Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/LzWB0QUf0MAXFoDmbPBb6RWH2sU.roa
File:                     LzWB0QUf0MAXFoDmbPBb6RWH2sU.roa (raw, json)
Hash identifier:          l7PZW9iUtpZlTHXrJG9irl4sUpLgNBQOW03zA4bxFrw=
Subject key identifier:   2F:35:81:D1:05:1F:D0:C0:17:16:80:E6:6C:F0:5B:E9:15:87:DA:C5
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01889065C1D22D18D8AB02A394449BC752A9
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/LzWB0QUf0MAXFoDmbPBb6RWH2sU.roa
Signing time:             Tue 06 Jun 2023 11:09:27 +0000
ROA not before:           Tue 06 Jun 2023 11:09:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:90:65:c1:d2:2d:18:d8:ab:02:a3:94:44:9b:c7:52:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  6 11:09:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2f3581d1051fd0c0171680e66cf05be91587dac5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:b1:c2:9f:c1:4b:a9:6c:d0:69:50:43:72:42:
                    fe:8c:ba:2c:78:ab:c9:c5:04:bd:c9:20:9b:32:cc:
                    fb:f5:01:4a:d6:5a:bb:bd:ef:2f:7e:31:cf:14:8f:
                    c2:ac:df:21:e7:a7:d7:15:2e:5f:b8:f1:37:e3:7e:
                    c9:5a:ec:68:05:ad:d0:8c:bb:1e:6e:07:8a:bc:5d:
                    0f:42:47:1c:e3:04:cc:2a:9b:fd:a8:0b:56:79:8b:
                    77:4e:bb:68:31:06:e0:a5:ba:17:92:54:10:70:f4:
                    11:d7:77:67:0c:32:b2:28:ea:13:4f:f8:e7:20:8f:
                    85:11:ab:c8:98:80:09:8e:b3:0e:df:6e:04:82:b5:
                    b9:dd:a9:63:82:cc:ad:32:12:e1:b3:3b:ed:86:49:
                    b2:57:71:28:9c:c0:59:9c:ec:f1:ce:32:d6:18:70:
                    0c:55:97:df:40:17:bc:21:42:7e:d2:54:0a:e6:ac:
                    a4:2c:76:a0:1b:f7:05:13:6e:5d:7f:b7:83:f0:b1:
                    bb:de:ef:ec:ff:0a:a7:48:fb:96:49:ef:13:d2:f4:
                    22:01:90:79:ca:ff:57:2a:9a:a0:f6:7e:56:c3:4c:
                    67:24:a6:a0:80:37:fa:82:15:ce:9c:bc:b5:c8:ec:
                    84:fe:dc:c8:c7:f3:ab:73:0e:cf:2c:1e:a4:db:a1:
                    c5:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:35:81:D1:05:1F:D0:C0:17:16:80:E6:6C:F0:5B:E9:15:87:DA:C5
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/LzWB0QUf0MAXFoDmbPBb6RWH2sU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         8b:e4:9b:d8:7f:54:2e:17:6f:77:4c:d4:51:b5:6d:8a:d0:b2:
         c6:16:c4:e3:5c:96:40:42:5d:d0:5b:38:50:d3:06:a2:ce:53:
         43:c3:aa:97:5a:71:9f:66:78:c6:1c:24:9a:38:19:5c:89:97:
         fb:88:66:e0:29:98:b6:a3:64:b4:9b:9f:9e:26:33:20:8b:70:
         71:f1:79:d7:26:ea:72:c5:f1:ac:4c:58:82:db:d3:63:76:51:
         71:21:ee:68:f5:59:be:ea:20:d7:51:2f:2c:71:a6:30:3f:2c:
         9b:9d:e0:7d:88:30:47:5e:f5:e0:4d:b8:ca:05:83:d5:bd:e2:
         eb:39:d9:85:10:19:c9:1c:b0:9e:c3:f7:ae:48:f9:d3:11:d6:
         ca:92:b7:ef:2b:42:f3:69:32:d4:86:80:2c:1b:f6:7f:81:9b:
         87:51:69:7d:2a:5d:5a:19:d5:e5:13:9a:e5:c2:7e:78:84:f8:
         09:db:1c:9e:cc:a2:aa:be:6f:42:d5:ad:7f:30:89:a7:bb:f5:
         e0:ee:75:e6:04:06:9b:4f:f2:87:69:0a:a5:fe:9c:0b:85:fc:
         44:13:dd:88:e3:b1:94:ed:46:50:1a:c4:72:a1:e9:04:cc:70:
         b1:0f:41:af:32:56:88:03:36:17:cc:0a:96:60:9c:3d:30:08:
         ee:c7:8e:3d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiQZcHSLRjYqwKjlESbx1KpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA2MTEwOTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjM1ODFkMTA1MWZkMGMwMTcxNjgwZTY2Y2YwNWJlOTE1ODdkYWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmrHCn8FLqWzQaVBDckL+jLoseKvJ
xQS9ySCbMsz79QFK1lq7ve8vfjHPFI/CrN8h56fXFS5fuPE3437JWuxoBa3QjLse
bgeKvF0PQkcc4wTMKpv9qAtWeYt3TrtoMQbgpboXklQQcPQR13dnDDKyKOoTT/jn
II+FEavImIAJjrMO324EgrW53aljgsytMhLhszvthkmyV3EonMBZnOzxzjLWGHAM
VZffQBe8IUJ+0lQK5qykLHagG/cFE25df7eD8LG73u/s/wqnSPuWSe8T0vQiAZB5
yv9XKpqg9n5Ww0xnJKaggDf6ghXOnLy1yOyE/tzIx/Orcw7PLB6k26HFZQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFC81gdEFH9DAFxaA5mzwW+kVh9rFMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvTHpXQjBRVWYwTUFYRm9EbWJQQmI2UldIMnNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIvkm9h/VC4Xb3dM1FG1
bYrQssYWxONclkBCXdBbOFDTBqLOU0PDqpdacZ9meMYcJJo4GVyJl/uIZuApmLaj
ZLSbn54mMyCLcHHxedcm6nLF8axMWILb02N2UXEh7mj1Wb7qINdRLyxxpjA/LJud
4H2IMEde9eBNuMoFg9W94us52YUQGckcsJ7D965I+dMR1sqSt+8rQvNpMtSGgCwb
9n+Bm4dRaX0qXVoZ1eUTmuXCfniE+AnbHJ7Moqq+b0LVrX8wiae79eDudeYEBptP
8odpCqX+nAuF/EQT3YjjsZTtRlAaxHKh6QTMcLEPQa8yVogDNhfMCpZgnD0wCO7H
jj0=
-----END CERTIFICATE-----