Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/LiYNGWCDZNcmCkePdUTrMyD5f9o.roa
File:                     LiYNGWCDZNcmCkePdUTrMyD5f9o.roa (raw, json)
Hash identifier:          zVL5UfsceNlZ6ThwlCV/KduymFPRMoFkizHIV+x73zo=
Subject key identifier:   2E:26:0D:19:60:83:64:D7:26:0A:47:8F:75:44:EB:33:20:F9:7F:DA
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018854F5A540B6A9AF540DC02A9A2CE50A82
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/LiYNGWCDZNcmCkePdUTrMyD5f9o.roa
Signing time:             Thu 25 May 2023 22:09:24 +0000
ROA not before:           Thu 25 May 2023 22:09:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:54:f5:a5:40:b6:a9:af:54:0d:c0:2a:9a:2c:e5:0a:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 25 22:09:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2e260d19608364d7260a478f7544eb3320f97fda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:0b:40:a9:20:1e:4e:8d:e9:01:72:ef:ee:73:
                    67:83:c0:f6:93:a1:ff:fa:94:48:56:87:28:4e:76:
                    d6:ed:f6:2f:06:7f:0e:84:10:88:30:ab:ac:0b:76:
                    91:15:19:98:53:19:d5:28:e2:4e:65:dd:18:9e:da:
                    89:11:e5:dd:10:66:5b:fd:ed:42:09:31:a0:39:57:
                    93:e2:b6:dd:c4:28:4e:f1:1f:67:b3:70:c6:f7:3b:
                    52:fd:b0:c6:c0:b7:45:bc:ad:d5:98:71:4d:b8:70:
                    16:c0:6f:9f:51:4c:23:6f:b1:48:30:20:31:7a:b1:
                    58:d1:74:c6:5c:3b:a3:b9:e6:d0:11:62:62:77:43:
                    7c:c6:33:0b:31:63:73:78:5d:3f:56:c0:73:30:60:
                    36:f7:b7:68:5b:6c:c5:ef:a5:73:4c:f8:08:5a:85:
                    5e:20:48:a3:5b:b3:a2:c8:9a:5c:a3:37:8e:7a:d9:
                    a6:c5:92:99:86:58:ae:69:87:d2:59:fc:a3:4a:29:
                    9d:28:1f:a8:ac:83:aa:98:87:d4:c5:21:da:b5:38:
                    68:4c:be:34:99:e5:45:80:51:a8:15:16:03:bb:85:
                    eb:51:80:5c:fd:cc:b6:f6:d0:ab:78:ec:fe:10:95:
                    3f:07:3a:8b:fe:7f:69:0f:59:7e:7a:52:ca:b1:a5:
                    b6:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:26:0D:19:60:83:64:D7:26:0A:47:8F:75:44:EB:33:20:F9:7F:DA
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/LiYNGWCDZNcmCkePdUTrMyD5f9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         af:76:62:f0:47:46:e9:f3:85:5f:a6:f3:80:cf:bd:63:9e:0a:
         90:5c:03:a6:1d:73:6a:23:6f:da:80:b2:e4:e2:40:bd:af:6f:
         0d:37:94:43:fb:74:2a:43:08:f9:68:ca:41:12:95:66:f5:a7:
         3d:ad:65:01:28:39:eb:8d:7d:c1:c7:39:29:fa:dd:c0:5e:7f:
         f5:17:81:97:6b:83:19:e8:85:0a:62:ea:d6:c8:ac:38:11:5c:
         8f:d5:52:e3:70:a5:ed:80:07:e0:e8:ed:06:80:99:ac:42:66:
         13:9a:84:e8:59:b7:3b:7b:23:97:9a:98:3a:47:2d:de:e8:80:
         bc:e4:5a:43:8d:05:91:6c:a4:88:44:d7:8a:8e:b6:cd:66:c3:
         22:ce:57:78:e6:7e:cd:ce:54:7a:78:1f:3d:8c:9b:b0:b4:62:
         7c:4d:31:0f:40:ef:31:e7:ea:42:f3:2e:65:0d:48:32:ae:61:
         c7:f2:09:57:69:de:c7:16:ac:e9:10:74:bd:b4:f1:bb:d3:b5:
         6c:78:8c:ab:2c:d1:c1:5a:c3:79:5f:27:b3:e0:44:26:90:ef:
         f3:89:44:6c:4c:c4:9b:dd:2a:a7:50:3e:49:ed:38:5e:b5:ec:
         ad:7d:3a:91:43:8f:11:eb:00:8a:95:70:d6:a4:81:06:ec:43:
         2a:e3:c8:18
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhU9aVAtqmvVA3AKpos5QqCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTI1MjIwOTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTI2MGQxOTYwODM2NGQ3MjYwYTQ3OGY3NTQ0ZWIzMzIwZjk3ZmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwtAqSAeTo3pAXLv7nNng8D2k6H/
+pRIVocoTnbW7fYvBn8OhBCIMKusC3aRFRmYUxnVKOJOZd0YntqJEeXdEGZb/e1C
CTGgOVeT4rbdxChO8R9ns3DG9ztS/bDGwLdFvK3VmHFNuHAWwG+fUUwjb7FIMCAx
erFY0XTGXDujuebQEWJid0N8xjMLMWNzeF0/VsBzMGA297doW2zF76VzTPgIWoVe
IEijW7OiyJpcozeOetmmxZKZhliuaYfSWfyjSimdKB+orIOqmIfUxSHatThoTL40
meVFgFGoFRYDu4XrUYBc/cy29tCreOz+EJU/BzqL/n9pD1l+elLKsaW2EwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFC4mDRlgg2TXJgpHj3VE6zMg+X/aMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvTGlZTkdXQ0RaTmNtQ2tlUGRVVHJNeUQ1ZjlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAK92YvBHRunzhV+m84DP
vWOeCpBcA6Ydc2ojb9qAsuTiQL2vbw03lEP7dCpDCPloykESlWb1pz2tZQEoOeuN
fcHHOSn63cBef/UXgZdrgxnohQpi6tbIrDgRXI/VUuNwpe2AB+Do7QaAmaxCZhOa
hOhZtzt7I5eamDpHLd7ogLzkWkONBZFspIhE14qOts1mwyLOV3jmfs3OVHp4Hz2M
m7C0YnxNMQ9A7zHn6kLzLmUNSDKuYcfyCVdp3scWrOkQdL208bvTtWx4jKss0cFa
w3lfJ7PgRCaQ7/OJRGxMxJvdKqdQPkntOF617K19OpFDjxHrAIqVcNakgQbsQyrj
yBg=
-----END CERTIFICATE-----