Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/JDRu-JTUYNKks5oTGKspwTzBg9k.roa
File:                     JDRu-JTUYNKks5oTGKspwTzBg9k.roa (raw, json)
Hash identifier:          rfaH7EJXptejyT2AolcgNQ+5i6g45jW0lftI1CiTL78=
Subject key identifier:   24:34:6E:F8:94:D4:60:D2:A4:B3:9A:13:18:AB:29:C1:3C:C1:83:D9
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188A1FDE9827BD3D76B3A42EE0EC944A078
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/JDRu-JTUYNKks5oTGKspwTzBg9k.roa
Signing time:             Fri 09 Jun 2023 21:09:12 +0000
ROA not before:           Fri 09 Jun 2023 21:09:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:a1:fd:e9:82:7b:d3:d7:6b:3a:42:ee:0e:c9:44:a0:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  9 21:09:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=24346ef894d460d2a4b39a1318ab29c13cc183d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:92:e5:51:99:7f:7a:c4:94:e0:9b:1f:79:61:
                    8b:52:ea:1d:71:ae:60:25:43:30:44:68:78:65:0a:
                    86:cc:1d:07:56:3d:a4:39:e0:a1:21:dc:a8:bd:19:
                    7e:83:94:9e:4d:60:af:fe:ee:0f:c8:91:c0:1c:7a:
                    89:bb:3e:9b:fa:f1:37:24:46:55:96:4d:89:74:36:
                    c8:71:79:51:ac:16:98:5d:ab:5d:5b:49:cd:70:32:
                    0c:f0:b2:69:55:08:56:bf:19:c5:ac:48:35:65:d6:
                    8d:cf:03:89:b9:8d:2a:22:18:65:a4:70:5c:37:26:
                    ad:9a:6e:7a:8e:2f:9e:f6:5a:94:dc:7a:4b:f5:98:
                    cb:45:d8:fc:64:ca:f3:ca:01:99:62:77:43:d1:7f:
                    1c:e9:8e:82:fd:40:8d:4e:d6:4b:28:7f:58:06:8b:
                    47:67:66:98:42:d4:64:ce:6a:46:61:b1:ab:b5:57:
                    a1:58:73:3f:58:77:b7:5f:42:4d:d2:20:1c:29:d3:
                    66:ad:78:18:11:82:48:a1:b0:a1:6b:84:8d:ce:73:
                    2b:80:0f:97:9b:be:c6:75:94:dc:4b:3d:10:c9:15:
                    7b:35:74:16:53:ef:11:a3:7a:d2:82:7c:cb:06:50:
                    cd:87:e9:01:89:03:ff:d4:c7:ea:33:e1:3b:e5:cb:
                    4f:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:34:6E:F8:94:D4:60:D2:A4:B3:9A:13:18:AB:29:C1:3C:C1:83:D9
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/JDRu-JTUYNKks5oTGKspwTzBg9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:16:e5:a9:c1:05:d8:87:80:5e:8f:e0:94:e5:9b:86:c6:e8:
         b6:2e:b8:86:4b:67:e8:43:54:14:6f:97:9b:6d:42:9d:4c:09:
         96:e6:c2:8a:a2:35:3a:33:37:c7:6d:19:e8:56:3b:f8:61:c7:
         f1:57:ee:66:94:e4:33:af:b2:8f:84:19:1a:2f:1d:03:96:75:
         6a:87:85:99:67:61:6b:54:28:04:1d:29:15:7f:e5:c6:d7:4a:
         e6:17:a5:1f:11:9c:0f:b9:88:c5:7e:b8:b6:d2:48:56:bd:1e:
         00:96:40:df:9a:84:74:d3:3e:b7:87:62:48:f7:54:89:93:87:
         13:ef:7a:72:f9:0c:d2:bd:de:db:09:34:82:09:50:3f:d6:7f:
         1e:1a:76:fd:f6:ba:48:cf:84:1f:40:3d:91:e7:0f:ed:95:01:
         38:17:f2:f6:04:70:c2:9b:64:fe:33:08:ad:7d:c5:6c:bb:ea:
         7f:96:94:a5:18:4b:fa:74:eb:61:f7:a0:70:3a:f4:b6:9a:bf:
         08:9d:d6:ed:5d:ff:12:3f:2d:14:56:d1:68:db:c2:7d:f3:f4:
         41:2d:e9:1b:b8:00:f9:bb:53:ae:e3:87:46:df:82:75:6e:52:
         3a:06:91:45:aa:99:b4:b3:d3:79:f7:ab:6a:eb:6e:b5:31:c8:
         54:e6:89:02
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYih/emCe9PXazpC7g7JRKB4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA5MjEwOTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDM0NmVmODk0ZDQ2MGQyYTRiMzlhMTMxOGFiMjljMTNjYzE4M2Q5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArpLlUZl/esSU4JsfeWGLUuodca5g
JUMwRGh4ZQqGzB0HVj2kOeChIdyovRl+g5SeTWCv/u4PyJHAHHqJuz6b+vE3JEZV
lk2JdDbIcXlRrBaYXatdW0nNcDIM8LJpVQhWvxnFrEg1ZdaNzwOJuY0qIhhlpHBc
Nyatmm56ji+e9lqU3HpL9ZjLRdj8ZMrzygGZYndD0X8c6Y6C/UCNTtZLKH9YBotH
Z2aYQtRkzmpGYbGrtVehWHM/WHe3X0JN0iAcKdNmrXgYEYJIobCha4SNznMrgA+X
m77GdZTcSz0QyRV7NXQWU+8Ro3rSgnzLBlDNh+kBiQP/1MfqM+E75ctPiQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCQ0bviU1GDSpLOaExirKcE8wYPZMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSkRSdS1KVFVZTktrczVvVEdLc3B3VHpCZzlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABUW5anBBdiHgF6P4JTl
m4bG6LYuuIZLZ+hDVBRvl5ttQp1MCZbmwoqiNTozN8dtGehWO/hhx/FX7maU5DOv
so+EGRovHQOWdWqHhZlnYWtUKAQdKRV/5cbXSuYXpR8RnA+5iMV+uLbSSFa9HgCW
QN+ahHTTPreHYkj3VImThxPvenL5DNK93tsJNIIJUD/Wfx4adv32ukjPhB9APZHn
D+2VATgX8vYEcMKbZP4zCK19xWy76n+WlKUYS/p062H3oHA69Laavwid1u1d/xI/
LRRW0Wjbwn3z9EEt6Ru4APm7U67jh0bfgnVuUjoGkUWqmbSz03n3q2rrbrUxyFTm
iQI=
-----END CERTIFICATE-----