Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/S2uVno0t_QL8q5ipw5aviJgAEMw.roa
File:                     S2uVno0t_QL8q5ipw5aviJgAEMw.roa (raw, json)
Hash identifier:          HJRfvKWc/pWb4ReqF0hOFzbPqBkpjxq35pnxjtsehfU=
Subject key identifier:   4B:6B:95:9E:8D:2D:FD:02:FC:AB:98:A9:C3:96:AF:88:98:00:10:CC
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188B170DBB32292558D18EB9A7641E4E0DF
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/S2uVno0t_QL8q5ipw5aviJgAEMw.roa
Signing time:             Mon 12 Jun 2023 21:09:03 +0000
ROA not before:           Mon 12 Jun 2023 21:09:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:b1:70:db:b3:22:92:55:8d:18:eb:9a:76:41:e4:e0:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 12 21:09:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4b6b959e8d2dfd02fcab98a9c396af88980010cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:24:da:81:57:46:a0:53:61:9a:0d:9d:91:d0:
                    3f:83:11:36:4c:e9:d2:fa:d2:38:1c:bb:ca:a0:51:
                    6c:3b:3b:b7:2e:b7:e0:29:13:81:0c:8a:aa:8f:4d:
                    8f:e3:13:8a:e7:fb:19:fc:30:b4:a7:3a:98:e2:de:
                    36:e6:2b:6a:df:a1:b7:72:d0:4a:c3:2d:c7:b4:60:
                    09:4d:5b:dd:7d:62:a4:28:64:cb:c0:a6:27:07:ac:
                    fd:3d:88:6d:ab:6c:71:bc:92:df:d1:2d:07:4b:14:
                    e0:98:f1:4c:bb:6c:58:15:8d:63:5b:ae:c6:0a:b5:
                    60:fc:a3:f4:58:27:ec:6e:11:5d:ab:c0:d8:a0:2c:
                    6c:6d:83:38:fb:fb:1b:ae:65:39:d2:f9:15:cb:b6:
                    87:86:a0:fe:38:be:30:d4:16:aa:b8:63:21:eb:c3:
                    1b:c7:33:a2:ca:64:8d:0c:56:c1:68:2e:cf:d0:97:
                    a3:22:d8:d8:48:91:ab:bf:aa:a7:e8:45:9e:7f:cb:
                    f9:2f:fb:a7:b6:9f:2d:19:ae:28:86:5c:a7:a2:7d:
                    ab:52:db:70:52:54:b0:a4:1a:ff:9a:3c:08:7b:48:
                    1a:a8:ab:77:c9:94:b8:2c:2e:8f:de:6f:80:44:75:
                    83:3a:df:3b:11:9f:da:c7:8e:89:3f:32:8a:8c:2b:
                    7b:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:6B:95:9E:8D:2D:FD:02:FC:AB:98:A9:C3:96:AF:88:98:00:10:CC
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/S2uVno0t_QL8q5ipw5aviJgAEMw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a9:39:b0:d1:31:7a:15:5f:90:f9:33:ee:5b:4b:e7:98:82:89:
         c2:b8:c6:42:58:63:7f:27:a2:43:60:7d:a3:35:e8:3b:5c:70:
         db:e1:06:57:93:df:60:18:bd:bf:97:5c:55:8f:48:01:ed:0f:
         95:6d:8c:14:af:3b:cd:f4:fa:c1:8a:05:bf:3a:88:03:a9:32:
         a3:3c:1d:30:6b:f2:ab:82:86:03:f3:3c:0d:d9:bd:cf:95:40:
         be:15:6e:7d:e9:54:23:58:d5:34:52:bd:73:a0:37:3c:37:ed:
         05:1c:1a:3c:de:bc:fe:e3:d2:29:ca:c4:49:38:74:89:3d:de:
         62:83:dc:c3:e8:de:99:0b:33:19:9e:91:3a:9c:42:26:61:fd:
         57:3b:2c:90:71:f5:f1:e9:a4:07:41:68:59:3c:73:57:ea:3d:
         eb:90:b4:6d:07:88:ae:ef:a9:1b:d8:09:5c:99:d6:33:6a:c6:
         31:f2:3a:41:35:e0:47:3c:f1:fb:9e:90:23:52:31:fe:ce:17:
         ed:05:38:67:8d:be:c0:ca:3a:55:b7:62:14:b8:d7:b1:f3:0d:
         67:1a:22:bd:a3:b9:65:e4:6a:31:bf:71:64:a8:d3:76:23:51:
         ab:fb:df:75:5d:9c:12:80:2a:38:ce:7d:43:7d:57:2e:10:47:
         3b:df:da:db
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYixcNuzIpJVjRjrmnZB5ODfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjEyMjEwOTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjZiOTU5ZThkMmRmZDAyZmNhYjk4YTljMzk2YWY4ODk4MDAxMGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoSTagVdGoFNhmg2dkdA/gxE2TOnS
+tI4HLvKoFFsOzu3LrfgKROBDIqqj02P4xOK5/sZ/DC0pzqY4t425itq36G3ctBK
wy3HtGAJTVvdfWKkKGTLwKYnB6z9PYhtq2xxvJLf0S0HSxTgmPFMu2xYFY1jW67G
CrVg/KP0WCfsbhFdq8DYoCxsbYM4+/sbrmU50vkVy7aHhqD+OL4w1BaquGMh68Mb
xzOiymSNDFbBaC7P0JejItjYSJGrv6qn6EWef8v5L/untp8tGa4ohlynon2rUttw
UlSwpBr/mjwIe0gaqKt3yZS4LC6P3m+ARHWDOt87EZ/ax46JPzKKjCt7iwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEtrlZ6NLf0C/KuYqcOWr4iYABDMMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUzJ1Vm5vMHRfUUw4cTVpcHc1YXZpSmdBRU13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKk5sNExehVfkPkz7ltL
55iCicK4xkJYY38nokNgfaM16DtccNvhBleT32AYvb+XXFWPSAHtD5VtjBSvO830
+sGKBb86iAOpMqM8HTBr8quChgPzPA3Zvc+VQL4Vbn3pVCNY1TRSvXOgNzw37QUc
GjzevP7j0inKxEk4dIk93mKD3MPo3pkLMxmekTqcQiZh/Vc7LJBx9fHppAdBaFk8
c1fqPeuQtG0HiK7vqRvYCVyZ1jNqxjHyOkE14Ec88fuekCNSMf7OF+0FOGeNvsDK
OlW3YhS417HzDWcaIr2juWXkajG/cWSo03YjUav733VdnBKAKjjOfUN9Vy4QRzvf
2ts=
-----END CERTIFICATE-----