Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Imwxbc4zv-BsYexMlWLV-2gdvrY.roa
File:                     Imwxbc4zv-BsYexMlWLV-2gdvrY.roa (raw, json)
Hash identifier:          j00uTnQuI+hmy3DeZDFO0COTYNRkiXfIqXfPTI/3DzA=
Subject key identifier:   22:6C:31:6D:CE:33:BF:E0:6C:61:EC:4C:95:62:D5:FB:68:1D:BE:B6
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01893E377E458F4D16A334A63FC313277C51
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Imwxbc4zv-BsYexMlWLV-2gdvrY.roa
Signing time:             Mon 10 Jul 2023 05:12:51 +0000
ROA not before:           Mon 10 Jul 2023 05:12:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:3e:37:7e:45:8f:4d:16:a3:34:a6:3f:c3:13:27:7c:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 10 05:12:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=226c316dce33bfe06c61ec4c9562d5fb681dbeb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:6c:0c:c0:ff:7a:83:5b:72:76:d3:a2:ef:44:
                    d6:c6:5c:48:27:d7:ce:d6:b9:f3:ec:ac:85:9f:fa:
                    aa:f4:43:15:05:51:7b:4e:23:8f:8d:d9:fd:c9:82:
                    92:65:c2:1e:b6:aa:2d:7d:96:0c:47:b3:26:60:00:
                    3a:ca:12:a8:bd:cc:f2:f1:7d:0d:f1:83:1c:68:22:
                    37:81:26:f4:30:60:33:bf:32:de:20:4d:9e:2d:dc:
                    1b:28:56:0f:36:a3:64:89:84:4b:b8:5b:06:06:f5:
                    02:9e:60:f2:17:f9:6c:20:1f:8a:62:b4:38:f2:4a:
                    e1:7d:d2:12:a6:88:8e:86:5c:ce:ab:46:45:65:a0:
                    8c:6c:0d:4a:81:04:56:95:aa:02:ad:03:a7:e9:14:
                    91:4a:2b:fc:7b:e9:77:ea:d0:19:1c:7c:9b:52:fc:
                    a8:8a:80:0c:cf:f5:cf:00:d7:d5:84:86:ea:ac:65:
                    41:52:51:a0:cd:b3:a9:c1:40:68:57:4f:9b:21:a1:
                    96:9a:1d:dc:f9:58:19:81:c8:39:d5:9a:d6:10:b8:
                    03:e5:b4:4c:22:27:97:9d:90:9a:74:17:52:8b:e8:
                    60:24:99:10:75:b0:d9:39:0d:3b:02:30:39:4b:69:
                    b2:c2:fa:cd:b3:13:3f:3d:0f:43:42:95:d9:27:68:
                    b7:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:6C:31:6D:CE:33:BF:E0:6C:61:EC:4C:95:62:D5:FB:68:1D:BE:B6
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Imwxbc4zv-BsYexMlWLV-2gdvrY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a9:1f:82:96:2d:4c:1b:2b:64:8b:cc:e1:13:6d:51:3d:75:88:
         70:34:d0:42:78:00:7d:b6:06:25:9a:49:2c:48:aa:77:ee:2a:
         46:ca:76:c2:88:26:a3:f1:cc:f2:5b:ef:ff:05:42:da:4f:88:
         fc:72:a1:a4:fe:89:51:c5:f0:2a:f0:22:c5:23:99:5e:bd:6e:
         7d:dc:18:32:9f:8a:9c:b2:b1:3a:86:3b:2d:a4:89:51:3f:72:
         81:66:4e:aa:56:86:0d:b0:ce:5b:6b:01:ca:68:a6:86:5f:67:
         cf:45:57:e0:6b:43:c3:c7:75:84:7b:96:8a:f7:11:80:85:e5:
         12:0f:73:3c:28:f5:1e:25:ce:8b:b1:87:1e:dc:84:97:8e:2e:
         91:66:1c:88:9f:e9:67:29:86:b4:2b:c5:63:1a:43:4b:90:ea:
         ef:28:bc:da:0a:70:92:2c:b1:17:09:ad:39:76:fe:70:7e:45:
         1f:e2:0b:46:dd:3d:11:97:53:99:f2:1f:8b:2b:b0:48:e2:78:
         f0:c8:16:62:36:bd:1a:a8:95:e7:cc:e2:83:1b:76:9c:55:b8:
         65:47:f8:dd:65:cc:1f:db:a5:0c:fe:2c:a9:b8:cd:a9:21:e3:
         1a:7d:57:1f:ab:9b:b1:f7:7f:cf:6d:f0:b7:e6:cf:75:49:af:
         8c:56:c9:89
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYk+N35Fj00WozSmP8MTJ3xRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzEwMDUxMjUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjZjMzE2ZGNlMzNiZmUwNmM2MWVjNGM5NTYyZDVmYjY4MWRiZWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA02wMwP96g1tydtOi70TWxlxIJ9fO
1rnz7KyFn/qq9EMVBVF7TiOPjdn9yYKSZcIetqotfZYMR7MmYAA6yhKovczy8X0N
8YMcaCI3gSb0MGAzvzLeIE2eLdwbKFYPNqNkiYRLuFsGBvUCnmDyF/lsIB+KYrQ4
8krhfdISpoiOhlzOq0ZFZaCMbA1KgQRWlaoCrQOn6RSRSiv8e+l36tAZHHybUvyo
ioAMz/XPANfVhIbqrGVBUlGgzbOpwUBoV0+bIaGWmh3c+VgZgcg51ZrWELgD5bRM
IieXnZCadBdSi+hgJJkQdbDZOQ07AjA5S2mywvrNsxM/PQ9DQpXZJ2i35QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCJsMW3OM7/gbGHsTJVi1ftoHb62MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSW13eGJjNHp2LUJzWWV4TWxXTFYtMmdkdnJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKkfgpYtTBsrZIvM4RNt
UT11iHA00EJ4AH22BiWaSSxIqnfuKkbKdsKIJqPxzPJb7/8FQtpPiPxyoaT+iVHF
8CrwIsUjmV69bn3cGDKfipyysTqGOy2kiVE/coFmTqpWhg2wzltrAcpopoZfZ89F
V+BrQ8PHdYR7lor3EYCF5RIPczwo9R4lzouxhx7chJeOLpFmHIif6WcphrQrxWMa
Q0uQ6u8ovNoKcJIssRcJrTl2/nB+RR/iC0bdPRGXU5nyH4srsEjiePDIFmI2vRqo
lefM4oMbdpxVuGVH+N1lzB/bpQz+LKm4zakh4xp9Vx+rm7H3f89t8Lfmz3VJr4xW
yYk=
-----END CERTIFICATE-----