Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PBZGhKRQ-R07gYyQJd_u9YOiJzs.roa
File:                     PBZGhKRQ-R07gYyQJd_u9YOiJzs.roa (raw, json)
Hash identifier:          8BMVgPq60qsx9hIYn3PYEzs/lq5BW+s0RuPyjXASm7c=
Subject key identifier:   3C:16:46:84:A4:50:F9:1D:3B:81:8C:90:25:DF:EE:F5:83:A2:27:3B
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01898611E5E39B4DB9B21F381E198F3223DB
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PBZGhKRQ-R07gYyQJd_u9YOiJzs.roa
Signing time:             Mon 24 Jul 2023 04:04:27 +0000
ROA not before:           Mon 24 Jul 2023 04:04:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:189:8611:d883/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:86:11:e5:e3:9b:4d:b9:b2:1f:38:1e:19:8f:32:23:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 24 04:04:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3c164684a450f91d3b818c9025dfeef583a2273b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:ed:e4:37:1f:31:99:b3:e4:63:66:37:5d:68:
                    88:9c:83:ff:71:15:ef:15:cc:42:93:90:d0:c2:3b:
                    23:2b:a8:5e:f2:3c:08:45:2f:19:b6:ff:c4:12:7a:
                    52:b7:71:36:88:f3:70:6b:19:ac:62:32:2d:8b:0a:
                    75:39:7d:33:63:d4:41:71:5f:6d:84:ba:5b:84:da:
                    41:ef:38:85:6b:91:5c:5f:a3:bd:f9:2b:bc:be:78:
                    40:1b:b1:d2:aa:9d:5b:db:95:dd:de:1b:f8:91:aa:
                    8d:a8:80:93:ef:23:e6:19:f3:8c:e1:79:e0:23:01:
                    50:10:be:f6:11:8a:c2:08:f8:f6:1d:53:ed:9a:df:
                    a6:ea:a6:8b:79:01:ad:35:54:76:a0:34:ce:19:f5:
                    6f:94:ea:49:bf:e0:69:d8:fe:55:ed:62:01:2c:ec:
                    a7:4d:4e:74:0a:da:2c:3d:17:30:5b:56:9b:a3:e6:
                    a3:a4:4e:fd:21:ba:0c:83:cd:81:5e:36:46:63:5c:
                    ea:c2:ff:2a:aa:52:40:07:10:88:ce:8b:b3:de:43:
                    d9:2d:73:6f:f1:ce:7e:f0:2d:0c:c8:96:5f:be:0e:
                    b9:64:83:85:30:b3:b6:b3:3b:79:53:91:9b:7c:b3:
                    fc:ef:89:73:fb:ba:5e:ae:ce:ef:76:0b:cb:fd:34:
                    d5:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:16:46:84:A4:50:F9:1D:3B:81:8C:90:25:DF:EE:F5:83:A2:27:3B
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PBZGhKRQ-R07gYyQJd_u9YOiJzs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:94:a8:47:18:7d:ba:44:b5:e4:5f:97:1d:1c:88:6a:95:3d:
         78:29:a1:37:e6:eb:45:da:90:f2:32:61:10:86:33:8f:8c:77:
         37:2e:fc:1b:8f:0f:e6:99:e4:a3:39:96:4e:80:ac:a0:8e:36:
         f7:1d:c5:b8:fc:6f:2b:11:c2:ac:de:a6:41:b3:3e:91:9c:15:
         ed:10:72:8b:94:62:a2:e1:c5:86:9f:33:10:53:0e:1e:07:bb:
         23:c3:9b:a0:94:e4:b1:36:33:58:c8:36:f0:38:b9:ab:d3:46:
         2e:93:04:bb:3d:c3:bf:a2:5c:1f:51:3f:9d:e2:a0:bd:94:2f:
         74:c0:91:d4:09:7b:b5:b6:2e:ab:5a:01:df:27:e4:42:b0:ba:
         b8:f4:c8:0b:0f:f3:47:a4:a7:14:b1:e1:ae:15:f9:eb:1d:12:
         63:56:69:53:9c:40:53:2a:2a:22:80:55:be:08:cf:22:27:b2:
         65:42:2b:82:23:7e:70:ab:98:bd:12:5e:06:89:b3:5e:31:67:
         db:31:2b:d7:e5:c0:19:7b:92:9f:aa:76:5b:c5:eb:58:bf:e9:
         02:f9:f3:86:7e:8a:e2:89:b3:42:49:80:93:a2:90:a2:ad:76:
         51:bd:b9:d4:00:3f:fa:52:1a:a0:16:d2:e7:a2:6f:0b:6c:20:
         c4:41:d0:af
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYmGEeXjm025sh84HhmPMiPbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzI0MDQwNDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzE2NDY4NGE0NTBmOTFkM2I4MThjOTAyNWRmZWVmNTgzYTIyNzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+3kNx8xmbPkY2Y3XWiInIP/cRXv
FcxCk5DQwjsjK6he8jwIRS8Ztv/EEnpSt3E2iPNwaxmsYjItiwp1OX0zY9RBcV9t
hLpbhNpB7ziFa5FcX6O9+Su8vnhAG7HSqp1b25Xd3hv4kaqNqICT7yPmGfOM4Xng
IwFQEL72EYrCCPj2HVPtmt+m6qaLeQGtNVR2oDTOGfVvlOpJv+Bp2P5V7WIBLOyn
TU50CtosPRcwW1abo+ajpE79IboMg82BXjZGY1zqwv8qqlJABxCIzouz3kPZLXNv
8c5+8C0MyJZfvg65ZIOFMLO2szt5U5GbfLP874lz+7pers7vdgvL/TTVlQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDwWRoSkUPkdO4GMkCXf7vWDoic7MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUEJaR2hLUlEtUjA3Z1l5UUpkX3U5WU9pSnpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFGUqEcYfbpEteRflx0c
iGqVPXgpoTfm60XakPIyYRCGM4+Mdzcu/BuPD+aZ5KM5lk6ArKCONvcdxbj8bysR
wqzepkGzPpGcFe0QcouUYqLhxYafMxBTDh4HuyPDm6CU5LE2M1jINvA4uavTRi6T
BLs9w7+iXB9RP53ioL2UL3TAkdQJe7W2LqtaAd8n5EKwurj0yAsP80ekpxSx4a4V
+esdEmNWaVOcQFMqKiKAVb4IzyInsmVCK4IjfnCrmL0SXgaJs14xZ9sxK9flwBl7
kp+qdlvF61i/6QL584Z+iuKJs0JJgJOikKKtdlG9udQAP/pSGqAW0ueibwtsIMRB
0K8=
-----END CERTIFICATE-----