Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/JN0fZOgnF6GaoTo9p-I1-uS1XyU.roa
File:                     JN0fZOgnF6GaoTo9p-I1-uS1XyU.roa (raw, json)
Hash identifier:          n50S/9WobqeXqeTej+bpHagJGefUEXX2sCIA9x87oqs=
Subject key identifier:   24:DD:1F:64:E8:27:17:A1:9A:A1:3A:3D:A7:E2:35:FA:E4:B5:5F:25
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01888E411F14BE91AB710692B26D0A31F4A8
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/JN0fZOgnF6GaoTo9p-I1-uS1XyU.roa
Signing time:             Tue 06 Jun 2023 01:10:12 +0000
ROA not before:           Tue 06 Jun 2023 01:10:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:8e:41:1f:14:be:91:ab:71:06:92:b2:6d:0a:31:f4:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  6 01:10:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=24dd1f64e82717a19aa13a3da7e235fae4b55f25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:ff:da:df:c4:e0:96:df:eb:b5:9a:87:74:14:
                    86:19:00:98:41:b8:96:52:56:9c:3a:a0:36:41:30:
                    d4:16:fa:59:19:38:ac:70:ce:5e:76:dc:f2:de:7f:
                    ca:ea:c8:a7:6c:3d:10:8d:23:9a:d2:dc:c2:9c:5d:
                    85:93:14:a0:61:ee:7c:31:fd:3b:8c:4f:c3:59:5f:
                    6f:f6:1a:e8:31:b0:60:64:ec:6a:f9:a7:e8:e3:a3:
                    5b:46:c8:55:f0:11:c4:3b:da:b3:36:d2:c9:19:70:
                    df:af:0f:53:29:65:69:9b:59:00:db:73:32:f8:b3:
                    85:bb:da:2f:26:0d:ad:e4:1b:ed:91:ba:67:7b:5e:
                    ea:51:db:0e:24:28:d7:bb:26:de:f5:21:1a:15:fc:
                    44:33:91:73:dd:3d:e5:65:58:c8:a5:a5:76:a2:b8:
                    2e:c5:22:12:ee:32:6e:81:77:2e:d8:6b:24:10:41:
                    df:ef:44:ee:91:cb:a3:39:f2:a9:9e:c5:14:03:a7:
                    c8:28:7c:22:59:a4:9c:eb:ad:fa:18:df:b1:a8:aa:
                    07:c2:7a:c2:d5:a9:06:cf:cd:82:22:0b:59:05:71:
                    cc:dc:f5:c8:a2:dc:d8:ab:85:d7:c3:20:97:75:ec:
                    88:1b:c0:51:7a:18:47:a8:f9:57:68:67:0b:a6:6a:
                    89:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:DD:1F:64:E8:27:17:A1:9A:A1:3A:3D:A7:E2:35:FA:E4:B5:5F:25
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/JN0fZOgnF6GaoTo9p-I1-uS1XyU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         97:e2:0e:8f:a0:68:e7:a5:e1:a1:90:fc:98:58:d8:bd:54:23:
         8e:a3:34:73:e3:d5:ea:8a:f8:1a:df:10:f0:f2:8b:4d:6b:89:
         f9:f9:5c:01:84:8b:fc:35:04:f6:62:13:29:c7:b1:cb:c1:cf:
         ce:52:e5:45:a1:57:1c:15:ac:40:07:02:21:19:0f:03:2a:92:
         f7:47:1f:d0:c0:36:72:2a:19:4d:f9:64:af:42:e5:ff:ab:9c:
         6f:3b:ea:71:1c:77:16:21:1d:40:c6:5a:50:b8:e5:cc:6b:04:
         42:bc:db:1b:25:c6:c7:38:e7:c1:a3:fc:0f:79:9b:35:a9:99:
         29:f5:b1:6b:7c:5c:f0:20:9a:7f:a4:1f:dc:1c:1e:3e:62:8d:
         67:40:e9:c8:a0:5a:b4:30:3d:55:c0:3b:7c:d9:86:a7:2a:00:
         4a:7c:00:c0:db:e8:86:26:75:70:54:ff:87:8c:ee:69:d9:46:
         f1:46:85:0d:93:7c:cf:3c:82:64:a2:da:04:e2:96:e1:1d:cf:
         04:58:94:ca:ff:33:e3:33:70:8f:84:7c:44:c5:a3:6b:9f:8f:
         f4:39:d8:c4:33:a2:11:30:a2:c3:6c:7f:f7:c3:65:ab:c5:fe:
         fc:98:91:71:29:4c:3b:df:72:0a:63:df:b2:34:67:c2:e5:e2:
         a5:eb:71:f1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiOQR8UvpGrcQaSsm0KMfSoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA2MDExMDEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGRkMWY2NGU4MjcxN2ExOWFhMTNhM2RhN2UyMzVmYWU0YjU1ZjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnP/a38Tglt/rtZqHdBSGGQCYQbiW
UlacOqA2QTDUFvpZGTiscM5edtzy3n/K6sinbD0QjSOa0tzCnF2FkxSgYe58Mf07
jE/DWV9v9hroMbBgZOxq+afo46NbRshV8BHEO9qzNtLJGXDfrw9TKWVpm1kA23My
+LOFu9ovJg2t5Bvtkbpne17qUdsOJCjXuybe9SEaFfxEM5Fz3T3lZVjIpaV2orgu
xSIS7jJugXcu2GskEEHf70TukcujOfKpnsUUA6fIKHwiWaSc6636GN+xqKoHwnrC
1akGz82CIgtZBXHM3PXIotzYq4XXwyCXdeyIG8BRehhHqPlXaGcLpmqJaQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCTdH2ToJxehmqE6PafiNfrktV8lMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSk4wZlpPZ25GNkdhb1RvOXAtSTEtdVMxWHlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJfiDo+gaOel4aGQ/JhY
2L1UI46jNHPj1eqK+BrfEPDyi01rifn5XAGEi/w1BPZiEynHscvBz85S5UWhVxwV
rEAHAiEZDwMqkvdHH9DANnIqGU35ZK9C5f+rnG876nEcdxYhHUDGWlC45cxrBEK8
2xslxsc458Gj/A95mzWpmSn1sWt8XPAgmn+kH9wcHj5ijWdA6cigWrQwPVXAO3zZ
hqcqAEp8AMDb6IYmdXBU/4eM7mnZRvFGhQ2TfM88gmSi2gTiluEdzwRYlMr/M+Mz
cI+EfETFo2ufj/Q52MQzohEwosNsf/fDZavF/vyYkXEpTDvfcgpj37I0Z8Ll4qXr
cfE=
-----END CERTIFICATE-----