Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OqkSwd_q-krJfHa2YpPoZgiAi78.roa
File:                     OqkSwd_q-krJfHa2YpPoZgiAi78.roa (raw, json)
Hash identifier:          uTTvEgCEIDNDt54s+rstGkkj+RVOglqE0C2XHHm2SRA=
Subject key identifier:   3A:A9:12:C1:DF:EA:FA:4A:C9:7C:76:B6:62:93:E8:66:08:80:8B:BF
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188AC4C762F0DC803D0CCA38E01F1454509
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OqkSwd_q-krJfHa2YpPoZgiAi78.roa
Signing time:             Sun 11 Jun 2023 21:11:12 +0000
ROA not before:           Sun 11 Jun 2023 21:11:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:ac:4c:76:2f:0d:c8:03:d0:cc:a3:8e:01:f1:45:45:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 11 21:11:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3aa912c1dfeafa4ac97c76b66293e86608808bbf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:fd:3a:de:d0:fa:ae:14:26:c8:e2:e6:74:05:
                    35:d1:93:b4:7e:02:4a:1a:fe:99:cb:aa:34:17:19:
                    99:73:81:a0:68:77:a1:c7:f3:12:23:e8:f5:2d:dd:
                    55:8a:1f:ca:0e:a2:a9:3d:f2:0d:0b:45:78:33:a8:
                    40:4b:f6:77:6c:7a:52:6a:bc:51:59:98:7a:f7:96:
                    fb:87:71:66:f9:77:80:45:97:22:c9:4d:0f:c1:0c:
                    be:10:de:b4:74:cb:eb:5c:c3:77:72:2d:7c:bc:30:
                    9d:99:a3:de:b9:ab:fc:11:0d:bb:5e:61:5b:c1:98:
                    84:9f:c9:de:a2:ba:b3:ec:8d:62:90:72:34:1e:22:
                    29:b1:ec:05:26:3a:78:47:c9:22:ef:f7:79:96:d3:
                    a2:8b:84:73:1c:16:4d:dd:19:80:92:91:7a:31:87:
                    e3:da:41:a2:16:2c:d1:80:65:33:4c:fc:e7:a8:63:
                    19:b9:af:d4:ae:8f:60:e1:fe:2f:5a:09:c2:ad:be:
                    2f:18:e7:1f:50:a8:02:41:6d:03:d1:e5:4e:1b:b2:
                    71:3d:5e:d7:46:b5:3c:44:0c:b7:d8:e2:0b:cc:e6:
                    6e:4f:06:95:8c:fc:55:59:53:52:cc:f8:85:ba:bf:
                    c0:4a:97:be:be:dd:fa:71:ef:7a:36:af:48:db:f4:
                    5e:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:A9:12:C1:DF:EA:FA:4A:C9:7C:76:B6:62:93:E8:66:08:80:8B:BF
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OqkSwd_q-krJfHa2YpPoZgiAi78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:9c:ce:be:95:f9:5f:65:e0:29:d0:60:0e:16:32:7e:de:43:
         2f:f7:42:41:73:f7:2e:28:8d:2d:83:be:da:8b:62:7a:79:28:
         5a:19:32:32:3b:ce:c4:3b:f2:b4:e8:90:9f:ae:0d:6d:aa:29:
         21:a1:09:96:97:10:c3:ea:8a:66:1f:81:8f:8f:76:b4:d8:31:
         74:00:0d:59:75:12:75:ff:8f:5b:b5:6a:30:95:e5:79:af:be:
         77:2c:43:1e:6b:80:b0:d1:fc:c3:07:a0:ba:af:80:d3:46:71:
         40:9c:bd:64:5a:18:fc:bd:36:db:e2:0c:8e:4a:98:12:ca:e6:
         1a:7f:47:2c:14:81:a1:c1:7f:df:ab:90:e0:12:52:cc:b0:53:
         b1:47:85:f6:6b:b6:cd:7e:83:67:8c:18:62:6a:3b:50:53:be:
         70:7d:67:af:99:ff:f3:f5:c0:25:06:76:35:bc:33:7e:ce:b0:
         00:99:94:10:e0:17:53:47:e1:f6:7b:5a:4b:dc:03:4b:c0:d7:
         dd:b5:f7:fe:77:6e:30:e3:95:a3:16:d3:60:f7:b2:f1:6c:0a:
         c2:4b:a0:ee:f2:6a:42:4b:9a:4c:8c:3a:0a:92:e0:a7:a8:c1:
         3e:f8:28:01:99:15:51:db:52:3a:a2:be:1b:70:fd:fb:3d:a5:
         0f:4b:b7:d2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYisTHYvDcgD0MyjjgHxRUUJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjExMjExMTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWE5MTJjMWRmZWFmYTRhYzk3Yzc2YjY2MjkzZTg2NjA4ODA4YmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3P063tD6rhQmyOLmdAU10ZO0fgJK
Gv6Zy6o0FxmZc4GgaHehx/MSI+j1Ld1Vih/KDqKpPfINC0V4M6hAS/Z3bHpSarxR
WZh695b7h3Fm+XeARZciyU0PwQy+EN60dMvrXMN3ci18vDCdmaPeuav8EQ27XmFb
wZiEn8neorqz7I1ikHI0HiIpsewFJjp4R8ki7/d5ltOii4RzHBZN3RmAkpF6MYfj
2kGiFizRgGUzTPznqGMZua/Uro9g4f4vWgnCrb4vGOcfUKgCQW0D0eVOG7JxPV7X
RrU8RAy32OILzOZuTwaVjPxVWVNSzPiFur/ASpe+vt36ce96Nq9I2/ReqQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDqpEsHf6vpKyXx2tmKT6GYIgIu/MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvT3FrU3dkX3Eta3JKZkhhMllwUG9aZ2lBaTc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFGczr6V+V9l4CnQYA4W
Mn7eQy/3QkFz9y4ojS2DvtqLYnp5KFoZMjI7zsQ78rTokJ+uDW2qKSGhCZaXEMPq
imYfgY+PdrTYMXQADVl1EnX/j1u1ajCV5XmvvncsQx5rgLDR/MMHoLqvgNNGcUCc
vWRaGPy9NtviDI5KmBLK5hp/RywUgaHBf9+rkOASUsywU7FHhfZrts1+g2eMGGJq
O1BTvnB9Z6+Z//P1wCUGdjW8M37OsACZlBDgF1NH4fZ7WkvcA0vA19219/53bjDj
laMW02D3svFsCsJLoO7yakJLmkyMOgqS4KeowT74KAGZFVHbUjqivhtw/fs9pQ9L
t9I=
-----END CERTIFICATE-----