Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/UFRjUs3xDggTCTem6IYBOR0YCe8.roa
File:                     UFRjUs3xDggTCTem6IYBOR0YCe8.roa (raw, json)
Hash identifier:          K2S/bGj2nCAllT2tQbHXCuvizq53QSogJkYQOTbcrGk=
Subject key identifier:   50:54:63:52:CD:F1:0E:08:13:09:37:A6:E8:86:01:39:1D:18:09:EF
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188DA36CAA2B228DD73BBA2619CDEE5EEAB
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/UFRjUs3xDggTCTem6IYBOR0YCe8.roa
Signing time:             Tue 20 Jun 2023 19:10:03 +0000
ROA not before:           Tue 20 Jun 2023 19:10:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:da:36:ca:a2:b2:28:dd:73:bb:a2:61:9c:de:e5:ee:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 20 19:10:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=50546352cdf10e08130937a6e88601391d1809ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:eb:7c:6c:55:c6:35:02:86:0d:59:82:cb:a1:
                    61:d9:e9:e7:6c:c4:f2:be:e7:0f:7f:32:84:41:dc:
                    65:d4:9b:4b:1b:c9:16:b0:8b:71:81:cc:49:06:02:
                    76:7d:06:75:69:7c:4d:a4:8f:5c:05:10:25:3a:aa:
                    a5:82:ad:c6:6b:8d:41:2e:cd:49:30:7c:27:f6:e6:
                    ea:a4:5e:7d:2c:62:9a:98:7c:56:d9:22:ca:6a:bd:
                    cd:cb:81:88:3e:18:2f:d5:eb:22:1c:f1:c4:ad:2c:
                    fc:30:9e:0a:d8:15:9c:c4:90:08:96:f7:46:6c:4e:
                    d5:0c:43:74:0b:ed:f5:02:9e:de:6a:d0:a4:df:a8:
                    f2:4b:2a:5b:35:90:0f:ef:ae:85:16:23:a9:82:01:
                    a3:b2:12:7e:28:dd:37:01:bc:16:05:98:54:05:36:
                    bd:90:d9:99:53:21:80:73:9d:90:db:28:7a:88:a7:
                    58:ae:5a:83:15:7b:a6:18:db:c7:f7:bb:e5:87:eb:
                    f3:bc:f9:2f:0d:13:86:a0:7d:5c:f0:61:09:85:0d:
                    35:9e:6e:61:00:d0:a5:73:e3:12:af:0e:d9:3c:cd:
                    2f:8b:cf:7c:32:3f:7b:95:e9:db:37:bd:ff:08:ae:
                    00:44:c9:91:55:e5:8c:02:f0:e3:a4:92:df:99:d7:
                    3f:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:54:63:52:CD:F1:0E:08:13:09:37:A6:E8:86:01:39:1D:18:09:EF
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/UFRjUs3xDggTCTem6IYBOR0YCe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:66:c8:f7:6d:20:e6:4b:e0:38:17:29:86:99:95:50:49:53:
         ee:40:64:ef:b9:2f:05:46:26:68:24:1c:81:ed:2f:ac:ca:95:
         58:99:59:81:9f:43:03:b8:79:4e:66:04:1a:1b:45:07:eb:e4:
         a5:d0:fe:9e:7f:d9:33:a1:e8:5b:0c:3d:51:03:0a:77:6f:b5:
         1c:59:7d:d6:6f:31:d8:e6:28:ae:91:79:54:8e:70:8e:78:d9:
         56:b6:96:77:43:ac:6e:93:ef:ee:23:82:96:18:23:05:b3:8b:
         f7:b0:6d:ab:f2:f2:92:57:a7:71:d7:73:54:ef:30:d0:03:6b:
         ac:81:a0:a6:42:ff:b0:2b:ca:b6:94:b8:2e:9b:f4:9b:62:66:
         b3:54:12:cb:6f:8e:4e:ca:08:0a:5e:3f:0a:f5:06:00:37:29:
         58:99:c5:48:e2:35:2e:4b:d1:4e:cf:68:1c:ba:df:e1:c9:2c:
         44:b7:a1:c2:24:de:8f:67:e8:78:dc:22:26:39:c0:8d:c7:ff:
         b9:4d:9b:0a:55:6e:7b:bf:1a:80:6e:8a:4a:41:f3:70:8c:57:
         1c:d8:24:82:a9:9e:28:60:ec:95:d6:04:cc:9c:ff:f7:52:63:
         69:86:73:91:66:1d:43:62:bf:43:10:13:df:da:fb:17:70:ef:
         25:80:c0:7c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYjaNsqisijdc7uiYZze5e6rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjIwMTkxMDAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDU0NjM1MmNkZjEwZTA4MTMwOTM3YTZlODg2MDEzOTFkMTgwOWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyOt8bFXGNQKGDVmCy6Fh2ennbMTy
vucPfzKEQdxl1JtLG8kWsItxgcxJBgJ2fQZ1aXxNpI9cBRAlOqqlgq3Ga41BLs1J
MHwn9ubqpF59LGKamHxW2SLKar3Ny4GIPhgv1esiHPHErSz8MJ4K2BWcxJAIlvdG
bE7VDEN0C+31Ap7eatCk36jySypbNZAP766FFiOpggGjshJ+KN03AbwWBZhUBTa9
kNmZUyGAc52Q2yh6iKdYrlqDFXumGNvH97vlh+vzvPkvDROGoH1c8GEJhQ01nm5h
ANClc+MSrw7ZPM0vi898Mj97lenbN73/CK4ARMmRVeWMAvDjpJLfmdc/EQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFBUY1LN8Q4IEwk3puiGATkdGAnvMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvVUZSalVzM3hEZ2dUQ1RlbTZJWUJPUjBZQ2U4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABpmyPdtIOZL4DgXKYaZ
lVBJU+5AZO+5LwVGJmgkHIHtL6zKlViZWYGfQwO4eU5mBBobRQfr5KXQ/p5/2TOh
6FsMPVEDCndvtRxZfdZvMdjmKK6ReVSOcI542Va2lndDrG6T7+4jgpYYIwWzi/ew
bavy8pJXp3HXc1TvMNADa6yBoKZC/7AryraUuC6b9JtiZrNUEstvjk7KCApePwr1
BgA3KViZxUjiNS5L0U7PaBy63+HJLES3ocIk3o9n6HjcIiY5wI3H/7lNmwpVbnu/
GoBuikpB83CMVxzYJIKpnihg7JXWBMyc//dSY2mGc5FmHUNiv0MQE9/a+xdw7yWA
wHw=
-----END CERTIFICATE-----