Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/VHK3GMncnpHUFChQ2PEXdwaKRls.roa
File:                     VHK3GMncnpHUFChQ2PEXdwaKRls.roa (raw, json)
Hash identifier:          WPSQnXyLjD+UP0PlhtlFb/RrCknj3qocbZZqVWjVqkU=
Subject key identifier:   54:72:B7:18:C9:DC:9E:91:D4:14:28:50:D8:F1:17:77:06:8A:46:5B
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01894F64C786E8B18CDE46812756B54D0EAB
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/VHK3GMncnpHUFChQ2PEXdwaKRls.roa
Signing time:             Thu 13 Jul 2023 13:15:51 +0000
ROA not before:           Thu 13 Jul 2023 13:15:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:4f:64:c7:86:e8:b1:8c:de:46:81:27:56:b5:4d:0e:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 13 13:15:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5472b718c9dc9e91d4142850d8f11777068a465b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:4b:25:47:56:f3:12:e4:c3:55:44:36:41:ab:
                    8a:3a:4e:e1:01:ad:e1:34:bc:cd:cf:c5:de:30:fb:
                    f6:ac:de:87:05:49:ca:2b:31:a4:53:65:a6:4b:5c:
                    54:5a:d7:6e:0c:12:44:a8:7e:7e:fb:a9:44:d7:f4:
                    6b:44:a3:8c:20:ab:1c:88:cc:ad:a6:82:a4:d8:98:
                    9d:02:78:15:23:9a:f1:f7:48:da:eb:96:74:76:9f:
                    14:bd:bb:9b:28:d6:af:12:15:d7:4b:63:e5:e3:1c:
                    20:ae:78:95:0f:0a:e7:f5:94:79:87:6a:38:c5:d2:
                    f2:03:c0:fc:2b:7e:40:9f:8b:70:79:43:0d:ca:e6:
                    24:20:d8:64:0c:f0:f4:fe:33:5a:06:8e:0b:8c:b6:
                    ba:bd:4c:56:0a:a1:2d:94:73:8b:5d:63:8b:16:69:
                    18:b2:18:92:9f:23:0c:97:17:75:09:d7:68:26:d7:
                    47:ed:2d:1a:69:1f:e2:04:f4:2f:62:cb:7e:94:70:
                    ca:63:1d:3b:98:67:89:4b:95:ca:83:3b:87:40:5a:
                    ff:bc:04:7a:09:e3:33:5a:a6:92:68:3b:2b:f2:f4:
                    9e:51:64:49:2c:20:4f:c4:85:72:07:85:f9:1e:6c:
                    36:76:35:e9:36:f6:32:9d:ca:8b:24:37:48:97:90:
                    43:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:72:B7:18:C9:DC:9E:91:D4:14:28:50:D8:F1:17:77:06:8A:46:5B
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/VHK3GMncnpHUFChQ2PEXdwaKRls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         9d:a9:49:8c:23:5d:ef:57:cd:06:df:1e:25:88:52:e1:9f:80:
         fb:3d:9c:a4:88:2f:61:d1:e8:10:ba:99:b1:ae:b2:b9:78:5e:
         1b:d5:49:58:d1:d6:88:5d:43:21:4d:85:5f:b6:ce:f4:b4:c5:
         19:7c:c1:83:d3:60:c7:a4:ea:e4:95:3b:72:c6:17:63:62:51:
         99:9c:69:3e:ac:34:61:86:b5:af:4c:35:4a:06:3e:43:2d:95:
         77:c7:9c:4f:04:d2:4c:c5:92:d9:34:29:c2:80:c0:b0:8e:55:
         aa:54:c9:07:58:b6:b1:a1:d7:d7:04:d0:52:99:31:e9:1d:aa:
         82:1f:32:7a:3f:02:de:be:18:92:e0:9b:ca:14:96:cc:b0:d3:
         27:5f:1d:ec:40:de:03:db:b0:0d:ca:de:f6:58:b2:88:b6:62:
         9d:8c:46:4f:04:d1:52:03:a0:50:ac:cc:df:1c:f8:5e:98:53:
         55:4a:d4:4f:63:19:d0:cc:ba:a7:e8:43:4b:0b:29:b7:02:ce:
         d8:98:7c:bc:9e:d5:a2:4a:bc:f3:e2:14:18:b7:9f:ef:56:c4:
         a7:30:e3:77:73:05:f8:7e:f2:39:dd:18:2b:fc:70:4c:29:3a:
         8d:56:7f:4d:92:ce:8c:c3:38:2b:19:ea:6e:76:96:43:67:11:
         19:f1:14:1f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlPZMeG6LGM3kaBJ1a1TQ6rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzEzMTMxNTUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDcyYjcxOGM5ZGM5ZTkxZDQxNDI4NTBkOGYxMTc3NzA2OGE0NjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUslR1bzEuTDVUQ2QauKOk7hAa3h
NLzNz8XeMPv2rN6HBUnKKzGkU2WmS1xUWtduDBJEqH5++6lE1/RrRKOMIKsciMyt
poKk2JidAngVI5rx90ja65Z0dp8UvbubKNavEhXXS2Pl4xwgrniVDwrn9ZR5h2o4
xdLyA8D8K35An4tweUMNyuYkINhkDPD0/jNaBo4LjLa6vUxWCqEtlHOLXWOLFmkY
shiSnyMMlxd1CddoJtdH7S0aaR/iBPQvYst+lHDKYx07mGeJS5XKgzuHQFr/vAR6
CeMzWqaSaDsr8vSeUWRJLCBPxIVyB4X5Hmw2djXpNvYyncqLJDdIl5BD0wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFRytxjJ3J6R1BQoUNjxF3cGikZbMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvVkhLM0dNbmNucEhVRkNoUTJQRVhkd2FLUmxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJ2pSYwjXe9XzQbfHiWI
UuGfgPs9nKSIL2HR6BC6mbGusrl4XhvVSVjR1ohdQyFNhV+2zvS0xRl8wYPTYMek
6uSVO3LGF2NiUZmcaT6sNGGGta9MNUoGPkMtlXfHnE8E0kzFktk0KcKAwLCOVapU
yQdYtrGh19cE0FKZMekdqoIfMno/At6+GJLgm8oUlsyw0ydfHexA3gPbsA3K3vZY
soi2Yp2MRk8E0VIDoFCszN8c+F6YU1VK1E9jGdDMuqfoQ0sLKbcCztiYfLye1aJK
vPPiFBi3n+9WxKcw43dzBfh+8jndGCv8cEwpOo1Wf02SzozDOCsZ6m52lkNnERnx
FB8=
-----END CERTIFICATE-----