Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KUWQNzeKgK6SgH4XoVpxoqOZMi0.roa
File:                     KUWQNzeKgK6SgH4XoVpxoqOZMi0.roa (raw, json)
Hash identifier:          /JDfGY9jZzl2ctZPrRFztZwmLIp2oT9FBk1bH+m/jaA=
Subject key identifier:   29:45:90:37:37:8A:80:AE:92:80:7E:17:A1:5A:71:A2:A3:99:32:2D
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188134C542B842BBE0169967AAAE6F80F09
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KUWQNzeKgK6SgH4XoVpxoqOZMi0.roa
Signing time:             Sat 13 May 2023 04:09:09 +0000
ROA not before:           Sat 13 May 2023 04:09:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:13:4c:54:2b:84:2b:be:01:69:96:7a:aa:e6:f8:0f:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 13 04:09:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=29459037378a80ae92807e17a15a71a2a399322d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:e1:f4:0a:ab:89:76:ec:af:e5:c9:65:14:11:
                    3f:5e:61:d8:2e:d3:f1:7c:1b:43:e6:20:74:ed:c5:
                    f2:40:c2:7e:b8:4d:4f:9b:02:46:97:e8:6b:ca:05:
                    57:64:9e:59:d1:bd:d1:a7:5a:01:3f:92:e5:ce:fa:
                    e5:3f:e4:01:bc:1d:4e:6e:65:c3:38:c1:64:2f:8a:
                    24:93:1a:3b:76:80:a4:9b:6e:74:60:92:cf:81:59:
                    4d:e7:a5:c3:fb:a5:4d:53:94:b1:e7:81:f9:50:dc:
                    27:db:af:1e:ea:db:04:94:0a:bf:4f:e0:91:ee:0a:
                    ed:81:6b:a5:da:7e:30:72:05:a4:01:b4:85:ae:ae:
                    53:bb:ee:32:36:c3:1a:11:dd:4d:78:4d:bc:87:90:
                    2c:de:0d:ba:5c:55:84:55:a5:6e:3d:72:b1:d7:5d:
                    bc:9b:e4:f4:79:5b:4c:0c:be:21:89:db:11:d6:a5:
                    2d:9f:c8:03:29:0c:f8:5e:f3:11:e0:58:84:c1:0e:
                    ff:cd:58:e9:af:30:ea:6e:ab:f3:24:9a:67:22:99:
                    3f:f6:7b:d0:7a:c4:cb:8a:ee:5b:9c:37:28:86:0b:
                    42:0b:ca:af:c5:7b:98:70:bc:3f:5d:3b:09:bf:ff:
                    33:44:d3:28:43:12:d0:34:2a:fc:68:4e:85:f1:4c:
                    40:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:45:90:37:37:8A:80:AE:92:80:7E:17:A1:5A:71:A2:A3:99:32:2D
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KUWQNzeKgK6SgH4XoVpxoqOZMi0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         28:1b:d2:d2:4f:d9:d0:af:96:cd:fd:41:c6:e0:4a:9b:f2:af:
         75:95:0f:91:f7:c6:6a:a7:5f:a7:61:04:e9:bd:cf:15:65:72:
         27:41:d3:53:16:d4:a8:3c:37:3b:67:93:0a:42:f9:ec:26:ec:
         b2:30:2c:91:d6:8b:92:b9:02:aa:6e:fa:5c:81:df:75:bb:0e:
         e2:e4:9f:f4:31:9a:e3:98:82:bb:38:87:c2:d9:b1:33:fb:df:
         c3:4e:a2:c9:f4:0d:cb:b0:a6:ec:71:39:0e:b5:f8:a1:27:9e:
         e0:4e:a2:8d:87:43:91:15:5a:4b:cb:db:8e:f1:8b:84:7a:c8:
         c2:11:90:28:6a:92:79:a1:54:72:9b:0d:55:ed:ca:0b:ec:94:
         f9:86:b2:94:ca:8c:9b:bf:8f:cc:86:a7:83:e3:e3:39:74:ca:
         2b:8f:ad:2c:3a:b4:a5:af:82:49:3a:cc:d1:6d:e1:ff:53:6b:
         64:3c:a8:9b:4d:58:94:4d:c3:21:50:e2:d7:43:c7:50:fa:fa:
         57:db:4d:64:db:eb:f6:b0:b2:72:af:d9:40:63:c5:59:c9:83:
         8a:69:a7:78:53:25:6f:a3:0d:d9:0b:49:f7:ae:ed:4f:0a:54:
         f0:a8:58:e0:9e:36:0f:de:d5:bc:7d:97:02:54:53:b4:f0:a9:
         49:55:a0:cf
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgTTFQrhCu+AWmWeqrm+A8JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTEzMDQwOTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTQ1OTAzNzM3OGE4MGFlOTI4MDdlMTdhMTVhNzFhMmEzOTkzMjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAleH0CquJduyv5cllFBE/XmHYLtPx
fBtD5iB07cXyQMJ+uE1PmwJGl+hrygVXZJ5Z0b3Rp1oBP5LlzvrlP+QBvB1ObmXD
OMFkL4okkxo7doCkm250YJLPgVlN56XD+6VNU5Sx54H5UNwn268e6tsElAq/T+CR
7grtgWul2n4wcgWkAbSFrq5Tu+4yNsMaEd1NeE28h5As3g26XFWEVaVuPXKx1128
m+T0eVtMDL4hidsR1qUtn8gDKQz4XvMR4FiEwQ7/zVjprzDqbqvzJJpnIpk/9nvQ
esTLiu5bnDcohgtCC8qvxXuYcLw/XTsJv/8zRNMoQxLQNCr8aE6F8UxA0QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFClFkDc3ioCukoB+F6FacaKjmTItMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvS1VXUU56ZUtnSzZTZ0g0WG9WcHhvcU9aTWkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACgb0tJP2dCvls39Qcbg
Spvyr3WVD5H3xmqnX6dhBOm9zxVlcidB01MW1Kg8NztnkwpC+ewm7LIwLJHWi5K5
Aqpu+lyB33W7DuLkn/QxmuOYgrs4h8LZsTP738NOosn0DcuwpuxxOQ61+KEnnuBO
oo2HQ5EVWkvL247xi4R6yMIRkChqknmhVHKbDVXtygvslPmGspTKjJu/j8yGp4Pj
4zl0yiuPrSw6tKWvgkk6zNFt4f9Ta2Q8qJtNWJRNwyFQ4tdDx1D6+lfbTWTb6/aw
snKv2UBjxVnJg4ppp3hTJW+jDdkLSfeu7U8KVPCoWOCeNg/e1bx9lwJUU7TwqUlV
oM8=
-----END CERTIFICATE-----