Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/NiXJITOHIb2X30Du2EhqKZ75HCw.roa
File:                     NiXJITOHIb2X30Du2EhqKZ75HCw.roa (raw, json)
Hash identifier:          SPymKxd/JQ2pnm68QTjeEDsXZ2eB/15krmXqRrW1oZc=
Subject key identifier:   36:25:C9:21:33:87:21:BD:97:DF:40:EE:D8:48:6A:29:9E:F9:1C:2C
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01895F72923E9EC4E9E9848BF919159731D9
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/NiXJITOHIb2X30Du2EhqKZ75HCw.roa
Signing time:             Sun 16 Jul 2023 16:04:51 +0000
ROA not before:           Sun 16 Jul 2023 16:04:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:189:5f72:432/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:5f:72:92:3e:9e:c4:e9:e9:84:8b:f9:19:15:97:31:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 16 16:04:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3625c921338721bd97df40eed8486a299ef91c2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:79:fb:8c:eb:c8:6e:21:0e:14:e8:f1:57:04:
                    26:63:c9:95:69:ce:07:92:be:f2:c0:65:c6:42:d1:
                    7c:36:e9:dc:d3:3d:9b:fc:e8:fc:68:88:d8:ae:d1:
                    95:3e:bd:95:7d:df:36:7b:c9:e7:d6:34:8d:58:9b:
                    f1:ee:ab:31:64:66:76:a8:2d:9b:ad:bf:e8:f6:be:
                    0a:e0:79:bf:60:7f:b0:5f:8e:ff:31:1f:f4:56:d6:
                    cd:e1:c5:91:84:af:60:8e:86:5d:a0:59:c6:24:1a:
                    23:64:c3:5d:40:4f:47:8f:72:10:c0:38:8d:c4:1a:
                    96:8f:c5:83:ab:d0:55:2e:f4:3a:fa:80:7c:5d:c4:
                    52:01:20:ff:6e:fb:6c:2a:ac:52:01:d7:65:3f:6f:
                    c1:fc:10:b2:3b:e5:b3:54:3a:30:74:cf:92:ba:97:
                    ce:c3:75:f3:71:e3:72:f9:e8:8b:54:88:96:b4:16:
                    38:b3:0d:13:e2:54:41:6b:89:b8:76:b0:a5:80:7a:
                    d0:45:fa:bb:fe:18:1f:e4:41:e0:cb:71:94:ca:60:
                    86:61:97:48:82:d2:58:9c:78:34:67:bb:c5:fb:b1:
                    e2:32:09:91:ed:a0:3c:cb:ab:f7:f0:80:a2:7f:7c:
                    38:13:a6:a4:2a:58:a5:8f:39:7b:d9:db:73:34:8b:
                    e5:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:25:C9:21:33:87:21:BD:97:DF:40:EE:D8:48:6A:29:9E:F9:1C:2C
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/NiXJITOHIb2X30Du2EhqKZ75HCw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         83:34:b9:2d:1d:c3:27:89:fc:ab:6c:87:b7:7c:d9:9f:36:7f:
         7f:96:b4:4b:b2:30:ce:57:04:10:64:a1:a5:36:da:68:fb:2d:
         0c:05:76:38:9e:2f:5e:a7:03:23:2d:c5:d6:b9:a8:f2:7a:3b:
         1b:ed:cc:09:fa:8b:e5:3e:d7:1c:b9:9e:f6:78:aa:37:97:3e:
         b4:df:7e:e2:d8:e0:6a:60:4a:e2:a2:38:d0:96:b5:ee:c1:e5:
         2b:1e:08:0c:1a:a3:41:c6:33:39:8b:1a:38:65:1a:a1:e3:f5:
         c8:cd:d5:e9:7a:ad:c7:fa:db:4a:54:da:75:1b:ca:98:f4:df:
         26:2e:3f:ba:55:b3:b6:e5:c9:40:1c:d1:f0:ab:d1:f2:91:55:
         f1:35:94:ec:3d:2c:c2:b2:bf:14:c2:66:67:dd:12:d5:1e:ec:
         0f:52:84:54:e5:3a:fc:5e:e3:0b:29:0e:bd:40:0f:07:ad:4b:
         ca:10:55:7b:57:4b:3b:71:16:bc:8c:f7:71:72:92:4e:b2:3e:
         e4:27:3f:4c:be:59:05:d6:ad:8b:98:ac:f8:59:ba:27:ed:9b:
         3d:85:a2:61:90:a1:b6:4c:42:9f:73:2a:27:04:d1:af:f0:19:
         5b:22:25:55:e9:e9:94:71:7c:f4:42:cb:41:0c:e5:5e:d1:ec:
         4d:a0:7d:3c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlfcpI+nsTp6YSL+RkVlzHZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzE2MTYwNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjI1YzkyMTMzODcyMWJkOTdkZjQwZWVkODQ4NmEyOTllZjkxYzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxnn7jOvIbiEOFOjxVwQmY8mVac4H
kr7ywGXGQtF8Nunc0z2b/Oj8aIjYrtGVPr2Vfd82e8nn1jSNWJvx7qsxZGZ2qC2b
rb/o9r4K4Hm/YH+wX47/MR/0VtbN4cWRhK9gjoZdoFnGJBojZMNdQE9Hj3IQwDiN
xBqWj8WDq9BVLvQ6+oB8XcRSASD/bvtsKqxSAddlP2/B/BCyO+WzVDowdM+SupfO
w3XzceNy+eiLVIiWtBY4sw0T4lRBa4m4drClgHrQRfq7/hgf5EHgy3GUymCGYZdI
gtJYnHg0Z7vF+7HiMgmR7aA8y6v38ICif3w4E6akKliljzl72dtzNIvlfQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDYlySEzhyG9l99A7thIaime+RwsMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvTmlYSklUT0hJYjJYMzBEdTJFaHFLWjc1SEN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIM0uS0dwyeJ/Ktsh7d8
2Z82f3+WtEuyMM5XBBBkoaU22mj7LQwFdjieL16nAyMtxda5qPJ6OxvtzAn6i+U+
1xy5nvZ4qjeXPrTffuLY4GpgSuKiONCWte7B5SseCAwao0HGMzmLGjhlGqHj9cjN
1el6rcf620pU2nUbypj03yYuP7pVs7blyUAc0fCr0fKRVfE1lOw9LMKyvxTCZmfd
EtUe7A9ShFTlOvxe4wspDr1ADwetS8oQVXtXSztxFryM93Fykk6yPuQnP0y+WQXW
rYuYrPhZuiftmz2FomGQobZMQp9zKicE0a/wGVsiJVXp6ZRxfPRCy0EM5V7R7E2g
fTw=
-----END CERTIFICATE-----