Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/WXfhLEVNoJSWdnbziI4CizV1Ytc.roa
File:                     WXfhLEVNoJSWdnbziI4CizV1Ytc.roa (raw, json)
Hash identifier:          5MzAWYTZWM6kkncPboRUFvXxcNe4a7qtL08sUhvbmkg=
Subject key identifier:   59:77:E1:2C:45:4D:A0:94:96:76:76:F3:88:8E:02:8B:35:75:62:D7
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188CC443E4BA727C456ECCBC5642070BF86
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/WXfhLEVNoJSWdnbziI4CizV1Ytc.roa
Signing time:             Sun 18 Jun 2023 02:10:04 +0000
ROA not before:           Sun 18 Jun 2023 02:10:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:cc:44:3e:4b:a7:27:c4:56:ec:cb:c5:64:20:70:bf:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 18 02:10:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5977e12c454da094967676f3888e028b357562d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:8b:19:96:15:b1:16:61:7a:10:39:81:2d:00:
                    aa:10:f3:fe:54:7e:4f:06:d9:d7:4e:20:c5:06:2f:
                    fb:13:3c:be:d2:52:93:f6:59:66:75:95:c3:26:7f:
                    62:2d:88:21:9f:13:cc:c6:1f:f8:20:41:f8:84:93:
                    4b:81:35:a2:18:1a:8f:c8:81:bb:c2:77:90:a6:7b:
                    8d:64:d8:46:c0:a9:3c:3d:12:55:e9:3f:b7:a5:da:
                    ea:5e:33:de:e5:97:8e:c8:ab:37:a9:e3:c0:8e:29:
                    b6:cc:d0:8f:3c:5c:5c:65:5c:b8:a0:43:68:9c:95:
                    40:17:be:d0:5a:91:b5:83:a6:dd:5b:f2:a9:51:05:
                    ad:06:35:12:90:32:05:78:85:be:5c:48:cc:5c:7d:
                    04:65:e9:bc:58:1e:91:63:51:b0:0c:ea:e9:4b:a6:
                    4a:72:70:40:4d:96:f6:c8:ca:5e:7d:b6:f0:aa:a9:
                    a2:f6:e0:0b:a2:36:d2:c1:4a:d9:9c:02:6a:50:17:
                    50:6b:30:e2:58:75:6f:ee:72:ea:38:32:a7:a9:e9:
                    af:ad:0e:2c:ba:23:a5:9d:6c:2e:c1:8d:9f:d6:e9:
                    4f:3e:6b:17:f1:5f:b5:78:f6:46:6e:5d:72:6b:80:
                    46:97:cf:e9:01:52:c2:c5:0a:16:c0:89:22:13:02:
                    58:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:77:E1:2C:45:4D:A0:94:96:76:76:F3:88:8E:02:8B:35:75:62:D7
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/WXfhLEVNoJSWdnbziI4CizV1Ytc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         95:d4:d4:dd:8c:7b:a3:bb:b5:2a:e3:d8:7a:4a:24:22:8d:46:
         8a:7f:e5:84:f4:1e:e7:5d:ef:d7:06:a9:b0:00:93:b4:40:6a:
         c5:f7:7d:60:bc:a3:97:50:6c:ca:e9:22:d3:43:c9:06:2e:b9:
         5d:68:73:a3:48:f4:71:7a:77:dd:a1:87:cf:ab:b5:b3:15:f6:
         58:49:f9:37:26:ef:4f:5b:ac:59:59:b0:bb:36:bf:da:7c:b6:
         e5:8a:4e:a0:fd:a1:60:80:07:af:66:8a:e5:2f:37:99:ea:42:
         66:c0:f9:a4:89:b3:1c:7f:c7:c8:66:b8:eb:ca:88:bb:33:29:
         5b:c5:41:a8:a8:c4:c3:e0:9d:50:01:56:4b:b9:cd:ed:3f:66:
         a6:69:64:03:aa:7d:67:45:bc:56:c7:75:33:7d:65:5d:86:05:
         f1:84:4b:01:07:41:7e:eb:34:39:34:d1:bd:22:45:07:48:cd:
         d5:94:6f:03:c1:f9:a8:2e:6b:f0:3a:f9:91:49:34:42:1b:73:
         00:6a:09:f4:7d:ed:52:c4:44:bd:50:4c:52:01:9a:8c:a2:8a:
         4b:6e:60:e3:f2:aa:c8:70:72:ab:2b:20:f5:36:27:d6:71:a8:
         d5:a4:f5:28:da:de:4f:f3:d3:84:f0:29:9e:d7:1b:68:01:4b:
         64:1c:4c:1d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYjMRD5LpyfEVuzLxWQgcL+GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjE4MDIxMDA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTc3ZTEyYzQ1NGRhMDk0OTY3Njc2ZjM4ODhlMDI4YjM1NzU2MmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiIsZlhWxFmF6EDmBLQCqEPP+VH5P
BtnXTiDFBi/7Ezy+0lKT9llmdZXDJn9iLYghnxPMxh/4IEH4hJNLgTWiGBqPyIG7
wneQpnuNZNhGwKk8PRJV6T+3pdrqXjPe5ZeOyKs3qePAjim2zNCPPFxcZVy4oENo
nJVAF77QWpG1g6bdW/KpUQWtBjUSkDIFeIW+XEjMXH0EZem8WB6RY1GwDOrpS6ZK
cnBATZb2yMpefbbwqqmi9uALojbSwUrZnAJqUBdQazDiWHVv7nLqODKnqemvrQ4s
uiOlnWwuwY2f1ulPPmsX8V+1ePZGbl1ya4BGl8/pAVLCxQoWwIkiEwJYZwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFl34SxFTaCUlnZ284iOAos1dWLXMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvV1hmaExFVk5vSlNXZG5iemlJNENpelYxWXRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJXU1N2Me6O7tSrj2HpK
JCKNRop/5YT0Hudd79cGqbAAk7RAasX3fWC8o5dQbMrpItNDyQYuuV1oc6NI9HF6
d92hh8+rtbMV9lhJ+Tcm709brFlZsLs2v9p8tuWKTqD9oWCAB69miuUvN5nqQmbA
+aSJsxx/x8hmuOvKiLszKVvFQaioxMPgnVABVku5ze0/ZqZpZAOqfWdFvFbHdTN9
ZV2GBfGESwEHQX7rNDk00b0iRQdIzdWUbwPB+agua/A6+ZFJNEIbcwBqCfR97VLE
RL1QTFIBmoyiiktuYOPyqshwcqsrIPU2J9ZxqNWk9Sja3k/z04TwKZ7XG2gBS2Qc
TB0=
-----END CERTIFICATE-----