Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KznYY49hr3K2PjUl8w49c9-MiAI.roa
File:                     KznYY49hr3K2PjUl8w49c9-MiAI.roa (raw, json)
Hash identifier:          zIOk3uQwghDVXnWYAOVWykjMjYC0crl1rp7jb0fDyiE=
Subject key identifier:   2B:39:D8:63:8F:61:AF:72:B6:3E:35:25:F3:0E:3D:73:DF:8C:88:02
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018983BC0ED354098E4148B527A6015FF5E2
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KznYY49hr3K2PjUl8w49c9-MiAI.roa
Signing time:             Sun 23 Jul 2023 17:11:27 +0000
ROA not before:           Sun 23 Jul 2023 17:11:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:83:bc:0e:d3:54:09:8e:41:48:b5:27:a6:01:5f:f5:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 23 17:11:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2b39d8638f61af72b63e3525f30e3d73df8c8802
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:32:e8:7e:f1:a2:06:da:02:8c:11:8e:6d:ab:
                    bb:e4:b1:fc:10:d4:a2:5e:f5:13:a3:47:5c:e1:6e:
                    be:9a:d0:66:06:65:8c:48:16:c2:9d:3d:48:16:7f:
                    c9:59:e3:83:6d:f3:9b:77:cd:23:17:c8:e1:c2:75:
                    59:9d:fc:92:81:07:fc:a9:9f:f1:08:8a:c5:6d:cc:
                    2a:44:8f:9e:af:55:30:fd:fa:0f:18:0a:52:7f:ae:
                    b8:7d:b1:f0:40:37:b6:7a:33:ef:b9:ca:4b:3d:e3:
                    04:35:1e:11:ef:b8:b0:0a:d7:1e:3a:de:ab:5e:93:
                    07:89:30:fa:df:17:8e:42:23:1e:19:d5:b7:ea:29:
                    06:01:39:4c:3e:fb:99:5e:ce:6b:34:f1:e8:e9:e7:
                    27:86:e1:aa:81:e6:6c:8e:cd:68:71:e8:20:39:be:
                    85:38:16:8f:e7:9a:a0:6c:ea:0c:d6:82:a9:c8:7b:
                    21:19:31:dc:d4:ef:4a:83:5b:8d:d5:26:7e:50:ba:
                    2e:b3:2c:9b:35:9c:b7:f0:63:d3:56:d6:06:35:28:
                    e2:0a:cc:54:5b:10:41:be:42:80:38:2c:3f:09:58:
                    20:9e:30:b2:0d:7d:a0:7d:a7:ba:a2:37:2b:d2:76:
                    2e:45:9b:9f:c5:52:1c:ae:f7:0c:97:7c:6c:fd:ee:
                    df:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:39:D8:63:8F:61:AF:72:B6:3E:35:25:F3:0E:3D:73:DF:8C:88:02
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KznYY49hr3K2PjUl8w49c9-MiAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         44:a6:db:2c:43:dd:57:8f:89:d4:45:69:22:f4:50:d9:ff:8e:
         78:18:30:61:14:28:ce:4a:28:c2:8c:d0:7b:7f:39:7c:94:83:
         bc:73:d4:2d:f1:b9:a3:cd:11:9b:12:92:a5:3b:8d:19:ae:a9:
         b4:ec:fd:ce:9c:e6:b3:e2:cd:d8:d2:4a:32:95:fc:42:71:1a:
         26:27:ed:d5:8c:17:ed:fa:1f:75:1d:be:11:a1:e4:f9:45:aa:
         b0:b5:67:87:8c:87:7c:37:ca:11:d8:73:35:f0:58:1e:fc:56:
         46:59:16:4a:b3:9a:00:e6:34:de:5b:b2:05:24:90:65:3f:82:
         f5:24:a7:27:b9:53:42:76:10:c9:66:40:7f:31:8d:b5:6c:16:
         fd:45:a8:c6:94:f9:e9:fc:07:54:68:d0:bb:db:4e:88:0b:cc:
         78:aa:ca:14:00:46:17:9f:c1:09:58:04:e7:05:c3:0d:18:56:
         5d:94:75:88:9a:b6:43:7d:29:41:9c:e0:0b:1f:cc:2d:90:bc:
         4a:ed:ab:32:1c:5d:4f:38:ea:aa:ad:25:57:25:04:12:b7:79:
         54:14:5a:9d:5e:65:57:96:fc:61:46:fd:14:64:b0:fb:62:17:
         9e:8e:9a:68:05:d8:6f:5b:9d:b7:be:c7:22:fe:28:eb:d7:c4:
         f7:4a:43:a8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYmDvA7TVAmOQUi1J6YBX/XiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzIzMTcxMTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjM5ZDg2MzhmNjFhZjcyYjYzZTM1MjVmMzBlM2Q3M2RmOGM4ODAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjLofvGiBtoCjBGObau75LH8ENSi
XvUTo0dc4W6+mtBmBmWMSBbCnT1IFn/JWeODbfObd80jF8jhwnVZnfySgQf8qZ/x
CIrFbcwqRI+er1Uw/foPGApSf664fbHwQDe2ejPvucpLPeMENR4R77iwCtceOt6r
XpMHiTD63xeOQiMeGdW36ikGATlMPvuZXs5rNPHo6ecnhuGqgeZsjs1oceggOb6F
OBaP55qgbOoM1oKpyHshGTHc1O9Kg1uN1SZ+ULousyybNZy38GPTVtYGNSjiCsxU
WxBBvkKAOCw/CVggnjCyDX2gfae6ojcr0nYuRZufxVIcrvcMl3xs/e7fXwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCs52GOPYa9ytj41JfMOPXPfjIgCMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvS3puWVk0OWhyM0syUGpVbDh3NDljOS1NaUFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAESm2yxD3VePidRFaSL0
UNn/jngYMGEUKM5KKMKM0Ht/OXyUg7xz1C3xuaPNEZsSkqU7jRmuqbTs/c6c5rPi
zdjSSjKV/EJxGiYn7dWMF+36H3UdvhGh5PlFqrC1Z4eMh3w3yhHYczXwWB78VkZZ
FkqzmgDmNN5bsgUkkGU/gvUkpye5U0J2EMlmQH8xjbVsFv1FqMaU+en8B1Ro0Lvb
TogLzHiqyhQARhefwQlYBOcFww0YVl2UdYiatkN9KUGc4AsfzC2QvErtqzIcXU84
6qqtJVclBBK3eVQUWp1eZVeW/GFG/RRksPtiF56OmmgF2G9bnbe+xyL+KOvXxPdK
Q6g=
-----END CERTIFICATE-----