Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/R2vWVHHUUe3cttZqHIXxAXwU8hY.roa
File:                     R2vWVHHUUe3cttZqHIXxAXwU8hY.roa (raw, json)
Hash identifier:          NXHydZ1uRf3j32Y7L/E6Qy21fId329jQxW/fL1HA7OM=
Subject key identifier:   47:6B:D6:54:71:D4:51:ED:DC:B6:D6:6A:1C:85:F1:01:7C:14:F2:16
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188CB2FC122839359684F815BA49A829956
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/R2vWVHHUUe3cttZqHIXxAXwU8hY.roa
Signing time:             Sat 17 Jun 2023 21:08:04 +0000
ROA not before:           Sat 17 Jun 2023 21:08:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:cb:2f:c1:22:83:93:59:68:4f:81:5b:a4:9a:82:99:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 17 21:08:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=476bd65471d451eddcb6d66a1c85f1017c14f216
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:0c:d8:bb:f7:35:aa:3c:f7:2f:79:e6:fb:3e:
                    7a:be:c9:59:07:ec:3a:78:0d:03:62:14:6f:07:b5:
                    5b:03:11:9f:3c:77:35:0a:58:97:1b:7b:7c:31:2c:
                    b4:3b:3d:32:f7:05:32:5e:a9:b3:b6:ef:89:fe:9d:
                    92:4f:de:b7:ac:22:86:ce:cb:fa:60:57:8e:75:23:
                    7d:52:00:75:f5:87:7a:9e:f5:f9:36:e3:36:fe:ee:
                    12:70:a9:5c:44:6b:a1:91:9b:ab:c2:70:66:7a:a7:
                    cc:55:a9:25:20:19:6c:8d:eb:e7:ee:43:07:b2:4b:
                    6b:f6:d4:ee:0c:80:3d:02:46:7a:dc:0b:54:2e:bb:
                    89:55:99:5c:02:9c:6b:f9:7f:77:63:20:25:8f:2a:
                    b3:46:7d:07:3b:e4:59:a4:ff:18:73:6b:09:fe:4d:
                    34:7f:67:77:74:ed:e1:e2:73:5d:57:51:c7:a9:c4:
                    9d:91:14:00:71:b5:2b:e7:f1:49:0e:18:c0:52:e1:
                    32:f8:39:97:54:33:31:0f:ec:a4:2e:9c:9a:7f:96:
                    01:4d:da:67:a6:26:b2:c7:38:db:59:d8:e9:3d:d6:
                    ef:95:3a:6e:4f:c2:7f:85:a8:99:3e:ae:ee:80:c8:
                    aa:b6:47:79:25:93:b3:90:f5:18:e6:94:a3:1b:0a:
                    cb:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:6B:D6:54:71:D4:51:ED:DC:B6:D6:6A:1C:85:F1:01:7C:14:F2:16
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/R2vWVHHUUe3cttZqHIXxAXwU8hY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         95:24:7c:41:ea:79:19:c8:a7:ed:39:7f:c3:1a:28:ea:5e:62:
         cc:60:e1:be:76:83:c0:c2:ce:b1:8f:33:84:c8:54:a3:90:c3:
         b6:f0:10:1a:4b:48:7e:60:b7:5d:ca:09:39:77:23:9d:2a:68:
         90:17:8f:37:2f:86:95:72:36:c7:91:91:c6:b6:7c:f3:77:7c:
         6e:63:86:0d:07:99:8f:a5:b2:45:c3:e7:be:11:91:98:9c:f9:
         8c:3a:5f:6e:51:0a:dc:bb:d4:99:75:b2:01:cd:c3:15:17:47:
         97:bf:36:cd:42:99:55:17:91:56:2d:fb:c3:91:19:a4:e0:84:
         00:b6:03:cf:50:91:d2:67:98:74:6f:c1:98:d3:7d:54:cb:69:
         58:1e:7e:b9:51:b8:b0:c8:91:d8:1d:72:27:5c:72:2d:0b:5b:
         2e:f4:cc:b0:b6:17:d0:eb:d7:b0:df:5f:92:54:f6:c2:1d:52:
         0a:59:be:a0:f5:10:1e:a8:61:39:aa:0e:92:f1:38:d2:da:8f:
         f2:07:b3:24:4d:f4:fd:74:4c:5f:4b:c5:f9:cc:44:17:b5:c2:
         54:38:41:11:8e:2e:b0:85:85:36:2e:27:c3:99:52:75:ae:0b:
         74:d1:cd:a3:b3:e4:0f:e4:be:77:1a:a1:86:b4:2d:56:96:80:
         24:dd:7a:a8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYjLL8Eig5NZaE+BW6SagplWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjE3MjEwODA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzZiZDY1NDcxZDQ1MWVkZGNiNmQ2NmExYzg1ZjEwMTdjMTRmMjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmAzYu/c1qjz3L3nm+z56vslZB+w6
eA0DYhRvB7VbAxGfPHc1CliXG3t8MSy0Oz0y9wUyXqmztu+J/p2ST963rCKGzsv6
YFeOdSN9UgB19Yd6nvX5NuM2/u4ScKlcRGuhkZurwnBmeqfMVaklIBlsjevn7kMH
sktr9tTuDIA9AkZ63AtULruJVZlcApxr+X93YyAljyqzRn0HO+RZpP8Yc2sJ/k00
f2d3dO3h4nNdV1HHqcSdkRQAcbUr5/FJDhjAUuEy+DmXVDMxD+ykLpyaf5YBTdpn
piayxzjbWdjpPdbvlTpuT8J/haiZPq7ugMiqtkd5JZOzkPUY5pSjGwrLcwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEdr1lRx1FHt3LbWahyF8QF8FPIWMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUjJ2V1ZISFVVZTNjdHRacUhJWHhBWHdVOGhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJUkfEHqeRnIp+05f8Ma
KOpeYsxg4b52g8DCzrGPM4TIVKOQw7bwEBpLSH5gt13KCTl3I50qaJAXjzcvhpVy
NseRkca2fPN3fG5jhg0HmY+lskXD574RkZic+Yw6X25RCty71Jl1sgHNwxUXR5e/
Ns1CmVUXkVYt+8ORGaTghAC2A89QkdJnmHRvwZjTfVTLaVgefrlRuLDIkdgdcidc
ci0LWy70zLC2F9Dr17DfX5JU9sIdUgpZvqD1EB6oYTmqDpLxONLaj/IHsyRN9P10
TF9LxfnMRBe1wlQ4QRGOLrCFhTYuJ8OZUnWuC3TRzaOz5A/kvncaoYa0LVaWgCTd
eqg=
-----END CERTIFICATE-----