Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/J2F7z64RMyUj_PFaELrUhigwdCM.roa
File:                     J2F7z64RMyUj_PFaELrUhigwdCM.roa (raw, json)
Hash identifier:          HUgdWcIHGB3dcpmBy/ySqgyYhkXSQMOV4uTYPdYCnkw=
Subject key identifier:   27:61:7B:CF:AE:11:33:25:23:FC:F1:5A:10:BA:D4:86:28:30:74:23
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01895376A3685521CDD2236F3B67ED754C24
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/J2F7z64RMyUj_PFaELrUhigwdCM.roa
Signing time:             Fri 14 Jul 2023 08:13:51 +0000
ROA not before:           Fri 14 Jul 2023 08:13:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:53:76:a3:68:55:21:cd:d2:23:6f:3b:67:ed:75:4c:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 14 08:13:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=27617bcfae11332523fcf15a10bad48628307423
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:cf:48:1a:10:65:bc:4d:0b:c4:78:20:11:ba:
                    36:df:43:ba:f6:3e:a8:08:44:6f:c0:a6:d8:36:f8:
                    87:6e:46:7d:57:ec:cc:6e:7d:6f:44:60:f6:42:40:
                    50:82:dc:87:c2:fe:b9:66:f2:86:a3:46:d6:ec:f9:
                    b9:c3:bc:b0:ee:ea:9b:e6:32:0d:d2:5d:0e:68:9c:
                    19:e7:14:ec:c0:8c:a8:22:0b:3c:83:a0:c5:bb:85:
                    23:87:21:36:10:1b:44:0b:5c:95:2b:e1:a0:fc:31:
                    e3:80:43:53:44:ee:b2:8e:e5:7d:0c:2c:a2:d9:4f:
                    1a:d3:41:81:17:93:d4:50:08:13:1d:0b:6f:c8:13:
                    8f:6b:a8:7b:89:80:f0:ba:e1:cd:a4:35:04:c2:5c:
                    1b:e2:4a:96:27:51:9b:5d:39:4b:92:54:97:bf:b4:
                    1c:51:1f:dc:72:1d:fb:28:d9:7d:ef:76:b2:ef:fa:
                    a7:c3:b6:3f:8e:53:ab:4d:7e:68:28:35:cf:43:d9:
                    5c:45:e2:19:b2:45:c6:a2:a3:f4:1f:42:35:c3:30:
                    7f:5b:ab:01:fb:f8:03:d2:44:32:c7:d0:83:74:62:
                    25:8b:b3:77:99:b0:3a:e8:01:65:00:2f:4b:da:2e:
                    61:f5:74:f1:06:79:ec:ee:61:94:20:f9:e7:b6:11:
                    22:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:61:7B:CF:AE:11:33:25:23:FC:F1:5A:10:BA:D4:86:28:30:74:23
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/J2F7z64RMyUj_PFaELrUhigwdCM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:e8:13:44:93:30:36:21:bf:f2:34:f3:84:6e:57:09:43:74:
         5f:ba:87:6c:25:3f:64:83:c4:1e:0b:fb:3f:e8:7e:71:80:eb:
         73:4a:42:f9:c4:d6:f7:f4:ee:37:d3:6e:ad:c1:c7:c6:53:c1:
         42:80:9f:10:96:6f:7c:81:b0:7a:7a:ec:05:1e:01:21:99:cc:
         16:27:76:bd:e4:34:55:58:bc:33:a6:c5:d3:b3:01:3a:1e:ab:
         b3:d9:ad:cc:fa:fb:f1:e9:87:4c:8d:71:f8:6f:eb:ce:91:f7:
         6f:1a:39:02:e8:1f:14:03:cd:e5:ad:3b:6a:f6:60:87:ad:9f:
         5d:4c:59:d1:43:b7:f7:18:38:11:7d:18:72:3c:ba:9d:7c:81:
         77:04:c9:d0:2b:6a:42:6a:5e:9e:f5:7c:35:46:61:40:5c:5a:
         66:ac:66:8c:ad:ac:4c:36:2f:c7:e5:d0:6f:c4:9a:35:d9:0b:
         78:dc:4e:a9:39:d2:a4:3c:31:84:bb:75:12:89:e5:35:6f:0e:
         29:f6:3a:28:bf:ff:0a:f9:73:22:6a:ae:6e:a9:de:fc:3a:c2:
         9c:ee:84:f9:74:87:5d:b3:e9:a0:ef:72:98:11:cf:7b:39:62:
         07:25:40:6a:46:ef:98:5f:4c:53:5d:d9:6d:db:8d:e7:32:c7:
         f9:c7:3a:b7
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlTdqNoVSHN0iNvO2ftdUwkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzE0MDgxMzUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzYxN2JjZmFlMTEzMzI1MjNmY2YxNWExMGJhZDQ4NjI4MzA3NDIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA289IGhBlvE0LxHggEbo230O69j6o
CERvwKbYNviHbkZ9V+zMbn1vRGD2QkBQgtyHwv65ZvKGo0bW7Pm5w7yw7uqb5jIN
0l0OaJwZ5xTswIyoIgs8g6DFu4UjhyE2EBtEC1yVK+Gg/DHjgENTRO6yjuV9DCyi
2U8a00GBF5PUUAgTHQtvyBOPa6h7iYDwuuHNpDUEwlwb4kqWJ1GbXTlLklSXv7Qc
UR/cch37KNl973ay7/qnw7Y/jlOrTX5oKDXPQ9lcReIZskXGoqP0H0I1wzB/W6sB
+/gD0kQyx9CDdGIli7N3mbA66AFlAC9L2i5h9XTxBnns7mGUIPnnthEiuwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCdhe8+uETMlI/zxWhC61IYoMHQjMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSjJGN3o2NFJNeVVqX1BGYUVMclVoaWd3ZENNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHroE0STMDYhv/I084Ru
VwlDdF+6h2wlP2SDxB4L+z/ofnGA63NKQvnE1vf07jfTbq3Bx8ZTwUKAnxCWb3yB
sHp67AUeASGZzBYndr3kNFVYvDOmxdOzAToeq7PZrcz6+/Hph0yNcfhv686R928a
OQLoHxQDzeWtO2r2YIetn11MWdFDt/cYOBF9GHI8up18gXcEydArakJqXp71fDVG
YUBcWmasZoytrEw2L8fl0G/EmjXZC3jcTqk50qQ8MYS7dRKJ5TVvDin2Oii//wr5
cyJqrm6p3vw6wpzuhPl0h12z6aDvcpgRz3s5YgclQGpG75hfTFNd2W3bjecyx/nH
Orc=
-----END CERTIFICATE-----