Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KL1bbnm7WhaBN8okQ9JGs4U9Z4E.roa
File:                     KL1bbnm7WhaBN8okQ9JGs4U9Z4E.roa (raw, json)
Hash identifier:          uMtIVcP6298fPvdu0samuSZ3EghnbnHhpjlfX4EmY3k=
Subject key identifier:   28:BD:5B:6E:79:BB:5A:16:81:37:CA:24:43:D2:46:B3:85:3D:67:81
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0189533ECB1E93D5DD9573209039A64939F0
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KL1bbnm7WhaBN8okQ9JGs4U9Z4E.roa
Signing time:             Fri 14 Jul 2023 07:12:51 +0000
ROA not before:           Fri 14 Jul 2023 07:12:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:53:3e:cb:1e:93:d5:dd:95:73:20:90:39:a6:49:39:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 14 07:12:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=28bd5b6e79bb5a168137ca2443d246b3853d6781
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:5c:fd:5d:42:a3:06:13:2d:04:04:b9:39:9a:
                    98:cf:1f:86:3f:80:41:23:85:fd:e3:f9:12:14:30:
                    23:7e:d5:3a:a7:3a:06:bf:b9:0d:a5:4d:ba:b1:ae:
                    77:03:ce:0d:b7:8c:75:7c:75:d3:0e:72:4e:06:ad:
                    24:3c:44:c2:71:d9:98:f5:d3:14:17:91:06:f9:dc:
                    72:eb:f7:16:98:70:53:f3:3f:1d:d5:a5:e7:ae:21:
                    93:20:cf:6d:f1:42:c1:0b:ea:78:c9:fe:e7:44:af:
                    fd:08:2f:ea:fb:2e:9b:85:5c:e4:52:8d:03:05:9f:
                    03:35:df:50:e2:ef:23:2a:2d:e2:34:d9:2f:67:61:
                    0d:16:af:07:f9:6c:63:f5:91:b7:60:78:9b:ec:f9:
                    89:e2:dd:10:61:dc:83:cf:7d:6f:b2:01:02:18:f6:
                    87:5d:e3:f8:3e:03:6c:5e:a6:86:48:91:c2:2b:b6:
                    5f:b3:b5:1d:69:a8:e9:31:8d:47:19:b0:bf:26:00:
                    41:c6:c1:63:dd:c0:30:98:a7:a6:26:7c:5e:08:13:
                    8a:dd:7e:38:92:80:b3:81:28:1f:15:e7:ae:25:4e:
                    87:0c:2f:c8:02:89:40:bc:e2:90:97:db:33:ad:bb:
                    f6:c1:17:f1:05:d2:df:fc:26:4b:8e:57:c5:ac:b4:
                    9e:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:BD:5B:6E:79:BB:5A:16:81:37:CA:24:43:D2:46:B3:85:3D:67:81
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KL1bbnm7WhaBN8okQ9JGs4U9Z4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:0b:c1:25:cc:6c:94:c0:d3:f9:49:37:c7:f1:14:c1:ce:e9:
         02:96:7f:cd:d2:52:20:85:18:21:50:d8:e3:99:8a:c5:11:d6:
         79:a1:94:7d:9c:c7:97:f1:72:2d:d2:f1:bd:c3:01:79:f1:c3:
         96:20:29:44:07:56:38:26:60:9c:53:4e:24:0e:b7:df:c3:1a:
         b1:03:55:6d:6f:c9:50:7c:51:ae:d0:68:27:03:fb:5f:33:56:
         8f:5b:b3:d5:10:ac:5c:2a:aa:db:67:32:e5:0e:67:70:dd:73:
         ef:ab:7a:fb:ad:71:2c:31:83:40:e3:1c:7f:35:3b:cf:d0:0f:
         21:0c:57:a7:0d:83:35:70:6a:bc:2e:75:66:e4:bd:eb:cd:67:
         d6:c0:7a:22:83:57:f0:a3:02:97:97:5e:d1:f0:a0:ba:b2:55:
         e3:f2:08:0f:0f:1a:f8:5a:34:a4:67:e2:5e:cf:b9:fc:e1:68:
         05:91:48:8d:b3:14:a5:37:97:e8:65:c8:5b:fb:50:5f:7d:d1:
         63:88:31:5a:64:89:61:24:e4:ef:28:26:6f:06:e2:50:a5:1b:
         cb:df:d0:f3:19:83:df:ed:21:ed:a1:25:13:e5:47:a6:0f:76:
         1e:5f:bd:dc:fe:d7:06:c0:d6:ef:81:95:a7:24:6a:f8:1a:ff:
         09:ca:5b:3b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlTPssek9XdlXMgkDmmSTnwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzE0MDcxMjUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGJkNWI2ZTc5YmI1YTE2ODEzN2NhMjQ0M2QyNDZiMzg1M2Q2NzgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Vz9XUKjBhMtBAS5OZqYzx+GP4BB
I4X94/kSFDAjftU6pzoGv7kNpU26sa53A84Nt4x1fHXTDnJOBq0kPETCcdmY9dMU
F5EG+dxy6/cWmHBT8z8d1aXnriGTIM9t8ULBC+p4yf7nRK/9CC/q+y6bhVzkUo0D
BZ8DNd9Q4u8jKi3iNNkvZ2ENFq8H+Wxj9ZG3YHib7PmJ4t0QYdyDz31vsgECGPaH
XeP4PgNsXqaGSJHCK7Zfs7UdaajpMY1HGbC/JgBBxsFj3cAwmKemJnxeCBOK3X44
koCzgSgfFeeuJU6HDC/IAolAvOKQl9szrbv2wRfxBdLf/CZLjlfFrLSeUQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCi9W255u1oWgTfKJEPSRrOFPWeBMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvS0wxYmJubTdXaGFCTjhva1E5SkdzNFU5WjRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAwLwSXMbJTA0/lJN8fx
FMHO6QKWf83SUiCFGCFQ2OOZisUR1nmhlH2cx5fxci3S8b3DAXnxw5YgKUQHVjgm
YJxTTiQOt9/DGrEDVW1vyVB8Ua7QaCcD+18zVo9bs9UQrFwqqttnMuUOZ3Ddc++r
evutcSwxg0DjHH81O8/QDyEMV6cNgzVwarwudWbkvevNZ9bAeiKDV/CjApeXXtHw
oLqyVePyCA8PGvhaNKRn4l7PufzhaAWRSI2zFKU3l+hlyFv7UF990WOIMVpkiWEk
5O8oJm8G4lClG8vf0PMZg9/tIe2hJRPlR6YPdh5fvdz+1wbA1u+Blackavga/wnK
Wzs=
-----END CERTIFICATE-----