Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/UHcbfS4wXZMdn39W2eeLx938fqw.roa
File:                     UHcbfS4wXZMdn39W2eeLx938fqw.roa (raw, json)
Hash identifier:          WiBnvtRPeM7zYD1EllpOzdNrFroicPHzruYrCQmXTKU=
Subject key identifier:   50:77:1B:7D:2E:30:5D:93:1D:9F:7F:56:D9:E7:8B:C7:DD:FC:7E:AC
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188853DFDB3A98051BA528B1A331D2C0554
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/UHcbfS4wXZMdn39W2eeLx938fqw.roa
Signing time:             Sun 04 Jun 2023 07:10:12 +0000
ROA not before:           Sun 04 Jun 2023 07:10:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:85:3d:fd:b3:a9:80:51:ba:52:8b:1a:33:1d:2c:05:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  4 07:10:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=50771b7d2e305d931d9f7f56d9e78bc7ddfc7eac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:3a:93:78:aa:96:6f:71:7e:9b:ea:b3:e2:60:
                    e9:8c:b7:bd:0d:72:4e:0b:3d:bc:c4:c4:0f:66:eb:
                    a9:4f:b4:10:01:21:b8:92:0b:46:14:48:98:9d:1e:
                    6e:64:af:74:a3:6a:51:aa:bd:67:d3:8a:25:ab:17:
                    2c:30:40:e0:82:cb:2e:6b:e0:82:2c:c2:5b:63:a0:
                    b1:40:96:76:24:46:3a:40:e2:35:c5:da:c6:5a:8f:
                    3d:e2:5c:35:ee:d7:b2:c9:13:3e:cb:19:56:bb:c8:
                    5f:6b:20:66:e6:4d:d8:da:7e:a4:de:1f:aa:01:7a:
                    4b:41:37:8e:f4:c6:9e:4e:19:06:eb:fc:34:cb:39:
                    f5:2c:3e:16:2a:d7:44:ad:3a:9e:35:d6:e7:dc:15:
                    ff:ea:46:4b:15:76:20:dd:68:a6:fe:94:d9:b7:25:
                    a2:6d:93:c0:af:77:0b:db:21:c4:43:78:06:07:76:
                    17:c3:a1:e9:af:1d:92:ed:fa:ff:2d:28:5c:1d:d7:
                    ef:23:77:39:54:78:6b:da:de:81:00:2d:3b:b8:56:
                    4b:83:4b:89:3e:b9:77:21:2a:b6:d7:de:2b:44:5d:
                    24:ac:3d:3e:27:3a:77:b9:81:3a:63:82:b7:b9:4a:
                    8d:76:04:69:41:ff:07:57:75:2e:0d:a4:d3:60:36:
                    bf:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:77:1B:7D:2E:30:5D:93:1D:9F:7F:56:D9:E7:8B:C7:DD:FC:7E:AC
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/UHcbfS4wXZMdn39W2eeLx938fqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         47:34:99:df:f0:04:d5:2c:9e:a4:7c:5a:87:cc:98:f0:53:29:
         e8:eb:28:16:b8:1c:d6:ab:4e:5f:88:93:65:17:ee:3f:32:ef:
         74:09:28:57:cd:ea:78:06:f2:c7:2f:1c:98:4e:8a:b1:0b:05:
         d9:c5:38:db:05:2e:3c:48:a8:83:e4:53:a8:67:6a:2d:c5:f6:
         34:ac:c4:da:be:05:9d:92:ab:28:58:85:81:30:c1:f1:44:f3:
         35:d0:1f:06:c9:f5:33:3a:d5:d2:24:31:03:35:39:f9:55:08:
         b4:52:af:8a:a4:6b:1d:25:50:61:9b:d3:97:cb:95:9a:50:7e:
         46:e4:a9:7f:f9:4f:d0:b0:b4:85:94:3f:1e:b3:01:d0:7a:16:
         59:c4:be:44:63:bf:59:28:26:e6:0d:98:52:6c:1b:bc:b1:e8:
         7a:ed:c0:ea:bc:30:83:3f:1d:0f:6b:b9:36:45:36:32:a5:60:
         fb:7e:7d:d2:a4:b0:88:70:ad:f6:f1:01:46:e6:22:80:c7:00:
         6d:b5:c6:9d:64:f0:48:48:db:9b:ea:e9:2c:50:1b:09:f7:29:
         4a:b4:4d:d3:2a:24:52:12:a7:0f:59:cb:dd:fe:46:77:26:a4:
         07:7b:0f:d1:62:66:f3:2f:e1:fc:26:3c:f0:f0:b1:3e:7f:6f:
         5b:59:7b:ec
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiFPf2zqYBRulKLGjMdLAVUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA0MDcxMDEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDc3MWI3ZDJlMzA1ZDkzMWQ5ZjdmNTZkOWU3OGJjN2RkZmM3ZWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1jqTeKqWb3F+m+qz4mDpjLe9DXJO
Cz28xMQPZuupT7QQASG4kgtGFEiYnR5uZK90o2pRqr1n04olqxcsMEDggssua+CC
LMJbY6CxQJZ2JEY6QOI1xdrGWo894lw17teyyRM+yxlWu8hfayBm5k3Y2n6k3h+q
AXpLQTeO9MaeThkG6/w0yzn1LD4WKtdErTqeNdbn3BX/6kZLFXYg3Wim/pTZtyWi
bZPAr3cL2yHEQ3gGB3YXw6Hprx2S7fr/LShcHdfvI3c5VHhr2t6BAC07uFZLg0uJ
Prl3ISq2194rRF0krD0+Jzp3uYE6Y4K3uUqNdgRpQf8HV3UuDaTTYDa/7QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFB3G30uMF2THZ9/Vtnni8fd/H6sMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvVUhjYmZTNHdYWk1kbjM5VzJlZUx4OTM4ZnF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEc0md/wBNUsnqR8WofM
mPBTKejrKBa4HNarTl+Ik2UX7j8y73QJKFfN6ngG8scvHJhOirELBdnFONsFLjxI
qIPkU6hnai3F9jSsxNq+BZ2SqyhYhYEwwfFE8zXQHwbJ9TM61dIkMQM1OflVCLRS
r4qkax0lUGGb05fLlZpQfkbkqX/5T9CwtIWUPx6zAdB6FlnEvkRjv1koJuYNmFJs
G7yx6HrtwOq8MIM/HQ9ruTZFNjKlYPt+fdKksIhwrfbxAUbmIoDHAG21xp1k8EhI
25vq6SxQGwn3KUq0TdMqJFISpw9Zy93+RncmpAd7D9FiZvMv4fwmPPDwsT5/b1tZ
e+w=
-----END CERTIFICATE-----