Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ROk3aglm608nqIilvoGTtkYY4I4.roa
File:                     ROk3aglm608nqIilvoGTtkYY4I4.roa (raw, json)
Hash identifier:          xvv+8uWGjnVuIgf2Wcpe3T/ThD++Z4ur6Q6zCporL8w=
Subject key identifier:   44:E9:37:6A:09:66:EB:4F:27:A8:88:A5:BE:81:93:B6:46:18:E0:8E
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188C3772276DEF58E8DC0DEFFAA8B7CF0C1
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ROk3aglm608nqIilvoGTtkYY4I4.roa
Signing time:             Fri 16 Jun 2023 09:09:04 +0000
ROA not before:           Fri 16 Jun 2023 09:09:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:c3:77:22:76:de:f5:8e:8d:c0:de:ff:aa:8b:7c:f0:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 16 09:09:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=44e9376a0966eb4f27a888a5be8193b64618e08e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:d7:26:54:6c:16:87:32:02:80:17:0e:50:cb:
                    9e:e7:cf:ab:a8:07:e2:b8:a5:f4:1a:2b:ce:c8:f5:
                    be:47:74:02:ba:17:d1:74:3f:5c:58:9c:8c:a1:53:
                    10:05:e1:19:2e:bd:16:67:80:92:cb:fd:fa:a2:88:
                    d5:45:4e:63:d6:49:4c:91:2a:73:9a:bb:10:18:20:
                    95:7a:91:78:e4:ca:5a:8d:14:e9:9e:a2:50:7f:32:
                    e9:03:ec:30:a4:a8:da:0f:ff:0e:7c:bc:b9:c9:39:
                    ef:69:8f:ad:f0:f0:f2:93:b2:3e:5b:9d:38:ab:a5:
                    18:e4:d8:d5:76:20:dc:8a:25:b7:47:5f:1a:2b:62:
                    d3:2f:0a:0d:90:21:13:8b:e0:d2:74:a0:ad:00:78:
                    c9:7c:a1:18:0c:b8:64:84:95:02:76:a9:20:dc:aa:
                    a9:20:cd:b1:c8:df:9c:31:b4:6c:96:5b:7c:b9:8f:
                    e3:75:24:a4:32:38:71:b1:be:2f:1f:1e:28:13:75:
                    f1:84:a5:f1:a2:e4:f9:15:15:9c:48:14:72:6c:ac:
                    62:a8:7a:40:6e:e7:6b:1c:98:30:36:2f:43:ca:ba:
                    72:70:39:d0:1c:9b:15:f3:3e:e4:98:ac:81:ca:db:
                    e5:da:2c:32:96:d7:9f:a5:ee:2c:61:ab:d3:f5:1a:
                    66:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:E9:37:6A:09:66:EB:4F:27:A8:88:A5:BE:81:93:B6:46:18:E0:8E
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ROk3aglm608nqIilvoGTtkYY4I4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:05:9a:cb:21:41:05:f5:f9:07:f7:82:2e:71:49:71:09:a9:
         45:2e:da:cc:6d:d5:49:17:c1:0e:48:ec:52:e2:75:66:30:c4:
         84:a8:d7:f5:67:54:c0:f6:a7:60:7b:4c:5a:59:46:1a:67:ce:
         f6:84:87:97:a1:91:f7:04:ac:a5:5f:33:3e:b8:b4:c5:90:9b:
         22:7c:d5:13:a7:1a:4f:c4:ed:6a:a0:1d:18:07:f7:4b:b2:2a:
         86:99:68:c6:a4:e5:61:07:7b:15:5f:d9:70:a4:d4:f1:52:ab:
         e3:7e:c4:5e:0d:dc:c1:db:62:ed:92:2b:63:98:24:e0:bf:a9:
         89:ad:74:7f:2d:df:ff:fd:0a:bc:0b:9c:f2:df:57:cb:b9:62:
         37:f0:1b:67:be:e0:5b:1d:2a:53:88:fc:1c:80:8c:33:34:75:
         50:3e:95:34:af:ac:9a:91:ba:78:93:65:14:c8:3a:c2:c5:0e:
         3b:a7:9c:80:25:e0:a9:80:fb:a4:a0:88:c7:48:33:1c:05:0e:
         22:26:77:d4:73:67:46:ff:f9:af:17:96:2b:b2:b7:02:6a:6c:
         f8:0d:6f:e2:d0:40:64:f3:27:0c:6f:9a:fc:9a:0e:ec:84:f6:
         0f:b6:16:6a:3d:d7:29:9b:e4:49:0d:6e:b9:d7:1d:f3:7a:db:
         ff:9f:73:0d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYjDdyJ23vWOjcDe/6qLfPDBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjE2MDkwOTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGU5Mzc2YTA5NjZlYjRmMjdhODg4YTViZTgxOTNiNjQ2MThlMDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjtcmVGwWhzICgBcOUMue58+rqAfi
uKX0GivOyPW+R3QCuhfRdD9cWJyMoVMQBeEZLr0WZ4CSy/36oojVRU5j1klMkSpz
mrsQGCCVepF45MpajRTpnqJQfzLpA+wwpKjaD/8OfLy5yTnvaY+t8PDyk7I+W504
q6UY5NjVdiDciiW3R18aK2LTLwoNkCETi+DSdKCtAHjJfKEYDLhkhJUCdqkg3Kqp
IM2xyN+cMbRsllt8uY/jdSSkMjhxsb4vHx4oE3XxhKXxouT5FRWcSBRybKxiqHpA
budrHJgwNi9DyrpycDnQHJsV8z7kmKyBytvl2iwyltefpe4sYavT9RpmLwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFETpN2oJZutPJ6iIpb6Bk7ZGGOCOMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUk9rM2FnbG02MDhucUlpbHZvR1R0a1lZNEk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEoFmsshQQX1+Qf3gi5x
SXEJqUUu2sxt1UkXwQ5I7FLidWYwxISo1/VnVMD2p2B7TFpZRhpnzvaEh5ehkfcE
rKVfMz64tMWQmyJ81ROnGk/E7WqgHRgH90uyKoaZaMak5WEHexVf2XCk1PFSq+N+
xF4N3MHbYu2SK2OYJOC/qYmtdH8t3//9CrwLnPLfV8u5YjfwG2e+4FsdKlOI/ByA
jDM0dVA+lTSvrJqRuniTZRTIOsLFDjunnIAl4KmA+6SgiMdIMxwFDiImd9RzZ0b/
+a8XliuytwJqbPgNb+LQQGTzJwxvmvyaDuyE9g+2Fmo91ymb5EkNbrnXHfN62/+f
cw0=
-----END CERTIFICATE-----