Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/UdWZvj6s_uJyL6MpaYTNDFW0OOY.roa
File:                     UdWZvj6s_uJyL6MpaYTNDFW0OOY.roa (raw, json)
Hash identifier:          oQIU9vkFeFEioJZ9V1nwbN/ncjiHCTmivpCJrfiHWeQ=
Subject key identifier:   51:D5:99:BE:3E:AC:FE:E2:72:2F:A3:29:69:84:CD:0C:55:B4:38:E6
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01886469A3853F9124DE006E0C3CE5FFCEA5
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/UdWZvj6s_uJyL6MpaYTNDFW0OOY.roa
Signing time:             Sun 28 May 2023 22:10:24 +0000
ROA not before:           Sun 28 May 2023 22:10:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:64:69:a3:85:3f:91:24:de:00:6e:0c:3c:e5:ff:ce:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 28 22:10:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=51d599be3eacfee2722fa3296984cd0c55b438e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:bc:55:52:75:9f:56:45:65:f1:2d:7b:e8:79:
                    53:b4:56:3a:c9:7a:f4:40:45:65:3d:ca:be:0c:8d:
                    48:df:61:71:a8:ae:f2:ab:92:a4:23:b5:64:18:0b:
                    3b:2b:a6:19:e2:d9:74:98:df:5f:48:44:3b:f2:64:
                    8b:c8:e2:b2:30:00:50:ce:88:62:f6:5f:da:ac:d0:
                    80:96:2c:75:94:21:0b:e0:c7:5e:00:00:9e:cd:25:
                    97:1c:55:39:56:82:03:2d:6b:f2:cc:bb:ea:0e:ca:
                    6e:60:91:f7:7a:47:a1:3b:1e:d6:f6:5e:5a:41:20:
                    40:45:92:b8:2c:17:61:de:ef:31:b5:cd:1e:7a:0a:
                    21:9d:02:d7:e0:e1:7b:fb:0b:81:f9:f2:8f:60:d4:
                    ab:83:d6:b1:08:dc:a7:ea:35:b9:39:e4:64:fc:07:
                    04:79:b3:45:df:9c:83:d7:7d:3f:96:ab:c2:a6:a2:
                    d6:d7:92:e5:2a:29:ad:c7:c7:43:ea:4e:24:b4:f9:
                    bc:12:37:e8:bc:91:4b:4d:b0:c1:77:26:9d:bc:3d:
                    5b:ca:f0:f7:e6:fc:77:da:8e:a5:61:ee:46:7c:c0:
                    8d:ae:f5:be:8b:57:0d:c9:32:69:e6:dd:8c:b5:e6:
                    69:0e:09:9f:2f:1c:bd:48:67:21:23:82:88:f6:4a:
                    7f:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:D5:99:BE:3E:AC:FE:E2:72:2F:A3:29:69:84:CD:0C:55:B4:38:E6
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/UdWZvj6s_uJyL6MpaYTNDFW0OOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         42:75:50:99:e4:47:e6:e1:9f:b0:95:50:1a:31:cc:f6:b8:80:
         de:7b:4d:c3:75:32:3e:39:8f:b8:58:ad:b3:24:6b:20:a6:d8:
         98:03:d9:35:7d:34:1d:89:35:9f:2e:c5:af:54:af:d1:51:0a:
         05:06:a0:ec:f9:97:04:5e:f6:e5:4e:2d:f8:49:21:5f:63:54:
         41:a2:3a:a4:9c:a0:ba:7e:de:70:e1:a2:b0:8e:b5:8f:0c:a5:
         a9:c1:9a:4e:eb:19:d2:9b:b3:13:52:f1:0e:c6:cb:38:2e:85:
         fe:54:97:f3:cf:55:9a:68:b6:d8:e2:58:1f:82:f8:5f:87:10:
         0a:2d:59:03:9b:e6:c3:1f:b4:90:68:61:c4:11:5e:9f:5c:37:
         c4:94:c2:7d:98:d4:4d:ee:20:60:20:a9:40:9f:15:08:60:c3:
         cf:31:f6:94:d7:e2:04:d1:79:16:a5:9b:b6:60:92:03:58:34:
         b1:81:62:b1:fb:dd:a2:17:44:fd:a0:95:64:20:c5:72:9e:34:
         e5:39:68:6f:ff:7c:10:54:fd:56:5e:6b:3f:09:d7:b6:86:dc:
         c4:89:13:04:53:bb:9f:b5:95:ab:aa:4b:c0:ec:bc:d1:b7:9b:
         7a:d8:75:6a:92:9c:18:73:83:8a:85:6a:76:b8:94:c4:f5:c6:
         39:c2:3c:11
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhkaaOFP5Ek3gBuDDzl/86lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTI4MjIxMDI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWQ1OTliZTNlYWNmZWUyNzIyZmEzMjk2OTg0Y2QwYzU1YjQzOGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm7xVUnWfVkVl8S176HlTtFY6yXr0
QEVlPcq+DI1I32FxqK7yq5KkI7VkGAs7K6YZ4tl0mN9fSEQ78mSLyOKyMABQzohi
9l/arNCAlix1lCEL4MdeAACezSWXHFU5VoIDLWvyzLvqDspuYJH3ekehOx7W9l5a
QSBARZK4LBdh3u8xtc0eegohnQLX4OF7+wuB+fKPYNSrg9axCNyn6jW5OeRk/AcE
ebNF35yD130/lqvCpqLW15LlKimtx8dD6k4ktPm8EjfovJFLTbDBdyadvD1byvD3
5vx32o6lYe5GfMCNrvW+i1cNyTJp5t2MteZpDgmfLxy9SGchI4KI9kp/dwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFHVmb4+rP7ici+jKWmEzQxVtDjmMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvVWRXWnZqNnNfdUp5TDZNcGFZVE5ERlcwT09ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEJ1UJnkR+bhn7CVUBox
zPa4gN57TcN1Mj45j7hYrbMkayCm2JgD2TV9NB2JNZ8uxa9Ur9FRCgUGoOz5lwRe
9uVOLfhJIV9jVEGiOqScoLp+3nDhorCOtY8MpanBmk7rGdKbsxNS8Q7Gyzguhf5U
l/PPVZpottjiWB+C+F+HEAotWQOb5sMftJBoYcQRXp9cN8SUwn2Y1E3uIGAgqUCf
FQhgw88x9pTX4gTReRalm7ZgkgNYNLGBYrH73aIXRP2glWQgxXKeNOU5aG//fBBU
/VZeaz8J17aG3MSJEwRTu5+1lauqS8DsvNG3m3rYdWqSnBhzg4qFana4lMT1xjnC
PBE=
-----END CERTIFICATE-----