Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SKb4fxj6Hv1-Iuq-2d-tBPM1oAc.roa
File:                     SKb4fxj6Hv1-Iuq-2d-tBPM1oAc.roa (raw, json)
Hash identifier:          aVffirj4+oMQZTLnxp8WcafMvVFkG3LaDWG9TYG0bYk=
Subject key identifier:   48:A6:F8:7F:18:FA:1E:FD:7E:22:EA:BE:D9:DF:AD:04:F3:35:A0:07
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188DFCBCFE1F0C978D91D57EC04E23D58E2
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SKb4fxj6Hv1-Iuq-2d-tBPM1oAc.roa
Signing time:             Wed 21 Jun 2023 21:10:56 +0000
ROA not before:           Wed 21 Jun 2023 21:10:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:df:cb:cf:e1:f0:c9:78:d9:1d:57:ec:04:e2:3d:58:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 21 21:10:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=48a6f87f18fa1efd7e22eabed9dfad04f335a007
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:58:de:83:5a:00:0e:a8:80:48:1f:05:95:8a:
                    40:7a:c6:43:ae:4c:6e:1c:a9:c5:52:1e:42:cb:e6:
                    44:12:87:b6:39:bd:12:5d:4e:94:fc:2c:bd:45:3f:
                    8c:7d:de:60:c3:6d:f4:bd:58:00:63:bb:b7:ba:ba:
                    1e:81:20:00:38:32:2d:e2:c3:b2:a9:a8:ee:51:2c:
                    8f:73:bd:b6:8c:f6:fd:70:c5:01:14:b1:e2:77:b2:
                    d2:fc:69:9e:7b:a4:a1:d5:f4:2e:9f:58:05:58:3e:
                    61:4c:c4:6e:0b:e5:95:38:1c:14:76:77:e4:b8:79:
                    89:d9:b3:cb:61:60:af:43:cb:e3:c8:e2:f9:93:c1:
                    1c:0c:75:89:c1:04:74:f8:18:f2:90:28:72:87:2e:
                    26:f1:5a:b0:45:60:c2:e4:4e:4b:8a:f1:40:06:43:
                    ff:99:7e:ae:11:c0:4b:4a:04:fa:59:d4:6c:84:65:
                    d7:45:89:c4:2c:48:02:00:39:33:a2:0d:b7:c2:a3:
                    14:04:2d:5d:21:85:0e:f1:7c:4c:d1:c1:19:ac:b7:
                    eb:51:c3:42:c3:2d:bb:20:0f:be:8e:84:33:1c:c2:
                    b9:d4:81:c1:92:7b:7b:75:b6:46:d4:77:a9:85:c3:
                    59:3b:ec:25:50:e1:9e:60:67:21:eb:25:75:04:c9:
                    b7:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:A6:F8:7F:18:FA:1E:FD:7E:22:EA:BE:D9:DF:AD:04:F3:35:A0:07
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SKb4fxj6Hv1-Iuq-2d-tBPM1oAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         4d:ef:51:27:f9:6c:43:26:d3:41:d9:86:c7:7a:6d:45:d5:da:
         cd:76:15:c8:4e:59:cf:f3:28:5a:e9:dd:be:7f:83:5a:26:c1:
         13:22:8b:b3:fb:65:3c:d6:a7:2d:3e:a7:f5:95:92:57:b8:c7:
         71:ac:fa:18:86:d3:22:60:f5:c2:b2:87:28:6e:b5:a5:cf:83:
         ea:0c:f4:9d:31:f7:93:f8:23:7e:d4:d3:23:b1:28:97:e9:e2:
         44:b6:ee:36:ff:c2:b7:c3:d3:dc:8d:e5:81:9b:b5:dd:36:e9:
         e1:e4:00:f5:72:ba:ea:6f:fe:48:be:0f:7f:fc:c4:dc:0a:a5:
         f8:de:5b:ed:d3:33:a3:b2:a3:3b:af:e5:2f:78:6e:12:78:e7:
         06:a1:2f:1d:4e:ec:3b:f9:1f:0b:b9:85:e9:67:d9:9e:4a:43:
         5b:b4:8e:37:43:b6:c4:3c:1c:f8:0d:d3:1f:e6:91:a9:71:b8:
         d2:8b:30:f7:ae:5b:21:08:70:04:1f:ee:74:f2:95:76:49:b6:
         c1:6b:b2:28:dc:b9:56:2b:42:01:47:0b:e3:12:45:65:78:c6:
         a5:c1:d9:d5:a8:ec:d5:c7:96:eb:69:1c:6f:8b:9c:56:bd:32:
         7e:f3:46:76:7d:b1:4a:c1:a8:7c:72:28:60:39:d8:9b:a6:15:
         5d:21:f6:e8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYjfy8/h8Ml42R1X7ATiPVjiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjIxMjExMDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGE2Zjg3ZjE4ZmExZWZkN2UyMmVhYmVkOWRmYWQwNGYzMzVhMDA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoljeg1oADqiASB8FlYpAesZDrkxu
HKnFUh5Cy+ZEEoe2Ob0SXU6U/Cy9RT+Mfd5gw230vVgAY7u3uroegSAAODIt4sOy
qajuUSyPc722jPb9cMUBFLHid7LS/Gmee6Sh1fQun1gFWD5hTMRuC+WVOBwUdnfk
uHmJ2bPLYWCvQ8vjyOL5k8EcDHWJwQR0+BjykChyhy4m8VqwRWDC5E5LivFABkP/
mX6uEcBLSgT6WdRshGXXRYnELEgCADkzog23wqMUBC1dIYUO8XxM0cEZrLfrUcNC
wy27IA++joQzHMK51IHBknt7dbZG1HephcNZO+wlUOGeYGch6yV1BMm3gwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEim+H8Y+h79fiLqvtnfrQTzNaAHMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvU0tiNGZ4ajZIdjEtSXVxLTJkLXRCUE0xb0FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAE3vUSf5bEMm00HZhsd6
bUXV2s12FchOWc/zKFrp3b5/g1omwRMii7P7ZTzWpy0+p/WVkle4x3Gs+hiG0yJg
9cKyhyhutaXPg+oM9J0x95P4I37U0yOxKJfp4kS27jb/wrfD09yN5YGbtd026eHk
APVyuupv/ki+D3/8xNwKpfjeW+3TM6Oyozuv5S94bhJ45wahLx1O7Dv5Hwu5heln
2Z5KQ1u0jjdDtsQ8HPgN0x/mkalxuNKLMPeuWyEIcAQf7nTylXZJtsFrsijcuVYr
QgFHC+MSRWV4xqXB2dWo7NXHlutpHG+LnFa9Mn7zRnZ9sUrBqHxyKGA52JumFV0h
9ug=
-----END CERTIFICATE-----