Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SqLf9YaU18ZZyiBthcSGZmrbyJ0.roa
File:                     SqLf9YaU18ZZyiBthcSGZmrbyJ0.roa (raw, json)
Hash identifier:          GNhHxsxkJw3plpWLqLDmzm37eMWgmiHjHt6LIUyDiaU=
Subject key identifier:   4A:A2:DF:F5:86:94:D7:C6:59:CA:20:6D:85:C4:86:66:6A:DB:C8:9D
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018885E3B2F3592D61DB2752B9F06188E291
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SqLf9YaU18ZZyiBthcSGZmrbyJ0.roa
Signing time:             Sun 04 Jun 2023 10:11:12 +0000
ROA not before:           Sun 04 Jun 2023 10:11:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:85:e3:b2:f3:59:2d:61:db:27:52:b9:f0:61:88:e2:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  4 10:11:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4aa2dff58694d7c659ca206d85c486666adbc89d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:c5:77:6f:89:3c:76:d3:bf:f7:4b:e7:b0:86:
                    b2:8a:65:74:02:1c:73:e6:7c:a7:1c:64:75:f9:57:
                    67:12:a9:a8:40:d3:ee:52:f1:0f:5e:fe:86:f5:48:
                    9a:7f:7d:9a:0d:ef:40:ed:60:74:0b:e8:76:a8:29:
                    e9:d7:33:10:4d:d9:ff:19:16:a3:15:8b:89:f6:39:
                    52:fb:73:73:1c:6f:b2:c3:87:88:3c:75:08:8e:61:
                    fc:09:7a:24:00:18:b6:31:bc:51:c0:b0:54:5c:da:
                    94:f5:1d:b0:c7:eb:a8:37:45:15:ad:29:93:86:a5:
                    0a:42:9a:bc:24:96:1d:b7:d8:e6:11:2a:e8:c9:a4:
                    3d:69:a7:ee:7d:e5:0b:ad:42:d6:ec:54:ab:13:d4:
                    a4:0f:8d:97:e5:fd:a6:80:90:0a:99:31:7a:f2:2e:
                    7e:ab:a0:43:ca:f1:30:6c:a6:43:ef:15:73:25:bd:
                    b6:98:95:46:7e:7b:4d:45:3d:4d:56:fd:54:5d:ce:
                    dc:40:d3:e1:48:2b:69:a0:32:35:e9:b3:97:f5:04:
                    15:76:66:05:07:82:3f:52:95:52:53:c4:4a:df:89:
                    1d:3f:21:8c:97:89:93:27:98:3d:65:83:18:cb:95:
                    8f:c0:ec:69:28:e3:c5:68:e1:1b:b9:1f:ba:5c:d3:
                    61:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:A2:DF:F5:86:94:D7:C6:59:CA:20:6D:85:C4:86:66:6A:DB:C8:9D
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SqLf9YaU18ZZyiBthcSGZmrbyJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         3a:e8:b5:90:bb:e1:ca:01:fe:48:eb:61:f0:db:90:3b:41:a7:
         f5:5b:38:9c:c5:6c:24:cc:58:a4:ef:c8:7a:4b:79:93:16:f4:
         e6:0d:1d:ca:00:35:a7:8a:79:a4:bb:86:ac:45:f3:a1:dc:cb:
         cf:d9:7b:20:1a:f1:60:63:8d:9c:83:f4:f5:6b:da:71:10:6a:
         77:42:09:f6:53:4c:00:da:59:dd:ee:c0:77:84:c7:4f:37:f9:
         cd:d7:ee:dd:33:e3:aa:6c:49:4c:7c:5c:46:7f:45:a6:96:9c:
         60:a0:b0:f8:49:48:cd:a8:61:65:0b:2e:b7:60:36:d0:3c:d1:
         d1:6a:b2:2c:dd:a0:d0:30:2a:4a:52:e3:39:00:c3:21:77:c1:
         bb:d9:c9:89:b6:f6:8e:ad:94:ab:dc:e1:a9:84:cb:98:a6:ff:
         db:c0:f9:d9:7e:b6:cc:17:df:02:70:68:7a:66:d4:c8:df:fe:
         9f:10:31:c9:15:b4:8f:b1:6b:2a:a2:57:e0:2b:8e:66:42:49:
         cb:c4:a6:16:de:75:4a:6d:aa:98:98:9a:40:92:5a:68:ef:84:
         db:c7:96:52:0b:a6:8e:37:89:49:12:56:6f:bd:46:a9:6d:b4:
         11:02:85:da:91:25:cb:eb:5f:fe:37:1d:79:f3:a7:aa:14:f2:
         13:43:3d:44
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiF47LzWS1h2ydSufBhiOKRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA0MTAxMTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWEyZGZmNTg2OTRkN2M2NTljYTIwNmQ4NWM0ODY2NjZhZGJjODlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjsV3b4k8dtO/90vnsIayimV0Ahxz
5nynHGR1+VdnEqmoQNPuUvEPXv6G9Uiaf32aDe9A7WB0C+h2qCnp1zMQTdn/GRaj
FYuJ9jlS+3NzHG+yw4eIPHUIjmH8CXokABi2MbxRwLBUXNqU9R2wx+uoN0UVrSmT
hqUKQpq8JJYdt9jmESroyaQ9aafufeULrULW7FSrE9SkD42X5f2mgJAKmTF68i5+
q6BDyvEwbKZD7xVzJb22mJVGfntNRT1NVv1UXc7cQNPhSCtpoDI16bOX9QQVdmYF
B4I/UpVSU8RK34kdPyGMl4mTJ5g9ZYMYy5WPwOxpKOPFaOEbuR+6XNNhaQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEqi3/WGlNfGWcogbYXEhmZq28idMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvU3FMZjlZYVUxOFpaeWlCdGhjU0dabXJieUowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADrotZC74coB/kjrYfDb
kDtBp/VbOJzFbCTMWKTvyHpLeZMW9OYNHcoANaeKeaS7hqxF86Hcy8/ZeyAa8WBj
jZyD9PVr2nEQandCCfZTTADaWd3uwHeEx083+c3X7t0z46psSUx8XEZ/RaaWnGCg
sPhJSM2oYWULLrdgNtA80dFqsizdoNAwKkpS4zkAwyF3wbvZyYm29o6tlKvc4amE
y5im/9vA+dl+tswX3wJwaHpm1Mjf/p8QMckVtI+xayqiV+ArjmZCScvEphbedUpt
qpiYmkCSWmjvhNvHllILpo43iUkSVm+9RqlttBEChdqRJcvrX/43HXnzp6oU8hND
PUQ=
-----END CERTIFICATE-----