Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/WIhj6KB1lu0GMSxp_iSBURNhwhk.roa
File:                     WIhj6KB1lu0GMSxp_iSBURNhwhk.roa (raw, json)
Hash identifier:          7jPaYLF5Qr8vWjcxNJOiokEIkAisCNJ3HwveRwlap7w=
Subject key identifier:   58:88:63:E8:A0:75:96:ED:06:31:2C:69:FE:24:81:51:13:61:C2:19
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01878496B3778824F36B0631227B9CE7E6B3
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/WIhj6KB1lu0GMSxp_iSBURNhwhk.roa
Signing time:             Sat 15 Apr 2023 11:04:41 +0000
ROA not before:           Sat 15 Apr 2023 11:04:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:187:8496:4ca6/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:84:96:b3:77:88:24:f3:6b:06:31:22:7b:9c:e7:e6:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 15 11:04:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=588863e8a07596ed06312c69fe2481511361c219
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:d9:db:0a:ef:d8:eb:c7:06:06:bd:73:ba:63:
                    b7:ca:e9:56:49:2f:82:e5:0f:fb:52:4e:e8:29:ca:
                    77:50:0a:46:24:0a:0f:e2:c8:61:87:31:1b:e8:16:
                    49:2d:19:91:a1:03:6a:42:bb:3f:35:4c:17:00:d1:
                    5e:e4:18:02:32:5d:87:20:b7:78:63:94:26:1c:6a:
                    96:0f:7d:4f:80:d5:7a:4f:d4:49:67:45:69:d5:78:
                    24:a2:85:a6:38:2a:ab:cc:bb:92:12:8f:48:3b:8b:
                    72:22:58:65:f0:ee:4e:61:71:3f:8d:ce:6b:51:a4:
                    89:31:36:32:38:01:53:c5:59:28:b8:7e:c7:d5:9a:
                    1b:d4:a1:d2:c4:e5:31:52:cb:90:bc:b5:c7:42:9f:
                    96:54:e0:76:cf:6e:d2:bc:4b:ae:8a:35:ca:dd:16:
                    e8:21:5a:72:61:eb:fe:9f:ec:93:77:66:3a:a1:31:
                    b6:78:5f:95:4d:d3:b8:c0:5a:99:a1:97:77:70:2b:
                    9e:50:18:f4:c1:b7:24:2f:c4:2e:f6:af:80:7f:f0:
                    06:8a:3d:4b:86:c7:20:ca:84:23:ac:60:76:9b:fd:
                    2c:04:51:81:fd:cf:74:42:74:86:bf:d5:1f:85:59:
                    15:b7:37:c2:f3:30:fd:e5:29:9b:79:b4:f6:84:d9:
                    75:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:88:63:E8:A0:75:96:ED:06:31:2C:69:FE:24:81:51:13:61:C2:19
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/WIhj6KB1lu0GMSxp_iSBURNhwhk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         b5:90:d2:d6:54:28:63:55:a7:40:eb:56:e1:8e:fd:ed:2c:73:
         e9:ca:d7:b9:08:c5:35:c0:af:fd:9e:a0:98:69:01:b2:14:ad:
         17:62:c3:8a:4b:03:b9:5d:1c:b7:56:73:16:a3:bd:9e:dd:fc:
         94:94:2a:f2:34:46:32:c9:cc:05:57:e0:1a:8e:d6:f2:ca:b2:
         7b:79:d1:3b:45:f6:37:33:9a:cb:23:a7:d8:bc:76:79:18:67:
         b3:73:7d:ea:4a:bb:57:38:b5:da:82:be:2b:66:82:1e:f7:43:
         49:e8:38:f5:02:e1:9d:d2:7f:42:05:27:be:25:a6:c9:da:c6:
         f0:25:ad:01:91:b2:b8:1a:b1:5c:2b:68:39:3d:43:6d:11:46:
         c2:cf:53:d8:0f:86:f1:ec:c0:aa:c3:53:9c:ed:23:b1:00:a8:
         fb:9a:f8:f9:1c:12:77:3f:17:aa:c4:01:40:f0:49:f2:2d:48:
         1c:7a:a7:1a:76:23:85:96:c8:58:ea:0d:d3:b7:a9:ba:f6:c0:
         9d:db:aa:b1:6a:5f:2f:e4:23:15:4b:78:ca:12:3b:14:92:b4:
         23:af:8a:77:85:5a:18:0d:8d:f1:71:78:62:84:86:46:a0:56:
         95:bb:f5:24:39:08:dd:ff:b0:4f:a5:06:a6:09:95:c3:10:f2:
         b8:0f:ac:de
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYeElrN3iCTzawYxInuc5+azMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDE1MTEwNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODg4NjNlOGEwNzU5NmVkMDYzMTJjNjlmZTI0ODE1MTEzNjFjMjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAitnbCu/Y68cGBr1zumO3yulWSS+C
5Q/7Uk7oKcp3UApGJAoP4shhhzEb6BZJLRmRoQNqQrs/NUwXANFe5BgCMl2HILd4
Y5QmHGqWD31PgNV6T9RJZ0Vp1XgkooWmOCqrzLuSEo9IO4tyIlhl8O5OYXE/jc5r
UaSJMTYyOAFTxVkouH7H1Zob1KHSxOUxUsuQvLXHQp+WVOB2z27SvEuuijXK3Rbo
IVpyYev+n+yTd2Y6oTG2eF+VTdO4wFqZoZd3cCueUBj0wbckL8Qu9q+Af/AGij1L
hscgyoQjrGB2m/0sBFGB/c90QnSGv9UfhVkVtzfC8zD95SmbebT2hNl11QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFiIY+igdZbtBjEsaf4kgVETYcIZMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvV0loajZLQjFsdTBHTVN4cF9pU0JVUk5od2hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBALWQ0tZUKGNVp0DrVuGO
/e0sc+nK17kIxTXAr/2eoJhpAbIUrRdiw4pLA7ldHLdWcxajvZ7d/JSUKvI0RjLJ
zAVX4BqO1vLKsnt50TtF9jczmssjp9i8dnkYZ7NzfepKu1c4tdqCvitmgh73Q0no
OPUC4Z3Sf0IFJ74lpsnaxvAlrQGRsrgasVwraDk9Q20RRsLPU9gPhvHswKrDU5zt
I7EAqPua+PkcEnc/F6rEAUDwSfItSBx6pxp2I4WWyFjqDdO3qbr2wJ3bqrFqXy/k
IxVLeMoSOxSStCOvineFWhgNjfFxeGKEhkagVpW79SQ5CN3/sE+lBqYJlcMQ8rgP
rN4=
-----END CERTIFICATE-----