Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/W1PXWgN0hjSlk4Vv5zjKwC0ulw8.roa
File:                     W1PXWgN0hjSlk4Vv5zjKwC0ulw8.roa (raw, json)
Hash identifier:          iaMEjCnVFO1a0pOppwRvzY66G1oM2mFEH/YpgYwqZcQ=
Subject key identifier:   5B:53:D7:5A:03:74:86:34:A5:93:85:6F:E7:38:CA:C0:2D:2E:97:0F
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188B43B3DC093B5D3F561F3B24B5A13D78C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/W1PXWgN0hjSlk4Vv5zjKwC0ulw8.roa
Signing time:             Tue 13 Jun 2023 10:09:21 +0000
ROA not before:           Tue 13 Jun 2023 10:09:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:b4:3b:3d:c0:93:b5:d3:f5:61:f3:b2:4b:5a:13:d7:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 13 10:09:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5b53d75a03748634a593856fe738cac02d2e970f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:65:b6:2a:0d:98:8e:41:90:a9:12:7b:36:46:
                    fe:5d:31:f1:4a:cd:95:14:5e:fd:ed:d2:21:a5:68:
                    21:e3:f2:68:88:12:58:1f:29:f6:5d:1e:5d:a5:bc:
                    d4:43:d0:70:ea:fb:35:b1:11:c0:e1:3e:86:7a:7a:
                    3b:2f:08:96:bf:de:9e:93:4d:da:0d:57:0c:61:a8:
                    01:6a:c7:cc:f6:62:ef:11:53:ab:b0:e5:e5:41:a3:
                    80:33:af:9d:6c:bb:a5:e1:d6:81:ba:ab:ac:2b:67:
                    02:4b:f6:50:b5:56:37:0c:be:bc:f1:0d:be:97:59:
                    b9:a1:cd:23:0d:97:e9:8b:e9:af:26:c6:1b:54:e0:
                    5c:84:e4:68:99:78:e3:f8:a7:31:b5:f0:1a:c0:29:
                    70:ae:24:8f:71:30:06:13:1d:04:85:a5:c8:c0:3c:
                    4d:20:f3:bf:86:82:9f:e4:55:82:61:05:09:19:50:
                    b6:4c:a2:a9:71:bf:b9:15:5e:c6:09:39:2e:04:36:
                    cc:e7:c5:6b:87:a7:76:16:b5:bd:0d:cf:4d:7c:6e:
                    0b:2e:ca:28:55:41:71:87:07:01:ae:26:2b:d8:f0:
                    15:19:a3:31:ee:4b:57:dd:58:1b:70:f7:f3:f9:0a:
                    d3:ca:00:4d:df:4e:e4:76:b8:90:76:37:c0:80:09:
                    ad:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:53:D7:5A:03:74:86:34:A5:93:85:6F:E7:38:CA:C0:2D:2E:97:0F
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/W1PXWgN0hjSlk4Vv5zjKwC0ulw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         86:70:6f:e6:d4:f1:2b:e3:d9:4d:e9:a1:20:2f:a8:f4:0f:73:
         22:de:c5:07:44:95:af:57:af:20:07:d4:7b:49:bd:f7:1d:32:
         85:f8:ae:15:4f:60:8e:07:3e:09:a0:dc:3b:93:b2:b0:69:86:
         de:aa:10:46:f6:5b:06:e5:fe:91:95:0e:9f:f8:ca:1d:31:d7:
         b9:14:51:12:73:f7:52:74:7b:4a:56:75:8d:23:46:3a:16:14:
         98:20:94:95:6b:5a:c4:6b:43:51:56:64:47:88:16:08:dc:59:
         c8:09:07:eb:ad:f8:ee:d5:4b:53:8b:e9:71:24:2d:12:fe:52:
         5a:19:48:5a:61:80:ef:80:c3:7f:e5:30:bf:95:57:d1:1a:36:
         93:22:a0:b9:80:e6:5a:3b:57:b2:d1:e0:55:40:10:cd:fa:e7:
         a6:29:5b:85:47:b7:f8:14:49:ec:d4:4d:8e:62:e8:89:e6:fe:
         3c:98:96:ae:e0:9a:1b:61:8b:8f:6d:84:64:f3:99:95:9f:12:
         8b:75:6f:e1:cc:76:4d:3d:93:6d:ef:a7:eb:f6:15:ba:38:21:
         dc:01:74:01:5f:db:bb:af:7a:55:30:93:bc:06:ef:00:00:c3:
         dc:22:2b:80:47:30:86:ff:f8:ed:58:24:8b:73:43:05:54:46:
         92:2d:f0:1f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYi0Oz3Ak7XT9WHzsktaE9eMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjEzMTAwOTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjUzZDc1YTAzNzQ4NjM0YTU5Mzg1NmZlNzM4Y2FjMDJkMmU5NzBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi2W2Kg2YjkGQqRJ7Nkb+XTHxSs2V
FF797dIhpWgh4/JoiBJYHyn2XR5dpbzUQ9Bw6vs1sRHA4T6Geno7LwiWv96ek03a
DVcMYagBasfM9mLvEVOrsOXlQaOAM6+dbLul4daBuqusK2cCS/ZQtVY3DL688Q2+
l1m5oc0jDZfpi+mvJsYbVOBchORomXjj+KcxtfAawClwriSPcTAGEx0EhaXIwDxN
IPO/hoKf5FWCYQUJGVC2TKKpcb+5FV7GCTkuBDbM58Vrh6d2FrW9Dc9NfG4LLsoo
VUFxhwcBriYr2PAVGaMx7ktX3VgbcPfz+QrTygBN307kdriQdjfAgAmtewIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFtT11oDdIY0pZOFb+c4ysAtLpcPMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvVzFQWFdnTjBoalNsazRWdjV6akt3QzB1bHc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIZwb+bU8Svj2U3poSAv
qPQPcyLexQdEla9XryAH1HtJvfcdMoX4rhVPYI4HPgmg3DuTsrBpht6qEEb2Wwbl
/pGVDp/4yh0x17kUURJz91J0e0pWdY0jRjoWFJgglJVrWsRrQ1FWZEeIFgjcWcgJ
B+ut+O7VS1OL6XEkLRL+UloZSFphgO+Aw3/lML+VV9EaNpMioLmA5lo7V7LR4FVA
EM3656YpW4VHt/gUSezUTY5i6Inm/jyYlq7gmhthi49thGTzmZWfEot1b+HMdk09
k23vp+v2Fbo4IdwBdAFf27uvelUwk7wG7wAAw9wiK4BHMIb/+O1YJItzQwVURpIt
8B8=
-----END CERTIFICATE-----