Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KsFJGKThmCK8pPLLRgs663s-jbs.roa
File:                     KsFJGKThmCK8pPLLRgs663s-jbs.roa (raw, json)
Hash identifier:          1+cP4qNQM6XQWwoAXUscNZq3v3pmSdVn/Hx/oa9KXMA=
Subject key identifier:   2A:C1:49:18:A4:E1:98:22:BC:A4:F2:CB:46:0B:3A:EB:7B:3E:8D:BB
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188CE31B4948F222E194C622C0FCA9F9065
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KsFJGKThmCK8pPLLRgs663s-jbs.roa
Signing time:             Sun 18 Jun 2023 11:09:03 +0000
ROA not before:           Sun 18 Jun 2023 11:09:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:ce:31:b4:94:8f:22:2e:19:4c:62:2c:0f:ca:9f:90:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 18 11:09:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2ac14918a4e19822bca4f2cb460b3aeb7b3e8dbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:3c:25:92:c7:6f:3c:84:3c:39:75:21:95:0d:
                    60:0c:86:10:72:cc:3d:e0:7e:81:5f:30:76:0e:a5:
                    18:3c:a0:df:56:55:52:92:c9:f1:ba:94:f1:b0:22:
                    71:ba:99:a6:70:1e:36:5f:2a:e6:25:92:e5:08:1a:
                    e8:9c:cf:17:dd:54:77:f2:11:19:4b:32:bc:9f:f7:
                    af:4a:2b:89:96:26:9c:ff:41:0c:64:52:b8:60:8d:
                    e0:81:de:29:09:ea:91:ed:8d:12:f1:33:e8:fe:ce:
                    ae:d4:93:e4:eb:95:64:a0:4b:b8:eb:ac:76:f5:61:
                    3e:3e:40:87:36:73:ff:bc:db:8f:96:a3:1a:09:52:
                    9f:2f:fa:cf:fc:51:36:c5:6b:e6:9d:a1:87:78:cb:
                    3e:1a:47:3f:57:8b:d5:a7:32:45:e8:25:cb:bd:a7:
                    f0:f4:fa:5c:84:67:4d:fc:53:a8:84:1f:8e:7c:1c:
                    e9:51:33:c9:65:34:73:e0:c1:43:bd:88:10:4b:ac:
                    dd:39:14:56:70:77:27:ab:6f:97:46:45:4e:21:90:
                    36:ca:69:52:f6:59:b6:71:77:64:5a:2f:58:37:32:
                    74:27:c4:a2:da:fd:f6:ad:1d:9f:8d:73:27:18:96:
                    2b:28:aa:e0:cd:84:00:a6:84:fa:54:9d:2b:08:61:
                    fb:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:C1:49:18:A4:E1:98:22:BC:A4:F2:CB:46:0B:3A:EB:7B:3E:8D:BB
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KsFJGKThmCK8pPLLRgs663s-jbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         6b:af:86:f9:5e:fe:42:fe:90:53:b3:99:94:82:df:45:62:95:
         8d:a6:04:19:49:d1:93:80:ee:ac:8f:7f:4c:08:c4:0a:b8:f5:
         7b:1a:d9:ab:d6:11:37:52:2c:94:1e:fe:e4:d1:53:68:e3:8c:
         35:44:b9:c6:c5:d8:db:d0:20:c1:88:e0:1e:5f:be:81:3c:b8:
         f1:17:28:f0:7f:1f:2c:f7:71:c3:9e:8d:76:58:9a:8d:66:96:
         31:78:07:51:6b:28:86:88:de:9d:af:d2:30:e4:ad:c9:ef:52:
         6f:f6:b7:0a:51:a0:d4:9f:64:19:9e:63:83:1c:10:54:03:a1:
         1e:f5:12:2e:16:c9:15:f5:e0:20:9a:b8:48:0f:0f:d6:72:ef:
         dd:51:29:d1:b0:4c:8c:c8:c0:f8:37:4f:33:9b:28:6c:ea:57:
         e7:72:2e:f1:6b:d0:59:fa:e4:f0:78:a2:22:89:c0:50:0d:43:
         ae:a5:53:81:03:c0:ca:5e:e9:78:d2:2b:36:c2:57:bc:d6:65:
         42:4d:c6:b2:87:da:56:a3:53:a3:96:7f:46:64:12:07:43:44:
         2b:d6:13:1f:be:0e:b3:cd:9c:c7:84:8e:9d:e4:2d:34:8d:99:
         eb:6d:60:b7:2c:c9:74:38:47:fc:f2:ca:c5:c8:f7:ed:49:53:
         a5:95:7c:9f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYjOMbSUjyIuGUxiLA/Kn5BlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjE4MTEwOTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWMxNDkxOGE0ZTE5ODIyYmNhNGYyY2I0NjBiM2FlYjdiM2U4ZGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmzwlksdvPIQ8OXUhlQ1gDIYQcsw9
4H6BXzB2DqUYPKDfVlVSksnxupTxsCJxupmmcB42XyrmJZLlCBronM8X3VR38hEZ
SzK8n/evSiuJliac/0EMZFK4YI3ggd4pCeqR7Y0S8TPo/s6u1JPk65VkoEu466x2
9WE+PkCHNnP/vNuPlqMaCVKfL/rP/FE2xWvmnaGHeMs+Gkc/V4vVpzJF6CXLvafw
9PpchGdN/FOohB+OfBzpUTPJZTRz4MFDvYgQS6zdORRWcHcnq2+XRkVOIZA2ymlS
9lm2cXdkWi9YNzJ0J8Si2v32rR2fjXMnGJYrKKrgzYQApoT6VJ0rCGH7EQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCrBSRik4ZgivKTyy0YLOut7Po27MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvS3NGSkdLVGhtQ0s4cFBMTFJnczY2M3MtamJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGuvhvle/kL+kFOzmZSC
30VilY2mBBlJ0ZOA7qyPf0wIxAq49Xsa2avWETdSLJQe/uTRU2jjjDVEucbF2NvQ
IMGI4B5fvoE8uPEXKPB/Hyz3ccOejXZYmo1mljF4B1FrKIaI3p2v0jDkrcnvUm/2
twpRoNSfZBmeY4McEFQDoR71Ei4WyRX14CCauEgPD9Zy791RKdGwTIzIwPg3TzOb
KGzqV+dyLvFr0Fn65PB4oiKJwFANQ66lU4EDwMpe6XjSKzbCV7zWZUJNxrKH2laj
U6OWf0ZkEgdDRCvWEx++DrPNnMeEjp3kLTSNmettYLcsyXQ4R/zyysXI9+1JU6WV
fJ8=
-----END CERTIFICATE-----