Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OhUrj2p9QPYGaEJ-HLRVU0PoEU4.roa
File:                     OhUrj2p9QPYGaEJ-HLRVU0PoEU4.roa (raw, json)
Hash identifier:          /HnHsV5Rm5sNLPRgYfS75XFUQcEUmVHnMAUYsB00pvc=
Subject key identifier:   3A:15:2B:8F:6A:7D:40:F6:06:68:42:7E:1C:B4:55:53:43:E8:11:4E
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0189698F4F251F98880128F3DE5916FCA9DA
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OhUrj2p9QPYGaEJ-HLRVU0PoEU4.roa
Signing time:             Tue 18 Jul 2023 15:12:26 +0000
ROA not before:           Tue 18 Jul 2023 15:12:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:69:8f:4f:25:1f:98:88:01:28:f3:de:59:16:fc:a9:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 18 15:12:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3a152b8f6a7d40f60668427e1cb4555343e8114e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:35:d0:2e:69:38:b7:30:92:5a:f7:fa:5d:cb:
                    fb:e6:10:a2:48:df:99:94:8e:4e:8e:7d:df:5b:e0:
                    90:24:b6:79:ab:cc:79:23:ff:d3:f5:14:bd:0f:f9:
                    a7:20:23:71:d8:e8:6b:a8:7a:e6:51:a7:ea:2a:8d:
                    5a:55:73:cd:97:9b:b6:ce:71:7a:b5:c2:a7:d7:39:
                    9f:57:4a:c5:3f:07:6b:68:fc:85:e8:97:75:65:b7:
                    1e:e2:d5:31:44:17:1b:c4:fd:6b:ef:32:e5:29:51:
                    58:c5:d2:81:59:a4:59:1a:71:e8:35:fd:4e:21:d4:
                    6c:e4:27:f9:aa:cc:bb:d7:30:32:00:ef:8f:a8:54:
                    1e:b6:b3:8e:88:0a:6c:3c:c8:1a:2c:d8:31:03:b1:
                    bf:40:ad:ce:12:56:47:bb:54:14:4f:91:43:0b:ec:
                    c9:4e:a7:ec:bd:e5:e5:c2:04:8a:54:03:e7:d2:b0:
                    5c:9c:a3:f3:34:2a:74:b4:2a:82:e1:b2:fe:9a:b4:
                    c3:c9:30:db:07:a9:eb:43:ff:91:3d:b3:c2:1e:45:
                    89:69:e2:4d:6b:57:32:d7:6c:c5:cb:66:bf:d7:5d:
                    d0:d8:17:3f:a7:34:fd:4f:8a:a3:f2:ec:d3:52:6e:
                    47:14:e0:bf:f3:a0:7a:6c:0a:e2:a8:1d:21:98:96:
                    fc:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:15:2B:8F:6A:7D:40:F6:06:68:42:7E:1C:B4:55:53:43:E8:11:4E
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OhUrj2p9QPYGaEJ-HLRVU0PoEU4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a6:33:4b:85:5c:4f:00:eb:49:72:7f:e1:e6:6f:c6:f3:a6:3e:
         7e:eb:e5:06:86:bf:56:56:40:00:47:17:fd:47:cc:0c:37:24:
         59:89:b2:2b:54:18:ff:38:54:a7:4f:50:61:d1:fb:c8:5a:08:
         f7:48:db:4a:da:77:34:1c:7e:8b:34:1c:b1:d1:69:43:a2:56:
         88:c5:eb:ab:0c:88:b9:b0:54:e4:42:65:fb:52:1d:84:85:05:
         59:4c:44:b9:36:2d:e6:c5:41:44:ec:85:6f:15:82:71:88:98:
         f0:ad:4c:cf:be:f5:f1:c7:04:64:f6:71:75:5a:88:58:e7:dd:
         e4:39:1b:2e:0c:f2:2a:cb:3a:f8:c4:43:25:44:7d:22:dc:19:
         04:4d:2a:f0:f5:63:85:db:74:c1:3a:c4:c0:2f:20:f1:57:55:
         c8:06:4a:35:b5:de:10:47:7c:55:07:3c:43:39:ef:5c:c5:99:
         3b:d3:c4:97:19:69:17:f8:50:f6:23:7d:4b:1f:73:fa:f1:86:
         2f:bf:1c:08:5a:31:a2:f9:d0:71:7a:b0:2e:fd:29:51:67:4f:
         c4:12:66:15:73:21:c3:eb:97:e5:5d:59:0e:18:4a:70:d2:e5:
         fa:b9:f6:c9:80:bb:9e:68:a8:0d:aa:02:8e:ab:45:6b:37:ec:
         b1:e3:96:55
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlpj08lH5iIASjz3lkW/KnaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzE4MTUxMjI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTE1MmI4ZjZhN2Q0MGY2MDY2ODQyN2UxY2I0NTU1MzQzZTgxMTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkzXQLmk4tzCSWvf6Xcv75hCiSN+Z
lI5Ojn3fW+CQJLZ5q8x5I//T9RS9D/mnICNx2OhrqHrmUafqKo1aVXPNl5u2znF6
tcKn1zmfV0rFPwdraPyF6Jd1Zbce4tUxRBcbxP1r7zLlKVFYxdKBWaRZGnHoNf1O
IdRs5Cf5qsy71zAyAO+PqFQetrOOiApsPMgaLNgxA7G/QK3OElZHu1QUT5FDC+zJ
TqfsveXlwgSKVAPn0rBcnKPzNCp0tCqC4bL+mrTDyTDbB6nrQ/+RPbPCHkWJaeJN
a1cy12zFy2a/113Q2Bc/pzT9T4qj8uzTUm5HFOC/86B6bAriqB0hmJb83QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDoVK49qfUD2BmhCfhy0VVND6BFOMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvT2hVcmoycDlRUFlHYUVKLUhMUlZVMFBvRVU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKYzS4VcTwDrSXJ/4eZv
xvOmPn7r5QaGv1ZWQABHF/1HzAw3JFmJsitUGP84VKdPUGHR+8haCPdI20radzQc
fos0HLHRaUOiVojF66sMiLmwVORCZftSHYSFBVlMRLk2LebFQUTshW8VgnGImPCt
TM++9fHHBGT2cXVaiFjn3eQ5Gy4M8irLOvjEQyVEfSLcGQRNKvD1Y4XbdME6xMAv
IPFXVcgGSjW13hBHfFUHPEM571zFmTvTxJcZaRf4UPYjfUsfc/rxhi+/HAhaMaL5
0HF6sC79KVFnT8QSZhVzIcPrl+VdWQ4YSnDS5fq59smAu55oqA2qAo6rRWs37LHj
llU=
-----END CERTIFICATE-----