Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ITy90N5GTBvyT7v_YhDWsMVBlHE.roa
File:                     ITy90N5GTBvyT7v_YhDWsMVBlHE.roa (raw, json)
Hash identifier:          RU/d6MDOgLqFMG/p0Jg5sR9rXDDY8w0RIZ3wKcXafb8=
Subject key identifier:   21:3C:BD:D0:DE:46:4C:1B:F2:4F:BB:FF:62:10:D6:B0:C5:41:94:71
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188B8BB9EADCE634FC98C0A090BA6979990
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ITy90N5GTBvyT7v_YhDWsMVBlHE.roa
Signing time:             Wed 14 Jun 2023 07:08:03 +0000
ROA not before:           Wed 14 Jun 2023 07:08:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:b8:bb:9e:ad:ce:63:4f:c9:8c:0a:09:0b:a6:97:99:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 14 07:08:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=213cbdd0de464c1bf24fbbff6210d6b0c5419471
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:3d:25:14:e2:3c:48:fd:b4:ba:f1:29:59:66:
                    c6:18:67:72:56:4c:e9:52:ef:29:27:03:3c:33:ab:
                    22:b8:d0:ce:a8:6b:a8:20:b8:ff:0d:5f:42:54:82:
                    55:8c:13:d0:2c:c3:24:c3:81:1b:37:fb:ca:50:78:
                    10:36:6b:51:b5:1a:23:88:9e:2d:a6:5f:8d:fa:84:
                    b2:9b:cf:31:d6:db:b7:f6:5a:8d:45:d7:5a:5c:31:
                    f6:dd:c6:68:c2:53:7d:f9:2a:fe:74:63:37:ff:34:
                    c2:8f:f6:58:f0:ce:b6:7b:ad:56:8c:aa:ec:1a:9c:
                    bd:03:bb:92:98:02:fa:de:8e:a4:2c:11:fc:7f:bb:
                    ff:c3:84:57:75:54:a4:45:d1:ee:d2:49:87:3f:5c:
                    4c:81:34:eb:2a:22:1c:96:5c:7e:12:05:6b:c3:4e:
                    23:2d:93:41:92:34:7a:f2:0f:92:87:f7:85:44:ba:
                    7f:71:8b:3a:3a:d8:d5:83:40:31:cd:19:60:5d:df:
                    e9:22:4e:aa:a4:c9:7f:c4:f8:fe:ab:d1:8b:f0:6b:
                    06:40:4a:ea:37:02:63:c2:dd:1b:e3:59:16:c2:a6:
                    68:f0:7f:1c:53:03:41:9a:b5:cf:30:5d:26:6e:50:
                    f1:3b:13:4f:bf:01:32:43:3f:88:aa:cb:6a:de:ee:
                    3e:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:3C:BD:D0:DE:46:4C:1B:F2:4F:BB:FF:62:10:D6:B0:C5:41:94:71
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ITy90N5GTBvyT7v_YhDWsMVBlHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         ae:e2:06:df:d4:3c:c8:f2:fd:75:b5:b9:72:70:6f:11:87:a2:
         6a:af:1c:fd:1f:d0:86:fd:f8:4f:de:08:a7:8d:a4:12:19:ec:
         79:aa:12:47:91:f7:2b:8b:30:ac:b8:5f:d1:63:8e:6b:a2:72:
         b8:5c:e8:c7:d5:04:48:02:3a:26:54:0d:c7:5e:31:e6:10:82:
         6c:cd:93:1b:a4:ab:e3:63:a9:07:28:1b:ab:e6:a9:91:b1:aa:
         49:07:a8:86:e0:84:f9:b5:67:4b:ea:9b:44:8b:03:e1:d6:6a:
         a2:c2:8c:53:80:f5:28:da:82:7c:09:0c:e8:78:e8:aa:2c:94:
         20:be:2c:fe:10:9d:3b:37:be:2b:d3:9d:9e:68:f4:80:52:f6:
         50:43:f9:87:79:09:3e:e9:ce:88:f8:d3:6d:84:d1:25:85:b7:
         27:bb:0a:a2:f1:a7:e6:a2:d9:b3:91:a2:11:39:d0:59:eb:ae:
         0f:c8:9d:a2:37:08:77:7f:12:be:b8:66:f7:e4:85:54:38:cf:
         3a:db:71:4c:ae:8a:49:1b:c5:9f:58:e9:3b:c5:0f:d7:d0:7d:
         63:7c:c6:89:9d:db:d9:67:bd:42:44:4e:b7:ae:9a:a3:2e:92:
         e1:89:d2:6f:45:9d:10:84:3a:85:f4:70:4e:fe:1b:7a:b8:22:
         f7:16:7d:c3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYi4u56tzmNPyYwKCQuml5mQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjE0MDcwODAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTNjYmRkMGRlNDY0YzFiZjI0ZmJiZmY2MjEwZDZiMGM1NDE5NDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApj0lFOI8SP20uvEpWWbGGGdyVkzp
Uu8pJwM8M6siuNDOqGuoILj/DV9CVIJVjBPQLMMkw4EbN/vKUHgQNmtRtRojiJ4t
pl+N+oSym88x1tu39lqNRddaXDH23cZowlN9+Sr+dGM3/zTCj/ZY8M62e61WjKrs
Gpy9A7uSmAL63o6kLBH8f7v/w4RXdVSkRdHu0kmHP1xMgTTrKiIcllx+EgVrw04j
LZNBkjR68g+Sh/eFRLp/cYs6OtjVg0AxzRlgXd/pIk6qpMl/xPj+q9GL8GsGQErq
NwJjwt0b41kWwqZo8H8cUwNBmrXPMF0mblDxOxNPvwEyQz+Iqstq3u4+BwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCE8vdDeRkwb8k+7/2IQ1rDFQZRxMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSVR5OTBONUdUQnZ5VDd2X1loRFdzTVZCbEhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAK7iBt/UPMjy/XW1uXJw
bxGHomqvHP0f0Ib9+E/eCKeNpBIZ7HmqEkeR9yuLMKy4X9Fjjmuicrhc6MfVBEgC
OiZUDcdeMeYQgmzNkxukq+NjqQcoG6vmqZGxqkkHqIbghPm1Z0vqm0SLA+HWaqLC
jFOA9SjagnwJDOh46KoslCC+LP4QnTs3vivTnZ5o9IBS9lBD+Yd5CT7pzoj4022E
0SWFtye7CqLxp+ai2bORohE50Fnrrg/InaI3CHd/Er64ZvfkhVQ4zzrbcUyuikkb
xZ9Y6TvFD9fQfWN8xomd29lnvUJETreumqMukuGJ0m9FnRCEOoX0cE7+G3q4IvcW
fcM=
-----END CERTIFICATE-----