Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/VaPD-ur0COGYqGp88CZAYk1jb3E.roa
File:                     VaPD-ur0COGYqGp88CZAYk1jb3E.roa (raw, json)
Hash identifier:          rZy2XjAf/gXxIKbsqh9SHY8+OO5CjykanJCrvViITrQ=
Subject key identifier:   55:A3:C3:FA:EA:F4:08:E1:98:A8:6A:7C:F0:26:40:62:4D:63:6F:71
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188B772F1D1310154987931EBA3F0B22304
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/VaPD-ur0COGYqGp88CZAYk1jb3E.roa
Signing time:             Wed 14 Jun 2023 01:09:03 +0000
ROA not before:           Wed 14 Jun 2023 01:09:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:b7:72:f1:d1:31:01:54:98:79:31:eb:a3:f0:b2:23:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 14 01:09:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=55a3c3faeaf408e198a86a7cf02640624d636f71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:bf:36:53:18:6a:69:46:81:d1:6e:d9:53:cf:
                    38:5f:d5:da:2b:57:06:f4:60:68:da:a6:2c:3d:67:
                    7d:fa:3d:50:2c:46:d4:b4:91:05:0b:5d:a2:cf:be:
                    41:23:b8:53:c2:39:47:3c:59:0f:77:28:92:e2:9c:
                    5a:cd:90:f9:94:64:4c:e7:61:36:83:ef:e3:84:51:
                    32:d3:e3:fc:14:cd:76:bb:cc:18:ec:ca:82:2e:c3:
                    b7:3b:17:28:ec:1a:c1:8a:68:57:dd:35:9d:60:4f:
                    e3:aa:ba:a0:a8:b9:c6:be:ce:d8:0f:15:a5:1d:86:
                    ae:59:ff:8b:04:dd:e7:69:c5:45:97:b7:cb:7e:80:
                    74:38:db:97:e0:a1:d7:85:95:a5:91:31:29:dc:c7:
                    55:10:42:9f:4b:b5:89:98:c0:50:dd:af:25:75:a9:
                    58:56:40:c4:0c:57:6f:bc:d9:90:ef:2b:8a:dc:4e:
                    30:ca:ba:f1:12:6a:8a:24:76:a7:24:05:7d:5b:cb:
                    e0:ed:ed:78:9e:53:52:92:5e:34:14:38:58:bc:05:
                    59:a0:15:bf:e4:cc:ba:cf:a0:f1:e3:68:be:cf:72:
                    c4:69:3c:d1:80:e5:f6:12:34:73:97:a8:57:b6:d5:
                    3b:7b:46:ed:cf:1c:dc:c9:65:ae:9b:ef:be:14:2a:
                    4d:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:A3:C3:FA:EA:F4:08:E1:98:A8:6A:7C:F0:26:40:62:4D:63:6F:71
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/VaPD-ur0COGYqGp88CZAYk1jb3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         af:de:c8:ac:2f:2c:b2:ed:d5:e9:87:70:28:f5:6c:bb:7e:8d:
         0b:ee:b5:ce:8b:61:da:b4:d0:ee:d3:8a:6f:19:ee:df:e7:e5:
         0a:c0:fa:09:6c:d1:69:46:fa:48:7a:bc:c6:18:cc:81:f4:16:
         c4:91:c3:6e:aa:7b:d5:d0:2f:8c:23:64:41:dd:29:dd:aa:d9:
         8b:9a:de:9d:c8:5e:fc:48:17:c5:e0:c0:4e:3a:74:fb:e8:c7:
         62:d3:cc:0a:a9:83:20:88:bb:86:3c:b5:2b:72:0c:65:cf:f3:
         49:dc:e4:4e:a4:e1:8d:6c:cd:ed:2c:2a:7e:27:7a:69:79:f3:
         d8:b8:57:0f:9d:1b:90:2d:68:7b:2d:cc:26:f5:c4:78:ab:af:
         f7:2e:e5:7a:ba:c0:88:ec:90:fc:19:d5:bf:0a:ea:ad:f5:a7:
         0b:a4:03:b8:2e:8a:93:93:76:20:b7:30:cc:59:96:79:a0:c8:
         fb:c1:25:9c:65:7c:80:da:9f:ed:ef:e3:7d:93:66:a1:05:e2:
         cb:f7:fe:fa:c7:8f:46:2f:63:46:a2:7c:a9:0b:40:6c:f1:18:
         a7:ae:52:98:fa:4f:94:04:dc:e8:3a:39:a4:ca:cc:2c:5d:44:
         2d:03:dc:68:c0:0f:b4:24:16:a0:d3:81:14:c7:22:7b:3d:2b:
         5f:b9:ce:c1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYi3cvHRMQFUmHkx66PwsiMEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjE0MDEwOTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWEzYzNmYWVhZjQwOGUxOThhODZhN2NmMDI2NDA2MjRkNjM2ZjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiL82UxhqaUaB0W7ZU884X9XaK1cG
9GBo2qYsPWd9+j1QLEbUtJEFC12iz75BI7hTwjlHPFkPdyiS4pxazZD5lGRM52E2
g+/jhFEy0+P8FM12u8wY7MqCLsO3Oxco7BrBimhX3TWdYE/jqrqgqLnGvs7YDxWl
HYauWf+LBN3nacVFl7fLfoB0ONuX4KHXhZWlkTEp3MdVEEKfS7WJmMBQ3a8ldalY
VkDEDFdvvNmQ7yuK3E4wyrrxEmqKJHanJAV9W8vg7e14nlNSkl40FDhYvAVZoBW/
5My6z6Dx42i+z3LEaTzRgOX2EjRzl6hXttU7e0btzxzcyWWum+++FCpNYQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFWjw/rq9AjhmKhqfPAmQGJNY29xMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvVmFQRC11cjBDT0dZcUdwODhDWkFZazFqYjNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAK/eyKwvLLLt1emHcCj1
bLt+jQvutc6LYdq00O7Tim8Z7t/n5QrA+gls0WlG+kh6vMYYzIH0FsSRw26qe9XQ
L4wjZEHdKd2q2Yua3p3IXvxIF8XgwE46dPvox2LTzAqpgyCIu4Y8tStyDGXP80nc
5E6k4Y1sze0sKn4neml589i4Vw+dG5AtaHstzCb1xHirr/cu5Xq6wIjskPwZ1b8K
6q31pwukA7guipOTdiC3MMxZlnmgyPvBJZxlfIDan+3v432TZqEF4sv3/vrHj0Yv
Y0aifKkLQGzxGKeuUpj6T5QE3Og6OaTKzCxdRC0D3GjAD7QkFqDTgRTHIns9K1+5
zsE=
-----END CERTIFICATE-----