Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KhiG-Mv6kKP_j0dYF5r5hQDxLuM.roa
File:                     KhiG-Mv6kKP_j0dYF5r5hQDxLuM.roa (raw, json)
Hash identifier:          0fvIbi5H2brttsKNL4k3zu7SWfzopH7VCjBFwxDwcrg=
Subject key identifier:   2A:18:86:F8:CB:FA:90:A3:FF:8F:47:58:17:9A:F9:85:00:F1:2E:E3
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01877302AE9ED4C26BEA908C23C5D4E1D9F8
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KhiG-Mv6kKP_j0dYF5r5hQDxLuM.roa
Signing time:             Wed 12 Apr 2023 01:09:28 +0000
ROA not before:           Wed 12 Apr 2023 01:09:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:73:02:ae:9e:d4:c2:6b:ea:90:8c:23:c5:d4:e1:d9:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 12 01:09:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2a1886f8cbfa90a3ff8f4758179af98500f12ee3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:14:16:fb:64:49:c7:55:a0:fa:bc:e7:00:55:
                    99:20:9d:5c:0d:6a:6c:09:de:b8:ce:f7:62:95:07:
                    e5:e2:e6:f6:db:dd:5b:56:e6:29:2d:c1:c8:de:1b:
                    b1:ea:03:47:0d:3f:c3:95:2d:98:7e:d2:52:f7:67:
                    88:37:80:48:f6:f8:23:d8:5f:34:da:9f:41:0b:22:
                    49:94:c2:48:41:81:8f:e4:bd:61:0b:5e:a2:24:94:
                    1f:4d:00:0f:3b:2e:20:93:20:ad:2d:ec:39:8c:76:
                    e7:a2:6d:d1:27:9b:b6:91:ea:4c:9d:5d:ad:d1:a4:
                    5a:07:19:a6:f9:c4:d3:e3:bf:9f:80:cd:4c:cf:2c:
                    bf:25:47:b1:01:07:ba:24:3d:5b:52:19:80:35:70:
                    50:a1:af:db:7a:9a:ae:5d:bf:ce:cf:53:66:2c:24:
                    83:63:85:f9:bb:d6:25:77:ef:6f:e9:f1:c3:f8:1d:
                    f2:9e:0f:db:2d:ce:9b:40:7b:86:89:bf:45:eb:6c:
                    23:9c:97:47:59:db:f7:5c:17:9e:73:5d:ec:96:39:
                    84:49:6b:ea:0f:2e:f5:b7:6d:0d:0a:41:0b:9a:74:
                    b4:b5:07:25:5e:b6:27:83:3d:7d:75:66:06:3b:8e:
                    78:92:2b:22:f5:93:d7:76:e0:f0:5f:54:b4:b0:7e:
                    7d:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:18:86:F8:CB:FA:90:A3:FF:8F:47:58:17:9A:F9:85:00:F1:2E:E3
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KhiG-Mv6kKP_j0dYF5r5hQDxLuM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         76:87:9e:a0:dc:8b:86:77:58:a0:a6:16:c1:2a:fb:84:db:65:
         7e:66:7e:78:89:72:17:cc:8b:51:bc:34:3b:8d:32:a9:04:ec:
         5d:c3:c6:91:e6:4e:8c:ba:e8:8c:81:c3:1c:bd:68:b8:67:e1:
         0b:b4:28:cd:80:d1:a8:d6:c9:d4:b1:bd:aa:34:b8:4c:59:f8:
         dd:03:bf:e1:17:f3:ae:03:46:45:f6:0e:6c:cd:72:e8:96:bb:
         c3:05:04:49:12:ce:18:cf:89:6c:1f:c2:4c:88:a0:fe:32:da:
         ba:2b:b2:02:04:db:ab:96:d0:4e:17:8b:4e:74:c3:bb:08:bf:
         de:9c:08:63:32:42:2a:a1:ee:b1:c2:40:55:89:55:84:c2:45:
         44:5c:05:44:dc:52:09:0f:77:f4:31:60:44:f5:ec:1a:82:de:
         ec:e6:d6:dd:b5:2c:4c:d7:5f:ac:6e:f6:b5:73:4d:2d:65:44:
         65:7b:91:25:ee:5a:9a:dd:30:c5:17:a0:b0:d6:8d:f3:b2:86:
         5b:7e:69:ad:c2:2f:1f:e2:58:4e:3f:c1:a8:08:dd:20:f8:46:
         cd:90:a0:25:d8:08:6b:08:d7:61:3b:8f:a4:4f:7e:cd:e7:82:
         33:ce:44:20:1a:c1:3a:d9:85:01:14:5d:cd:59:68:f8:ea:e4:
         46:33:52:3d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdzAq6e1MJr6pCMI8XU4dn4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDEyMDEwOTI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTE4ODZmOGNiZmE5MGEzZmY4ZjQ3NTgxNzlhZjk4NTAwZjEyZWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphQW+2RJx1Wg+rznAFWZIJ1cDWps
Cd64zvdilQfl4ub2291bVuYpLcHI3hux6gNHDT/DlS2YftJS92eIN4BI9vgj2F80
2p9BCyJJlMJIQYGP5L1hC16iJJQfTQAPOy4gkyCtLew5jHbnom3RJ5u2kepMnV2t
0aRaBxmm+cTT47+fgM1Mzyy/JUexAQe6JD1bUhmANXBQoa/bepquXb/Oz1NmLCSD
Y4X5u9Yld+9v6fHD+B3yng/bLc6bQHuGib9F62wjnJdHWdv3XBeec13sljmESWvq
Dy71t20NCkELmnS0tQclXrYngz19dWYGO454kisi9ZPXduDwX1S0sH599wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCoYhvjL+pCj/49HWBea+YUA8S7jMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvS2hpRy1NdjZrS1BfajBkWUY1cjVoUUR4THVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHaHnqDci4Z3WKCmFsEq
+4TbZX5mfniJchfMi1G8NDuNMqkE7F3DxpHmToy66IyBwxy9aLhn4Qu0KM2A0ajW
ydSxvao0uExZ+N0Dv+EX864DRkX2DmzNcuiWu8MFBEkSzhjPiWwfwkyIoP4y2ror
sgIE26uW0E4Xi050w7sIv96cCGMyQiqh7rHCQFWJVYTCRURcBUTcUgkPd/QxYET1
7BqC3uzm1t21LEzXX6xu9rVzTS1lRGV7kSXuWprdMMUXoLDWjfOyhlt+aa3CLx/i
WE4/wagI3SD4Rs2QoCXYCGsI12E7j6RPfs3ngjPORCAawTrZhQEUXc1ZaPjq5EYz
Uj0=
-----END CERTIFICATE-----