Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/U6a9BDSjXMAH9tDOO1Q1jdmMa8g.roa
File:                     U6a9BDSjXMAH9tDOO1Q1jdmMa8g.roa (raw, json)
Hash identifier:          SnmklBBFs+EJ5WCxQz71pTXN2RWlMM67KE0OVFzmtLI=
Subject key identifier:   53:A6:BD:04:34:A3:5C:C0:07:F6:D0:CE:3B:54:35:8D:D9:8C:6B:C8
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01897C33F54AD05F5204917208E2EB915671
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/U6a9BDSjXMAH9tDOO1Q1jdmMa8g.roa
Signing time:             Sat 22 Jul 2023 06:05:27 +0000
ROA not before:           Sat 22 Jul 2023 06:05:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:189:7c33:2511/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:7c:33:f5:4a:d0:5f:52:04:91:72:08:e2:eb:91:56:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 22 06:05:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=53a6bd0434a35cc007f6d0ce3b54358dd98c6bc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:ad:5e:34:48:51:47:60:a0:e9:e2:35:9b:e8:
                    40:33:f8:1e:25:f6:50:ef:0a:69:10:bf:99:e9:05:
                    11:36:10:09:37:1d:ea:d3:e8:aa:6a:3f:c4:e0:16:
                    92:35:e9:f7:84:94:3f:18:76:8f:49:50:82:a5:11:
                    19:9d:7e:6c:09:88:70:81:a2:da:74:be:9a:ee:70:
                    52:7d:72:78:67:04:9f:78:ad:ee:cd:e7:86:6a:33:
                    39:e4:1f:b2:e5:bc:1a:97:89:37:60:44:61:15:bc:
                    77:59:9d:1a:2c:0b:45:bb:1e:f1:20:55:d2:f2:46:
                    5e:4e:e2:9b:15:2b:39:72:4f:67:9f:fa:85:ca:8d:
                    a6:ad:16:88:7a:0e:a7:db:8c:ba:1b:c8:cb:ec:90:
                    92:3c:55:e2:f3:5a:bb:07:1e:f4:dc:37:cc:00:43:
                    4b:ea:f8:0f:11:b8:9b:e9:f4:d2:fd:1e:ec:b2:fa:
                    66:83:48:bc:d6:ba:06:f2:3f:1c:98:16:0c:06:5f:
                    29:96:e1:31:a0:ac:89:f7:93:57:47:ba:c5:d0:7d:
                    91:71:54:5d:d8:1b:ee:7d:d4:2d:b4:0a:39:8d:66:
                    87:73:a6:a0:e4:2e:da:73:18:89:9e:b1:ec:06:63:
                    71:1c:31:ca:1d:c0:b1:36:43:21:fe:89:9f:07:67:
                    ae:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:A6:BD:04:34:A3:5C:C0:07:F6:D0:CE:3B:54:35:8D:D9:8C:6B:C8
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/U6a9BDSjXMAH9tDOO1Q1jdmMa8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         07:fc:1c:ad:56:ad:5c:eb:b0:82:07:81:6b:2f:61:bd:9e:e8:
         57:4e:c2:df:7d:7f:b2:20:e4:17:e7:fc:68:f2:a3:32:f5:23:
         16:85:02:a6:72:05:b2:17:1e:bb:2a:b2:7f:45:10:eb:d5:c0:
         25:eb:cf:24:e6:cd:79:d8:f0:e1:96:e0:45:d3:3a:2e:d7:73:
         07:65:ec:f4:a2:99:79:62:d7:67:52:26:d6:ad:b1:36:44:1f:
         47:1c:e8:72:80:2e:e5:47:27:d4:c4:23:e4:e2:e7:15:51:7e:
         84:4b:b6:fc:13:52:a9:62:23:56:0e:e7:38:3e:ea:8c:fb:dc:
         da:e4:46:dc:0f:c5:75:02:38:06:5e:f3:b3:90:b3:dd:7a:23:
         be:f1:e0:9d:a5:02:00:7b:0f:c8:42:ee:4e:ec:5d:a9:1d:e1:
         65:02:b9:56:fc:81:dd:eb:8c:25:02:50:5f:bb:91:f0:83:7c:
         33:68:2f:e2:ef:52:39:c9:05:84:01:22:1a:45:6f:7b:0b:35:
         2b:10:34:ed:4d:6c:9b:03:e3:7d:88:87:8e:9f:52:d0:81:d3:
         e7:87:68:7d:e5:75:77:39:d2:bc:81:db:b1:b9:09:f4:1e:ed:
         83:ee:82:23:65:d5:85:d3:0d:f6:f9:96:ef:47:2d:41:cf:fe:
         22:4c:db:c1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYl8M/VK0F9SBJFyCOLrkVZxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzIyMDYwNTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2E2YmQwNDM0YTM1Y2MwMDdmNmQwY2UzYjU0MzU4ZGQ5OGM2YmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4a1eNEhRR2Cg6eI1m+hAM/geJfZQ
7wppEL+Z6QURNhAJNx3q0+iqaj/E4BaSNen3hJQ/GHaPSVCCpREZnX5sCYhwgaLa
dL6a7nBSfXJ4ZwSfeK3uzeeGajM55B+y5bwal4k3YERhFbx3WZ0aLAtFux7xIFXS
8kZeTuKbFSs5ck9nn/qFyo2mrRaIeg6n24y6G8jL7JCSPFXi81q7Bx703DfMAENL
6vgPEbib6fTS/R7ssvpmg0i81roG8j8cmBYMBl8pluExoKyJ95NXR7rF0H2RcVRd
2BvufdQttAo5jWaHc6ag5C7acxiJnrHsBmNxHDHKHcCxNkMh/omfB2euHQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFOmvQQ0o1zAB/bQzjtUNY3ZjGvIMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvVTZhOUJEU2pYTUFIOXRET08xUTFqZG1NYThnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAf8HK1WrVzrsIIHgWsv
Yb2e6FdOwt99f7Ig5Bfn/GjyozL1IxaFAqZyBbIXHrsqsn9FEOvVwCXrzyTmzXnY
8OGW4EXTOi7Xcwdl7PSimXli12dSJtatsTZEH0cc6HKALuVHJ9TEI+Ti5xVRfoRL
tvwTUqliI1YO5zg+6oz73NrkRtwPxXUCOAZe87OQs916I77x4J2lAgB7D8hC7k7s
Xakd4WUCuVb8gd3rjCUCUF+7kfCDfDNoL+LvUjnJBYQBIhpFb3sLNSsQNO1NbJsD
432Ih46fUtCB0+eHaH3ldXc50ryB27G5CfQe7YPugiNl1YXTDfb5lu9HLUHP/iJM
28E=
-----END CERTIFICATE-----