pxyu7yGcxi6T3M9SE1zZlNvzZixTcR7
nfxKDO+wpS+2z+5xQt/omF/65wlSM2sq6/6ePMNPFZQ5abk+KQp7i/XDdro3uIgx
gKXK3vp6eQch7X/F7Vmj2fiHcVWHqYsUFTtQQGGEZTqSjxF5sOjLstaWwGdQjiAe
fjfrRBBZUfS1F8w2LbygeIzUNTYDZfic6xdl21v913Y4WoD6J/KdQYF7AGPeLXul
lcwCfQnjJ9gac2Es8GR2r4iPaxku71Sy1jPCH7X5eb2xXGyiGxcu17ImiwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCCjY4uTbyFPV4k+D4iyTv5MvctCMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSUtOamk1TnZJVTlYaVQ0UGlMSk9fa3k5eTBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABng0CP6bf639zh+Nl4Q
CMENGlzGl9gE6eAh1NsghlxYV3NU+LF2SiDTFq0OcdTDkSTw/1ONbwGJuttui6r2
xLmhgN9q3g6wPhs7x5aHsUqBfkGhwty7YesMVkB8thB2W09gNdAp0vjbi+Hjl+VC
1pUJ5gZUhK090OzdLE7A/B/0iWp5L1xBaYoHK3miSbILDRzVnnpH1YPsfZ05PFMk
JWt8ftnd5VC4A6rEkc0WLq4UyfYJjAJfDWyChxE7SjWxf7BrDKr/TxaZQMDbcjOQ
An1lEkcpXfaSiwzjyu6xRkRvi0t7eOjvTqI2qCHNL3z+MwMpsGpFoQnVs7h1la80
0HM=
-----END CERTIFICATE-----