Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KmNlNUuAg6VLsIX3wLL7DSi9tpE.roa
File:                     KmNlNUuAg6VLsIX3wLL7DSi9tpE.roa (raw, json)
Hash identifier:          tn4CtgMSqstJsUuH3ejcCxidnOPGuhUjUY5Q7yelFSE=
Subject key identifier:   2A:63:65:35:4B:80:83:A5:4B:B0:85:F7:C0:B2:FB:0D:28:BD:B6:91
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018957F74D4FFF8D5C65810ADE201BDD5C02
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KmNlNUuAg6VLsIX3wLL7DSi9tpE.roa
Signing time:             Sat 15 Jul 2023 05:12:52 +0000
ROA not before:           Sat 15 Jul 2023 05:12:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:57:f7:4d:4f:ff:8d:5c:65:81:0a:de:20:1b:dd:5c:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 15 05:12:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2a6365354b8083a54bb085f7c0b2fb0d28bdb691
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:bb:78:8a:89:c6:b6:8e:7e:e2:99:97:c0:b0:
                    42:c6:e1:39:62:15:68:a3:2b:eb:8c:5b:29:72:a6:
                    5f:ef:32:fe:48:b4:9a:0a:96:54:36:64:21:1e:33:
                    cf:75:f2:f5:82:cf:5f:ba:cb:13:39:48:fd:c9:8c:
                    11:a5:60:68:24:5e:24:5e:aa:43:8d:9b:f7:53:c1:
                    db:b2:ba:e5:ea:4c:ba:ec:82:85:6e:21:73:3a:2f:
                    09:44:d3:5c:62:f5:46:bf:cd:a1:5f:6e:61:a0:c8:
                    36:e5:20:6b:8d:37:56:dd:4d:f6:43:0a:81:40:0e:
                    ea:43:db:3a:77:dc:54:7d:da:d8:2e:cb:e3:5b:7d:
                    d8:44:cd:05:f7:fa:40:3d:96:62:d7:c5:4c:5f:cb:
                    eb:ea:6e:f0:36:8a:40:f5:e4:e6:c4:ad:e7:ee:a6:
                    93:d8:b4:35:ba:2f:eb:60:3e:bb:4e:32:76:75:c8:
                    c5:22:08:b9:44:d7:98:c6:40:5d:89:db:98:a3:59:
                    f4:ca:d4:10:a5:6d:77:53:8d:1d:f9:a7:3f:6e:cc:
                    94:22:31:e1:30:e5:60:71:5e:03:4c:99:9d:d9:71:
                    9f:53:85:9c:74:cc:4f:ec:cc:99:60:86:f2:28:69:
                    71:64:7c:17:cc:d9:95:7d:6c:44:17:30:6b:ea:a4:
                    e5:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:63:65:35:4B:80:83:A5:4B:B0:85:F7:C0:B2:FB:0D:28:BD:B6:91
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KmNlNUuAg6VLsIX3wLL7DSi9tpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a3:b9:4d:7e:76:e1:7c:79:f8:1b:5c:80:57:51:fc:f3:19:91:
         7e:51:49:75:42:f4:11:cd:14:c6:c4:53:f9:9f:6d:56:33:ab:
         cf:5b:32:bf:42:da:f6:a2:19:c4:49:f5:d4:64:9e:c7:0d:e7:
         81:6e:0a:c4:9b:9f:17:77:a3:51:7d:8b:25:f8:e7:c9:24:de:
         56:1d:78:41:45:d2:32:f4:c5:d5:d5:ad:1c:78:71:52:e5:60:
         79:62:4e:0a:68:0a:08:84:67:ee:72:86:ad:a4:80:98:a5:fd:
         ce:32:ae:31:1a:19:00:d4:42:99:d6:ad:8a:6c:52:5e:25:37:
         a3:f1:d7:de:68:e4:b3:99:34:23:10:36:66:94:8b:3c:9f:c8:
         33:6d:2c:45:0b:a1:b7:83:22:eb:26:bf:b6:b4:cc:89:f3:84:
         2f:c7:b7:46:f9:c0:80:19:15:67:70:e6:c1:4c:74:87:4c:a4:
         7d:08:65:f1:0f:d7:d0:79:54:6b:cb:27:ee:69:2f:8f:8c:99:
         10:e9:14:de:46:3f:1d:fb:f4:09:eb:60:01:02:1d:1e:66:44:
         8b:fc:83:84:54:86:88:3e:d6:f1:9d:b1:29:71:ac:4c:82:6b:
         42:37:a2:40:0e:f4:21:30:fe:bf:d1:0d:35:92:93:30:74:3a:
         a3:67:a8:03
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlX901P/41cZYEK3iAb3VwCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzE1MDUxMjUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTYzNjUzNTRiODA4M2E1NGJiMDg1ZjdjMGIyZmIwZDI4YmRiNjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh7t4ionGto5+4pmXwLBCxuE5YhVo
oyvrjFspcqZf7zL+SLSaCpZUNmQhHjPPdfL1gs9fussTOUj9yYwRpWBoJF4kXqpD
jZv3U8Hbsrrl6ky67IKFbiFzOi8JRNNcYvVGv82hX25hoMg25SBrjTdW3U32QwqB
QA7qQ9s6d9xUfdrYLsvjW33YRM0F9/pAPZZi18VMX8vr6m7wNopA9eTmxK3n7qaT
2LQ1ui/rYD67TjJ2dcjFIgi5RNeYxkBdiduYo1n0ytQQpW13U40d+ac/bsyUIjHh
MOVgcV4DTJmd2XGfU4WcdMxP7MyZYIbyKGlxZHwXzNmVfWxEFzBr6qTlPwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCpjZTVLgIOlS7CF98Cy+w0ovbaRMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvS21ObE5VdUFnNlZMc0lYM3dMTDdEU2k5dHBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKO5TX524Xx5+BtcgFdR
/PMZkX5RSXVC9BHNFMbEU/mfbVYzq89bMr9C2vaiGcRJ9dRknscN54FuCsSbnxd3
o1F9iyX458kk3lYdeEFF0jL0xdXVrRx4cVLlYHliTgpoCgiEZ+5yhq2kgJil/c4y
rjEaGQDUQpnWrYpsUl4lN6Px195o5LOZNCMQNmaUizyfyDNtLEULobeDIusmv7a0
zInzhC/Ht0b5wIAZFWdw5sFMdIdMpH0IZfEP19B5VGvLJ+5pL4+MmRDpFN5GPx37
9AnrYAECHR5mRIv8g4RUhog+1vGdsSlxrEyCa0I3okAO9CEw/r/RDTWSkzB0OqNn
qAM=
-----END CERTIFICATE-----