Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PHurj1n5RzABGJhYzJ_l_FZMOQk.roa
File:                     PHurj1n5RzABGJhYzJ_l_FZMOQk.roa (raw, json)
Hash identifier:          1irLgxs/oCQxWP5MbFVpYua1/o5/LkzlCueZ9vYR+n4=
Subject key identifier:   3C:7B:AB:8F:59:F9:47:30:01:18:98:58:CC:9F:E5:FC:56:4C:39:09
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01881761DCDAC07427A96A8CC8455AA611A0
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PHurj1n5RzABGJhYzJ_l_FZMOQk.roa
Signing time:             Sat 13 May 2023 23:11:09 +0000
ROA not before:           Sat 13 May 2023 23:11:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:17:61:dc:da:c0:74:27:a9:6a:8c:c8:45:5a:a6:11:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 13 23:11:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3c7bab8f59f9473001189858cc9fe5fc564c3909
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:bd:d7:6f:6d:69:a1:76:7a:49:13:3e:e0:69:
                    4d:09:29:0f:00:39:2b:0a:df:98:14:f0:8b:42:14:
                    be:ee:fb:49:bf:e5:36:dd:fa:ef:d3:6d:77:fa:03:
                    5f:60:87:9e:e2:35:80:d8:81:85:f7:90:c9:f2:42:
                    ad:84:1b:96:b0:04:95:cc:24:2c:a3:7e:da:6d:2c:
                    84:78:54:fc:af:77:aa:ee:fd:24:75:3e:d1:87:07:
                    89:53:5e:bd:89:89:95:4b:da:40:f9:06:34:db:a5:
                    b3:f2:99:6f:ab:c5:c5:19:da:56:58:0a:f5:07:01:
                    12:70:bf:c8:10:52:dc:43:54:ea:0b:92:ab:f6:fe:
                    30:40:7e:0b:38:46:b5:16:e0:0d:cb:70:87:f9:9d:
                    86:8e:c4:46:c0:8f:c9:87:6d:94:d7:6c:36:f8:40:
                    90:cd:35:9c:0e:4c:fd:23:37:f3:5f:e1:d4:68:84:
                    4d:51:cb:7b:0c:8e:38:98:f5:45:73:10:e9:5a:b5:
                    43:c8:1d:2e:78:96:a0:70:2c:cb:96:9c:dd:f3:a1:
                    e0:f2:59:5d:43:e0:56:09:2c:f8:6b:c4:db:09:03:
                    eb:e2:3a:28:a4:97:ce:b3:f7:a8:2f:b9:7a:a9:89:
                    5d:b6:1d:dd:ca:6c:b5:b0:3d:6f:fb:ea:d2:76:2f:
                    e7:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:7B:AB:8F:59:F9:47:30:01:18:98:58:CC:9F:E5:FC:56:4C:39:09
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PHurj1n5RzABGJhYzJ_l_FZMOQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         91:c7:ec:1e:ab:25:84:14:f4:8d:70:03:f3:25:ce:cc:d4:b6:
         a1:40:51:e6:1c:8a:7d:c2:95:3b:82:1a:e5:e9:ea:f7:09:e6:
         04:7b:76:9c:e8:b8:4b:4a:fc:a3:27:6f:59:4c:0c:14:2a:e3:
         64:b1:04:90:20:6a:8f:71:1c:ba:a3:61:a3:05:b5:ae:dd:e4:
         34:12:18:65:95:37:2a:06:3d:2f:2c:51:e7:7c:10:e2:b9:39:
         49:0a:ee:d8:a7:e7:40:5b:3a:c9:54:1b:13:23:72:8a:9a:39:
         f8:e9:46:3b:c9:34:7b:01:da:46:2f:bc:86:e3:7f:29:62:ac:
         cd:86:2d:8c:e3:cc:57:0b:ec:09:44:30:00:34:94:62:8b:9a:
         bf:42:61:7b:fb:2d:12:40:b3:6b:4f:ad:8e:6d:3e:82:0f:bc:
         00:d2:2f:3d:62:b0:ba:a1:46:bb:a6:4f:15:fc:9d:3a:f0:3c:
         10:6a:6a:93:71:b7:85:66:c4:a1:ce:d8:6d:9a:c2:a3:49:cc:
         71:40:a2:e2:a8:80:59:0d:be:78:3b:df:d5:f1:29:c6:2e:dd:
         e5:c8:51:98:9d:7a:bd:64:21:37:3b:78:1c:a6:de:ac:10:a3:
         03:c3:23:51:46:e5:df:ad:6b:33:a8:62:f3:c9:16:94:d4:87:
         fc:11:79:33
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgXYdzawHQnqWqMyEVaphGgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTEzMjMxMTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzdiYWI4ZjU5Zjk0NzMwMDExODk4NThjYzlmZTVmYzU2NGMzOTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwr3Xb21poXZ6SRM+4GlNCSkPADkr
Ct+YFPCLQhS+7vtJv+U23frv0213+gNfYIee4jWA2IGF95DJ8kKthBuWsASVzCQs
o37abSyEeFT8r3eq7v0kdT7RhweJU169iYmVS9pA+QY026Wz8plvq8XFGdpWWAr1
BwEScL/IEFLcQ1TqC5Kr9v4wQH4LOEa1FuANy3CH+Z2GjsRGwI/Jh22U12w2+ECQ
zTWcDkz9IzfzX+HUaIRNUct7DI44mPVFcxDpWrVDyB0ueJagcCzLlpzd86Hg8lld
Q+BWCSz4a8TbCQPr4joopJfOs/eoL7l6qYldth3dymy1sD1v++rSdi/nnwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDx7q49Z+UcwARiYWMyf5fxWTDkJMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUEh1cmoxbjVSekFCR0poWXpKX2xfRlpNT1FrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJHH7B6rJYQU9I1wA/Ml
zszUtqFAUeYcin3ClTuCGuXp6vcJ5gR7dpzouEtK/KMnb1lMDBQq42SxBJAgao9x
HLqjYaMFta7d5DQSGGWVNyoGPS8sUed8EOK5OUkK7tin50BbOslUGxMjcoqaOfjp
RjvJNHsB2kYvvIbjfylirM2GLYzjzFcL7AlEMAA0lGKLmr9CYXv7LRJAs2tPrY5t
PoIPvADSLz1isLqhRrumTxX8nTrwPBBqapNxt4VmxKHO2G2awqNJzHFAouKogFkN
vng739XxKcYu3eXIUZider1kITc7eBym3qwQowPDI1FG5d+tazOoYvPJFpTUh/wR
eTM=
-----END CERTIFICATE-----