Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/RKDajR53RMbyNx185Fp5dF98VGU.roa
File:                     RKDajR53RMbyNx185Fp5dF98VGU.roa (raw, json)
Hash identifier:          syIOzUIgD/Oes18M1bjsqt67eIwOueoh4non3E1wv2Q=
Subject key identifier:   44:A0:DA:8D:1E:77:44:C6:F2:37:1D:7C:E4:5A:79:74:5F:7C:54:65
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01887AB5C20907F48799595FE400AF99E29A
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/RKDajR53RMbyNx185Fp5dF98VGU.roa
Signing time:             Fri 02 Jun 2023 06:05:12 +0000
ROA not before:           Fri 02 Jun 2023 06:05:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7ab5:2e72/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:7a:b5:c2:09:07:f4:87:99:59:5f:e4:00:af:99:e2:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  2 06:05:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=44a0da8d1e7744c6f2371d7ce45a79745f7c5465
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:8f:24:5b:79:b2:8a:76:b4:19:1c:65:28:4e:
                    bf:94:f3:f5:e7:d3:8b:52:0c:55:08:6a:64:5a:26:
                    99:ea:3c:ff:9c:6f:cf:28:32:4c:4b:5a:60:e9:d7:
                    75:dc:f8:d4:aa:c3:ab:28:82:00:a8:5b:6b:33:a3:
                    e4:cf:ae:5e:0b:49:2e:47:29:84:3d:64:52:1b:b6:
                    38:d3:7d:a2:18:ff:e4:c5:2a:72:20:8f:24:19:19:
                    3c:36:12:fd:f1:86:22:85:32:fb:87:39:76:89:b6:
                    28:f6:28:50:17:b9:e0:95:14:bb:9d:f1:c1:73:c3:
                    bf:b0:fc:cc:ef:7f:34:9d:2a:5e:2f:7f:80:97:e1:
                    b4:6a:2b:06:60:4e:6c:31:b4:3d:ff:3c:77:e3:87:
                    8c:1c:67:42:c8:21:fc:62:f9:22:6a:c4:6e:d5:25:
                    97:01:1d:f6:46:eb:f3:5f:c7:dd:fc:12:91:7a:84:
                    ca:d4:9c:2f:81:63:36:af:c7:14:69:5a:63:cb:36:
                    83:7e:35:84:e1:d1:ba:13:0b:3f:f0:99:a2:22:76:
                    06:14:27:3a:54:35:f9:a3:6c:62:7c:0d:cd:d5:16:
                    7b:89:8b:09:2b:d7:bc:9e:9a:31:45:46:a3:96:65:
                    62:c3:08:08:8e:35:c4:87:ad:d7:56:ec:39:15:a1:
                    f5:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:A0:DA:8D:1E:77:44:C6:F2:37:1D:7C:E4:5A:79:74:5F:7C:54:65
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/RKDajR53RMbyNx185Fp5dF98VGU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:e1:66:14:3b:22:b6:f5:31:5e:6d:0b:12:8f:5d:93:75:3c:
         87:ee:ec:db:07:ad:87:21:69:00:23:83:df:a3:f3:6b:c8:de:
         bd:ee:47:24:f1:85:24:e8:3a:93:91:23:d2:66:99:01:93:1c:
         5c:3f:7c:61:27:b9:33:78:b1:a3:c8:1b:b5:d6:ec:fd:43:8c:
         eb:a9:91:fe:de:07:3e:84:50:ac:a4:bc:75:9a:66:80:e8:b6:
         83:c6:92:3a:0e:7d:b2:3c:d1:f0:ea:6b:22:ad:25:ae:b4:72:
         88:e4:c4:72:55:d6:49:1a:14:9e:05:79:56:b5:e4:2d:8b:4e:
         43:52:b4:65:96:fb:9f:bd:d6:ef:d0:ea:0a:b3:6b:b3:c8:b1:
         48:d9:5d:ef:b7:c2:de:99:42:12:2b:19:a0:08:9f:c3:d4:4b:
         a8:b3:dd:81:29:17:18:08:3a:44:f5:99:db:ef:77:52:1f:7e:
         1a:61:61:1a:f7:53:c4:47:03:f1:b5:bc:6e:7c:14:de:a1:36:
         7e:90:26:10:fe:88:05:fb:66:0d:a8:87:2b:14:97:41:91:f2:
         68:bb:e7:14:84:71:de:b6:2a:16:e6:a2:29:3e:1f:dd:7c:47:
         96:e5:22:72:08:e8:d2:54:c4:52:e6:77:4d:7b:22:3f:26:e2:
         d6:bd:fb:1b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYh6tcIJB/SHmVlf5ACvmeKaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjAyMDYwNTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGEwZGE4ZDFlNzc0NGM2ZjIzNzFkN2NlNDVhNzk3NDVmN2M1NDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoY8kW3myina0GRxlKE6/lPP159OL
UgxVCGpkWiaZ6jz/nG/PKDJMS1pg6dd13PjUqsOrKIIAqFtrM6Pkz65eC0kuRymE
PWRSG7Y4032iGP/kxSpyII8kGRk8NhL98YYihTL7hzl2ibYo9ihQF7nglRS7nfHB
c8O/sPzM7380nSpeL3+Al+G0aisGYE5sMbQ9/zx344eMHGdCyCH8YvkiasRu1SWX
AR32RuvzX8fd/BKReoTK1JwvgWM2r8cUaVpjyzaDfjWE4dG6Ews/8JmiInYGFCc6
VDX5o2xifA3N1RZ7iYsJK9e8npoxRUajlmViwwgIjjXEh63XVuw5FaH1QQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFESg2o0ed0TG8jcdfORaeXRffFRlMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUktEYWpSNTNSTWJ5TngxODVGcDVkRjk4VkdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFHhZhQ7Irb1MV5tCxKP
XZN1PIfu7NsHrYchaQAjg9+j82vI3r3uRyTxhSToOpORI9JmmQGTHFw/fGEnuTN4
saPIG7XW7P1DjOupkf7eBz6EUKykvHWaZoDotoPGkjoOfbI80fDqayKtJa60cojk
xHJV1kkaFJ4FeVa15C2LTkNStGWW+5+91u/Q6gqza7PIsUjZXe+3wt6ZQhIrGaAI
n8PUS6iz3YEpFxgIOkT1mdvvd1IffhphYRr3U8RHA/G1vG58FN6hNn6QJhD+iAX7
Zg2ohysUl0GR8mi75xSEcd62Khbmoik+H918R5blInII6NJUxFLmd017Ij8m4ta9
+xs=
-----END CERTIFICATE-----