Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/IXC9HGe2iVOOWuHctSq0RPMFyHM.roa
File:                     IXC9HGe2iVOOWuHctSq0RPMFyHM.roa (raw, json)
Hash identifier:          uJCy/ftxYCnqkypbPYQHCcro8YX3pLw8oAyZrrhcrz0=
Subject key identifier:   21:70:BD:1C:67:B6:89:53:8E:5A:E1:DC:B5:2A:B4:44:F3:05:C8:73
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01895F0DDD9EF2DDF7924D508C84900CD628
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/IXC9HGe2iVOOWuHctSq0RPMFyHM.roa
Signing time:             Sun 16 Jul 2023 14:14:51 +0000
ROA not before:           Sun 16 Jul 2023 14:14:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:5f:0d:dd:9e:f2:dd:f7:92:4d:50:8c:84:90:0c:d6:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 16 14:14:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2170bd1c67b689538e5ae1dcb52ab444f305c873
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:46:fc:05:c0:1a:06:eb:1f:08:40:e6:39:03:
                    99:8d:4b:77:01:09:21:ec:7a:2c:71:54:87:ae:cf:
                    6a:48:5f:6c:f8:95:e9:40:c8:79:3d:23:02:c3:00:
                    c2:02:44:5d:c4:ea:c9:34:29:9f:60:76:49:1a:a0:
                    f7:2c:f3:aa:d7:d6:1e:3d:49:72:e9:f1:a3:9a:dd:
                    66:cd:4c:5d:fc:6f:c2:a3:fb:13:ce:9b:a5:4c:58:
                    a3:06:ca:da:4a:78:a1:89:da:10:ed:74:c6:28:fa:
                    70:2f:85:f9:23:a8:47:83:8d:c9:9e:d4:c9:44:36:
                    07:d3:13:1c:7b:d5:e6:05:0e:03:35:61:46:3d:45:
                    d0:45:3e:9b:66:f8:ad:c6:2b:b2:fb:42:bc:4b:61:
                    ea:f8:7c:ea:56:d8:90:fa:02:77:69:df:ee:98:c6:
                    67:aa:4b:25:d3:85:43:74:fa:ff:09:04:26:b7:19:
                    62:d1:e9:4f:66:b0:29:1b:4d:5b:f2:2b:b8:39:8b:
                    e6:28:15:61:2f:4a:3c:fd:85:da:e3:3d:27:e5:1f:
                    ed:62:95:50:ae:87:40:e8:5b:b2:70:cf:fa:d7:6d:
                    26:5c:3a:70:46:b5:c5:4a:29:16:bd:4b:e9:6c:98:
                    41:03:0f:04:ac:c5:dd:85:66:e7:03:a0:3f:76:d9:
                    95:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:70:BD:1C:67:B6:89:53:8E:5A:E1:DC:B5:2A:B4:44:F3:05:C8:73
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/IXC9HGe2iVOOWuHctSq0RPMFyHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         83:87:ba:d9:30:75:e7:2f:11:a2:68:cf:7e:5e:58:ac:16:48:
         13:85:a8:89:01:ff:3e:02:ca:13:d2:02:14:6f:2b:09:b9:39:
         40:0c:92:c8:61:34:d3:3f:b2:5a:17:52:71:17:5f:d0:1d:65:
         a1:43:c4:37:5e:d2:fc:e5:b3:1b:5a:7e:93:df:ea:0e:41:d8:
         df:27:cd:14:1f:8e:d7:3d:ca:bb:07:6f:30:8e:c9:ef:a9:bb:
         0f:e8:4e:d9:b6:d6:76:f4:c6:84:ac:f2:57:80:52:52:80:3a:
         74:d5:7b:db:b9:7a:14:0c:42:90:39:8f:22:4b:45:5c:6d:23:
         67:94:0a:eb:58:37:f8:95:49:f3:5f:77:6f:32:1a:17:eb:bd:
         01:b3:66:56:56:75:04:08:11:77:63:55:ea:86:6e:0b:66:23:
         08:2e:a8:c5:5c:c7:50:9a:e3:3a:2f:7d:c5:81:d0:3d:47:9c:
         a2:40:02:a0:57:40:eb:ce:78:67:1e:ac:8f:98:3f:05:6c:31:
         d9:72:82:d9:d5:51:a9:32:21:7b:fd:57:67:36:7e:1b:00:eb:
         8b:b0:de:79:a9:c1:70:f0:ed:96:39:f8:e5:30:59:b9:25:41:
         a7:a2:f5:18:66:1e:70:11:73:5a:aa:6c:2b:8c:67:92:77:48:
         de:c7:83:b7
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlfDd2e8t33kk1QjISQDNYoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzE2MTQxNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTcwYmQxYzY3YjY4OTUzOGU1YWUxZGNiNTJhYjQ0NGYzMDVjODczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhkb8BcAaBusfCEDmOQOZjUt3AQkh
7HoscVSHrs9qSF9s+JXpQMh5PSMCwwDCAkRdxOrJNCmfYHZJGqD3LPOq19YePUly
6fGjmt1mzUxd/G/Co/sTzpulTFijBsraSnihidoQ7XTGKPpwL4X5I6hHg43JntTJ
RDYH0xMce9XmBQ4DNWFGPUXQRT6bZvitxiuy+0K8S2Hq+HzqVtiQ+gJ3ad/umMZn
qksl04VDdPr/CQQmtxli0elPZrApG01b8iu4OYvmKBVhL0o8/YXa4z0n5R/tYpVQ
rodA6FuycM/6120mXDpwRrXFSikWvUvpbJhBAw8ErMXdhWbnA6A/dtmVtwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCFwvRxntolTjlrh3LUqtETzBchzMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSVhDOUhHZTJpVk9PV3VIY3RTcTBSUE1GeUhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIOHutkwdecvEaJoz35e
WKwWSBOFqIkB/z4CyhPSAhRvKwm5OUAMkshhNNM/sloXUnEXX9AdZaFDxDde0vzl
sxtafpPf6g5B2N8nzRQfjtc9yrsHbzCOye+puw/oTtm21nb0xoSs8leAUlKAOnTV
e9u5ehQMQpA5jyJLRVxtI2eUCutYN/iVSfNfd28yGhfrvQGzZlZWdQQIEXdjVeqG
bgtmIwguqMVcx1Ca4zovfcWB0D1HnKJAAqBXQOvOeGcerI+YPwVsMdlygtnVUaky
IXv9V2c2fhsA64uw3nmpwXDw7ZY5+OUwWbklQaei9RhmHnARc1qqbCuMZ5J3SN7H
g7c=
-----END CERTIFICATE-----