Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/RULE9QgsCqxrfAqocjBEIaV2fiE.roa
File:                     RULE9QgsCqxrfAqocjBEIaV2fiE.roa (raw, json)
Hash identifier:          3yltDwHOGVVmUcLrkILNjr71v5c+ExS7GE7awvb+kjs=
Subject key identifier:   45:42:C4:F5:08:2C:0A:AC:6B:7C:0A:A8:72:30:44:21:A5:76:7E:21
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018869F898E7617E8F6E882F0BC93AE58A00
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/RULE9QgsCqxrfAqocjBEIaV2fiE.roa
Signing time:             Tue 30 May 2023 00:04:39 +0000
ROA not before:           Tue 30 May 2023 00:04:39 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:188:69f8:5cf2/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:69:f8:98:e7:61:7e:8f:6e:88:2f:0b:c9:3a:e5:8a:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 30 00:04:39 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4542c4f5082c0aac6b7c0aa872304421a5767e21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:79:d2:f9:8b:c6:0e:a3:5d:3c:7c:18:9e:e8:
                    46:38:d6:02:84:25:69:27:0e:ba:83:3a:1b:9b:d6:
                    a9:06:2b:c0:9c:f6:c6:f6:e9:c4:1f:1c:74:40:b4:
                    a1:0a:39:11:18:48:e4:57:24:02:3f:77:7b:df:bf:
                    30:60:22:3e:b1:ca:e7:86:25:e0:bd:75:dd:93:83:
                    f7:72:f1:f8:68:2f:97:11:9e:56:35:0b:4d:51:bc:
                    cb:ca:bd:a8:a5:c2:ff:84:9e:66:1e:c7:79:c9:22:
                    f7:15:b2:0f:a4:83:fd:00:6f:97:79:ca:86:3b:44:
                    f9:cf:e1:d2:b8:02:4a:22:6a:e2:e8:e0:63:bf:0d:
                    c3:94:3f:a5:6c:b0:b2:ab:8a:93:1d:81:2b:02:37:
                    92:3f:2e:5b:52:34:71:da:b2:93:92:46:b2:c1:50:
                    56:05:7b:4d:f1:66:55:2c:dd:fb:77:ff:31:14:39:
                    a0:81:64:32:d4:6b:85:4e:2b:91:1f:7d:0f:cf:a4:
                    8b:f9:43:00:43:f4:b6:8b:b4:81:61:0d:8d:eb:47:
                    62:4a:6a:c9:0c:f4:03:9f:2c:7b:d4:98:e3:78:ff:
                    5c:45:13:84:41:ee:0c:a9:62:2c:ba:7d:d2:ac:6f:
                    2d:9b:b7:6d:5a:b0:99:a0:31:d1:5e:bf:56:71:b7:
                    2c:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:42:C4:F5:08:2C:0A:AC:6B:7C:0A:A8:72:30:44:21:A5:76:7E:21
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/RULE9QgsCqxrfAqocjBEIaV2fiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         05:a9:1f:1c:f6:95:fc:cf:88:76:e0:4a:3f:cc:14:bd:34:3e:
         d4:4f:12:b1:39:ab:17:aa:b7:8a:33:b3:94:6a:de:23:87:c4:
         50:b7:6e:75:0b:86:eb:a4:28:54:5f:25:4a:2d:9e:bc:a2:b2:
         21:55:6d:e0:c7:df:cd:92:f4:3d:b3:1a:69:b5:a8:f5:8b:9a:
         85:5a:43:0f:9b:4d:d7:ae:e3:71:46:1f:a0:14:fc:83:81:5b:
         8a:99:61:18:69:19:a2:fe:61:2d:d4:b5:5a:3d:fb:55:fd:68:
         81:a7:b2:9a:c3:25:4c:a2:b4:e8:26:9f:8f:9e:e2:6c:5f:3a:
         7c:76:66:5b:83:d0:8d:e0:1d:f1:ff:6d:6b:dd:fe:c1:0a:29:
         2e:13:0f:4a:2d:60:be:4a:6a:9c:e4:d2:90:b1:57:1a:b5:78:
         4d:eb:d9:a8:ad:ed:0c:dd:04:ee:e1:f8:ea:ae:f9:c4:50:9b:
         13:c9:c8:74:8c:41:eb:e7:0a:f4:4f:8e:6a:f8:f3:fb:44:62:
         fc:1b:e6:83:80:3e:49:b3:44:6d:df:f9:36:c9:eb:a6:63:03:
         44:c8:79:fa:89:0d:3f:7a:05:65:b4:83:b0:ea:3a:94:bd:ca:
         1b:1d:e0:3f:f1:94:f4:4b:2e:7f:c8:7b:60:99:61:30:f3:b0:
         f7:bb:06:c4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhp+JjnYX6PbogvC8k65YoAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTMwMDAwNDM5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTQyYzRmNTA4MmMwYWFjNmI3YzBhYTg3MjMwNDQyMWE1NzY3ZTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHnS+YvGDqNdPHwYnuhGONYChCVp
Jw66gzobm9apBivAnPbG9unEHxx0QLShCjkRGEjkVyQCP3d7378wYCI+scrnhiXg
vXXdk4P3cvH4aC+XEZ5WNQtNUbzLyr2opcL/hJ5mHsd5ySL3FbIPpIP9AG+XecqG
O0T5z+HSuAJKImri6OBjvw3DlD+lbLCyq4qTHYErAjeSPy5bUjRx2rKTkkaywVBW
BXtN8WZVLN37d/8xFDmggWQy1GuFTiuRH30Pz6SL+UMAQ/S2i7SBYQ2N60diSmrJ
DPQDnyx71JjjeP9cRROEQe4MqWIsun3SrG8tm7dtWrCZoDHRXr9WcbcsyQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEVCxPUILAqsa3wKqHIwRCGldn4hMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUlVMRTlRZ3NDcXhyZkFxb2NqQkVJYVYyZmlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAWpHxz2lfzPiHbgSj/M
FL00PtRPErE5qxeqt4ozs5Rq3iOHxFC3bnULhuukKFRfJUotnryisiFVbeDH382S
9D2zGmm1qPWLmoVaQw+bTdeu43FGH6AU/IOBW4qZYRhpGaL+YS3UtVo9+1X9aIGn
sprDJUyitOgmn4+e4mxfOnx2ZluD0I3gHfH/bWvd/sEKKS4TD0otYL5Kapzk0pCx
Vxq1eE3r2ait7QzdBO7h+Oqu+cRQmxPJyHSMQevnCvRPjmr48/tEYvwb5oOAPkmz
RG3f+TbJ66ZjA0TIefqJDT96BWW0g7DqOpS9yhsd4D/xlPRLLn/Ie2CZYTDzsPe7
BsQ=
-----END CERTIFICATE-----