Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/JSOWSfLgAGECz_NMCng5_Nm1us0.roa
File:                     JSOWSfLgAGECz_NMCng5_Nm1us0.roa (raw, json)
Hash identifier:          uYK++KMU7thhQvUOPST7LSrQZaZCIdu6HO2QybPzCvs=
Subject key identifier:   25:23:96:49:F2:E0:00:61:02:CF:F3:4C:0A:78:39:FC:D9:B5:BA:CD
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188842C3F9BC8DB7CD237BCA83E06A32D13
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/JSOWSfLgAGECz_NMCng5_Nm1us0.roa
Signing time:             Sun 04 Jun 2023 02:11:12 +0000
ROA not before:           Sun 04 Jun 2023 02:11:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:84:2c:3f:9b:c8:db:7c:d2:37:bc:a8:3e:06:a3:2d:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  4 02:11:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=25239649f2e0006102cff34c0a7839fcd9b5bacd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:c4:c7:c3:d9:e7:b3:53:25:55:e9:8c:cc:0d:
                    f1:13:4f:0b:d3:fe:9c:58:d1:c0:34:72:13:15:8a:
                    16:40:43:60:25:9e:99:9f:b9:30:c3:54:f3:99:cf:
                    88:43:bf:db:bb:4d:37:c9:12:ed:87:3d:11:45:45:
                    eb:75:a0:e0:ed:c2:40:7e:01:b7:12:18:35:9a:9b:
                    e1:71:02:50:6f:88:d0:d4:63:9f:05:4f:05:cd:a5:
                    6f:37:36:f2:61:a6:52:ee:bb:6b:33:20:4d:84:f6:
                    92:93:55:25:ff:8b:26:8e:d3:2b:21:4e:7f:e3:8c:
                    e8:cf:1b:ff:fd:19:e4:ed:78:c9:7d:73:f7:ae:0f:
                    6c:df:a8:0c:2f:85:32:cf:73:e5:01:8d:0c:bc:e1:
                    9d:b5:1f:91:d0:b9:80:90:25:ff:e2:3c:a2:b4:a7:
                    85:24:7e:22:6a:a7:68:84:7d:8f:73:82:2a:26:c4:
                    48:de:73:84:27:3d:f6:e2:72:76:72:e0:b1:a8:a9:
                    e3:a8:49:f0:91:7a:4b:ed:57:46:3b:db:a4:55:cd:
                    d2:bd:0f:d5:99:21:05:d2:6f:b4:89:f1:15:10:39:
                    13:49:15:f1:96:64:db:99:cf:6d:fb:d1:46:ae:a6:
                    67:d4:f9:25:8f:4d:80:99:a9:d7:0f:d4:5f:c3:eb:
                    77:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:23:96:49:F2:E0:00:61:02:CF:F3:4C:0A:78:39:FC:D9:B5:BA:CD
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/JSOWSfLgAGECz_NMCng5_Nm1us0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         17:21:b6:1d:bd:21:d0:70:ef:5a:ae:8a:d0:fa:d9:05:2f:2c:
         af:43:45:42:c4:75:58:b6:5f:ae:40:c5:f2:a8:65:99:11:6c:
         70:3a:9a:c0:cd:97:22:ab:84:04:8c:7b:09:c0:0a:a8:8a:b2:
         7d:ca:77:f7:e1:fe:04:1c:d4:7a:2a:f0:2c:36:ac:11:a5:fd:
         b8:58:5a:55:33:3d:21:69:00:ae:1d:4f:33:c9:ec:28:8b:a1:
         78:9c:46:5e:59:29:e7:e3:9e:85:07:0f:3e:e6:0c:5a:a5:38:
         51:85:22:db:d4:a9:3e:e0:19:2c:db:b9:df:dc:72:71:6e:78:
         f8:97:26:36:1d:3d:d7:c4:9a:8d:6a:cb:e2:df:04:e5:8f:9d:
         4d:b9:cd:5e:06:42:9e:13:ef:92:2f:f5:3a:45:83:63:fc:bc:
         b0:75:9c:15:fb:2b:d0:83:24:c5:ee:9c:82:43:31:d2:fa:bd:
         b0:6c:d5:f0:49:a1:3e:a3:fc:46:04:9f:b8:63:4e:d5:8c:10:
         4a:13:16:9f:d2:ab:aa:5f:b1:0a:31:39:d6:e6:ac:ef:c9:d7:
         ca:ef:34:30:75:e7:d9:58:11:5d:36:90:a7:79:05:d7:a7:8a:
         b1:b3:00:08:55:d1:23:11:a2:da:4c:af:cb:74:16:55:11:de:
         8f:d4:19:3d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiELD+byNt80je8qD4Goy0TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA0MDIxMTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTIzOTY0OWYyZTAwMDYxMDJjZmYzNGMwYTc4MzlmY2Q5YjViYWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlsTHw9nns1MlVemMzA3xE08L0/6c
WNHANHITFYoWQENgJZ6Zn7kww1Tzmc+IQ7/bu003yRLthz0RRUXrdaDg7cJAfgG3
Ehg1mpvhcQJQb4jQ1GOfBU8FzaVvNzbyYaZS7rtrMyBNhPaSk1Ul/4smjtMrIU5/
44zozxv//Rnk7XjJfXP3rg9s36gML4Uyz3PlAY0MvOGdtR+R0LmAkCX/4jyitKeF
JH4iaqdohH2Pc4IqJsRI3nOEJz324nJ2cuCxqKnjqEnwkXpL7VdGO9ukVc3SvQ/V
mSEF0m+0ifEVEDkTSRXxlmTbmc9t+9FGrqZn1Pklj02AmanXD9Rfw+t3GwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCUjlkny4ABhAs/zTAp4OfzZtbrNMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSlNPV1NmTGdBR0VDel9OTUNuZzVfTm0xdXMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABchth29IdBw71quitD6
2QUvLK9DRULEdVi2X65AxfKoZZkRbHA6msDNlyKrhASMewnACqiKsn3Kd/fh/gQc
1Hoq8Cw2rBGl/bhYWlUzPSFpAK4dTzPJ7CiLoXicRl5ZKefjnoUHDz7mDFqlOFGF
ItvUqT7gGSzbud/ccnFuePiXJjYdPdfEmo1qy+LfBOWPnU25zV4GQp4T75Iv9TpF
g2P8vLB1nBX7K9CDJMXunIJDMdL6vbBs1fBJoT6j/EYEn7hjTtWMEEoTFp/Sq6pf
sQoxOdbmrO/J18rvNDB159lYEV02kKd5BdenirGzAAhV0SMRotpMr8t0FlUR3o/U
GT0=
-----END CERTIFICATE-----