Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Lb-nkawO3WoceoRa1CsgBkCKu5E.roa
File:                     Lb-nkawO3WoceoRa1CsgBkCKu5E.roa (raw, json)
Hash identifier:          shXE7AzyCtkyFbhVYa5vroeGTO/9deL5sYsmymxDgXI=
Subject key identifier:   2D:BF:A7:91:AC:0E:DD:6A:1C:7A:84:5A:D4:2B:20:06:40:8A:BB:91
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188C6782B18F313A21B6F7CD8A5F328CA38
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Lb-nkawO3WoceoRa1CsgBkCKu5E.roa
Signing time:             Fri 16 Jun 2023 23:09:04 +0000
ROA not before:           Fri 16 Jun 2023 23:09:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:c6:78:2b:18:f3:13:a2:1b:6f:7c:d8:a5:f3:28:ca:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 16 23:09:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2dbfa791ac0edd6a1c7a845ad42b2006408abb91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:39:85:61:b5:61:37:73:ea:47:96:d2:c3:4a:
                    b5:88:82:1c:03:ba:0e:52:90:f1:53:71:b6:2b:4f:
                    bf:c4:2c:89:57:dd:80:ae:6f:35:d3:ce:21:7a:3a:
                    43:cc:e1:f4:59:51:5d:7a:15:20:1f:1d:60:ca:cc:
                    c2:37:bf:5c:70:98:70:df:f8:b8:ae:ba:43:07:bd:
                    0a:b0:31:90:0d:ad:61:5f:ad:a0:d1:7b:23:3a:52:
                    31:9f:6e:d4:75:1a:8c:67:ab:cc:c7:af:a8:60:cb:
                    ec:0d:ea:a2:78:38:74:2c:84:3e:7b:e7:23:44:eb:
                    85:52:2c:63:d0:b3:78:26:71:b9:39:8f:a9:41:83:
                    3c:4f:0b:e6:fc:cb:44:a0:7a:89:52:e5:28:c5:cf:
                    f5:51:f7:17:a7:1f:4c:2a:87:bc:4a:b1:38:0a:ec:
                    c5:eb:7f:b1:58:c7:2b:7d:e3:cf:c9:53:f0:5d:48:
                    59:45:09:c3:75:96:90:33:1e:f6:8d:39:54:20:38:
                    9b:10:ba:13:83:ac:79:07:7c:b2:f5:8d:a4:d7:80:
                    76:4d:81:08:6e:20:5e:0b:5e:93:b2:6c:0b:cc:0d:
                    87:fc:ef:96:e3:fb:c3:bd:28:98:3f:5e:84:39:8e:
                    83:4f:17:24:db:b7:5a:1d:c0:b3:8c:4c:c1:c4:7b:
                    99:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:BF:A7:91:AC:0E:DD:6A:1C:7A:84:5A:D4:2B:20:06:40:8A:BB:91
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Lb-nkawO3WoceoRa1CsgBkCKu5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         5b:d0:c6:d7:39:2c:a5:27:70:ba:5d:96:bb:64:61:1a:80:11:
         e8:4a:59:d2:3d:79:99:3c:46:e2:7d:9f:25:9e:dc:46:db:aa:
         bc:74:cd:8b:c1:5c:8a:92:96:fb:9d:34:3a:3c:75:69:93:36:
         5d:34:53:51:6b:64:7b:34:ce:1a:c2:04:44:25:9b:fa:4b:38:
         03:49:84:e9:8b:81:81:a8:9a:e4:e5:3d:52:09:a3:30:50:33:
         c5:29:90:e7:2b:27:cb:7d:c7:9c:d1:a8:09:28:18:3e:0b:e0:
         14:e8:7a:0f:5a:18:b2:5a:c8:e4:2f:15:45:25:1c:11:b0:4b:
         00:9c:72:71:76:1a:e9:49:47:c1:a2:a0:cd:e2:3d:60:31:bd:
         65:a9:7e:c5:68:cd:fd:8b:fa:a1:32:9d:32:32:4d:5e:82:0c:
         d4:e5:ea:ce:5d:bd:c2:77:1f:7d:ed:6a:42:4f:31:c5:4a:08:
         16:ca:7e:13:4b:95:64:cb:3e:d0:63:45:26:17:a2:cd:c4:01:
         ee:05:51:b2:bf:c5:41:ae:10:f7:79:e0:65:fd:c2:ad:12:b9:
         f6:fb:fc:33:7e:6f:93:8b:aa:55:d3:7f:13:b3:76:6b:45:2b:
         15:ad:99:30:d3:2b:df:d3:8e:6b:93:03:33:0c:cf:3b:7f:16:
         0d:df:6f:69
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYjGeCsY8xOiG2982KXzKMo4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjE2MjMwOTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGJmYTc5MWFjMGVkZDZhMWM3YTg0NWFkNDJiMjAwNjQwOGFiYjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjmFYbVhN3PqR5bSw0q1iIIcA7oO
UpDxU3G2K0+/xCyJV92Arm81084hejpDzOH0WVFdehUgHx1gyszCN79ccJhw3/i4
rrpDB70KsDGQDa1hX62g0XsjOlIxn27UdRqMZ6vMx6+oYMvsDeqieDh0LIQ+e+cj
ROuFUixj0LN4JnG5OY+pQYM8Twvm/MtEoHqJUuUoxc/1UfcXpx9MKoe8SrE4CuzF
63+xWMcrfePPyVPwXUhZRQnDdZaQMx72jTlUIDibELoTg6x5B3yy9Y2k14B2TYEI
biBeC16TsmwLzA2H/O+W4/vDvSiYP16EOY6DTxck27daHcCzjEzBxHuZXwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFC2/p5GsDt1qHHqEWtQrIAZAiruRMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvTGItbmthd08zV29jZW9SYTFDc2dCa0NLdTVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFvQxtc5LKUncLpdlrtk
YRqAEehKWdI9eZk8RuJ9nyWe3Ebbqrx0zYvBXIqSlvudNDo8dWmTNl00U1FrZHs0
zhrCBEQlm/pLOANJhOmLgYGomuTlPVIJozBQM8UpkOcrJ8t9x5zRqAkoGD4L4BTo
eg9aGLJayOQvFUUlHBGwSwCccnF2GulJR8GioM3iPWAxvWWpfsVozf2L+qEynTIy
TV6CDNTl6s5dvcJ3H33takJPMcVKCBbKfhNLlWTLPtBjRSYXos3EAe4FUbK/xUGu
EPd54GX9wq0Sufb7/DN+b5OLqlXTfxOzdmtFKxWtmTDTK9/TjmuTAzMMzzt/Fg3f
b2k=
-----END CERTIFICATE-----