Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/N_2LorCXsS7D9V_3CnOdLq06EwU.roa
File:                     N_2LorCXsS7D9V_3CnOdLq06EwU.roa (raw, json)
Hash identifier:          jXd+j/OoFlMzLSgpex+eDPoDplRonP77lQgAeEnp3QY=
Subject key identifier:   37:FD:8B:A2:B0:97:B1:2E:C3:F5:5F:F7:0A:73:9D:2E:AD:3A:13:05
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01897E216B263B5B739724F68CCB79F792E7
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/N_2LorCXsS7D9V_3CnOdLq06EwU.roa
Signing time:             Sat 22 Jul 2023 15:04:26 +0000
ROA not before:           Sat 22 Jul 2023 15:04:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:189:7e21:2d7a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:7e:21:6b:26:3b:5b:73:97:24:f6:8c:cb:79:f7:92:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 22 15:04:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=37fd8ba2b097b12ec3f55ff70a739d2ead3a1305
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:b1:86:0e:3a:17:42:f5:1c:93:cc:8b:cf:a0:
                    f4:c6:00:f7:df:5d:ea:dd:14:04:c0:d7:2a:2c:14:
                    e6:0b:1b:97:b5:bb:03:aa:6c:9b:c2:55:eb:8d:88:
                    18:3a:9c:d8:4c:14:47:37:02:33:9f:a6:5b:25:d6:
                    d2:2f:38:cb:a9:9b:26:17:54:6c:a6:31:f1:79:49:
                    a7:7e:d5:58:ac:04:4f:98:77:d6:3c:f5:21:39:9c:
                    67:d3:ef:bf:81:2c:c4:83:d2:cd:3e:96:ba:41:71:
                    9d:4a:61:61:fc:02:4a:d3:7f:d5:19:d6:87:3f:3f:
                    af:d0:7b:23:d8:92:a3:1b:b7:64:bf:27:0f:23:9a:
                    8e:3f:20:c2:8f:53:1c:36:07:12:c5:36:b5:ff:e5:
                    7f:bb:68:91:ca:2c:6f:f2:8e:18:5f:2f:2b:8c:7b:
                    e9:5e:78:96:a8:c2:98:07:5a:7d:d0:19:72:63:a9:
                    bf:b5:98:31:20:50:ee:b5:15:d1:a9:c5:fd:9f:54:
                    11:b1:af:d2:a6:d2:bd:74:4d:e6:65:38:9c:1e:6c:
                    c2:30:87:c9:15:2e:bf:b2:8f:a4:7e:c6:01:0f:69:
                    5f:63:fa:54:f1:fb:16:9a:6e:02:f1:bb:d6:92:a8:
                    c5:97:1d:d6:dc:05:f2:fd:52:eb:da:f5:b7:69:c5:
                    f4:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:FD:8B:A2:B0:97:B1:2E:C3:F5:5F:F7:0A:73:9D:2E:AD:3A:13:05
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/N_2LorCXsS7D9V_3CnOdLq06EwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         72:b5:fe:95:10:74:a5:b6:ad:e0:6d:ae:63:27:98:71:1c:5e:
         f5:29:60:50:fa:04:f2:c8:47:cc:e6:f6:4b:c5:e6:15:5e:92:
         5c:7b:0e:ce:d5:41:cd:b7:2c:d4:1b:05:74:cf:c3:c0:55:0c:
         9f:63:34:e8:df:d7:26:99:e0:66:d5:a7:2b:b3:c7:ad:3d:a7:
         f8:63:06:11:3a:8c:8b:6e:52:98:46:15:65:5f:dc:63:45:80:
         f7:4e:5d:2b:ef:40:83:8e:b2:8a:f5:9a:c5:22:84:00:78:e4:
         25:f4:a6:12:26:46:d0:22:f7:95:f4:0f:58:bb:c0:01:d5:59:
         43:39:c9:ea:ad:d5:ab:b7:5a:c0:87:c7:b5:46:72:db:5d:9a:
         f5:19:b9:b9:f2:d3:19:2c:ca:e1:f5:37:2b:c8:09:9a:06:c7:
         7b:85:7c:7f:8d:fe:a8:e6:fe:53:96:1a:79:a1:ff:86:77:19:
         e3:df:68:b1:19:cc:0d:e8:c1:c1:ce:5e:e1:3a:00:d2:91:be:
         17:51:41:9e:05:03:d7:f4:d3:9d:24:cd:22:01:89:3a:02:f2:
         7a:5b:cf:cd:09:ec:0b:61:e9:a9:d3:54:02:00:95:5c:fa:4e:
         b1:e0:bb:eb:cd:94:a6:95:64:55:3d:2e:75:61:ad:5d:19:ea:
         14:ee:a6:5c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYl+IWsmO1tzlyT2jMt595LnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzIyMTUwNDI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2ZkOGJhMmIwOTdiMTJlYzNmNTVmZjcwYTczOWQyZWFkM2ExMzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo7GGDjoXQvUck8yLz6D0xgD3313q
3RQEwNcqLBTmCxuXtbsDqmybwlXrjYgYOpzYTBRHNwIzn6ZbJdbSLzjLqZsmF1Rs
pjHxeUmnftVYrARPmHfWPPUhOZxn0++/gSzEg9LNPpa6QXGdSmFh/AJK03/VGdaH
Pz+v0Hsj2JKjG7dkvycPI5qOPyDCj1McNgcSxTa1/+V/u2iRyixv8o4YXy8rjHvp
XniWqMKYB1p90BlyY6m/tZgxIFDutRXRqcX9n1QRsa/SptK9dE3mZTicHmzCMIfJ
FS6/so+kfsYBD2lfY/pU8fsWmm4C8bvWkqjFlx3W3AXy/VLr2vW3acX09QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDf9i6Kwl7Euw/Vf9wpznS6tOhMFMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvTl8yTG9yQ1hzUzdEOVZfM0NuT2RMcTA2RXdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHK1/pUQdKW2reBtrmMn
mHEcXvUpYFD6BPLIR8zm9kvF5hVeklx7Ds7VQc23LNQbBXTPw8BVDJ9jNOjf1yaZ
4GbVpyuzx609p/hjBhE6jItuUphGFWVf3GNFgPdOXSvvQIOOsor1msUihAB45CX0
phImRtAi95X0D1i7wAHVWUM5yeqt1au3WsCHx7VGcttdmvUZubny0xksyuH1NyvI
CZoGx3uFfH+N/qjm/lOWGnmh/4Z3GePfaLEZzA3owcHOXuE6ANKRvhdRQZ4FA9f0
050kzSIBiToC8npbz80J7Ath6anTVAIAlVz6TrHgu+vNlKaVZFU9LnVhrV0Z6hTu
plw=
-----END CERTIFICATE-----