Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/X-RTIt7sWWBvoo1ZWCumUquE3fg.roa
File:                     X-RTIt7sWWBvoo1ZWCumUquE3fg.roa (raw, json)
Hash identifier:          K7pJFMRQnpXr4rlOXnMUqI7VzUKGYjvRUSbXMxE50Q8=
Subject key identifier:   5F:E4:53:22:DE:EC:59:60:6F:A2:8D:59:58:2B:A6:52:AB:84:DD:F8
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01881E07D485043A9A50ABDFED03B06D31F2
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/X-RTIt7sWWBvoo1ZWCumUquE3fg.roa
Signing time:             Mon 15 May 2023 06:10:09 +0000
ROA not before:           Mon 15 May 2023 06:10:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:1e:07:d4:85:04:3a:9a:50:ab:df:ed:03:b0:6d:31:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 15 06:10:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5fe45322deec59606fa28d59582ba652ab84ddf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:c0:fe:39:01:1a:af:2d:67:04:81:df:df:6a:
                    8c:94:60:2f:90:43:dc:13:b7:36:58:d5:24:66:89:
                    22:c3:55:d3:3c:aa:19:28:44:9e:4b:90:26:83:f4:
                    0f:cf:37:2c:af:21:e7:6d:b0:39:2b:8c:0e:d8:f2:
                    13:d3:af:36:84:f0:47:33:4b:2f:0c:c4:77:33:ef:
                    bb:b5:55:74:17:3e:9e:50:ac:bd:e8:6e:cf:06:a1:
                    8c:71:5c:f9:27:f9:27:b2:79:45:ca:86:f7:33:71:
                    f8:99:c3:bf:f5:69:cc:ee:f9:6a:da:2d:f9:cf:29:
                    f2:19:d9:cf:3a:30:99:08:46:d7:6d:37:c8:8f:81:
                    7c:88:f1:c2:47:a9:99:c1:28:b6:95:f5:d2:64:6c:
                    ac:6d:10:f8:8b:dc:10:16:c9:48:dc:61:77:47:b6:
                    69:5e:4a:52:1e:02:9b:5c:e5:48:7d:89:cc:60:4f:
                    5b:b0:dd:d8:4e:15:38:15:4d:a2:cc:b6:7c:d2:5c:
                    fe:e5:b0:0d:aa:d0:47:8e:03:4a:d2:1c:50:32:f4:
                    2f:b5:56:2d:3a:c9:a8:e3:e3:b0:5f:95:73:28:64:
                    df:e5:90:05:64:9d:6b:9f:2d:9c:1a:f9:76:37:7e:
                    c7:27:39:66:a5:f5:27:96:98:50:b5:0e:4b:ab:17:
                    a8:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:E4:53:22:DE:EC:59:60:6F:A2:8D:59:58:2B:A6:52:AB:84:DD:F8
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/X-RTIt7sWWBvoo1ZWCumUquE3fg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:7d:35:42:62:0d:5a:e8:11:b2:7b:87:d6:96:9e:13:81:0c:
         90:ed:40:88:9a:d9:f0:85:f7:07:c3:cf:79:da:dc:a7:00:62:
         95:e3:13:d7:5f:b1:dc:92:79:ad:ba:39:48:42:17:0d:e8:71:
         f6:d5:6f:e5:f6:3c:fc:71:df:d4:56:92:aa:6e:e5:53:22:12:
         a6:7e:eb:b6:06:3f:ce:0f:e5:31:bb:d0:74:70:50:64:5f:43:
         d0:4c:e6:63:9c:51:c1:b6:ca:5a:c7:89:4a:70:cc:ea:80:0f:
         0f:09:af:1b:4a:7a:bf:e8:27:97:84:dd:0c:56:b7:0f:c2:07:
         aa:12:f2:84:d4:5f:6f:fe:ba:4f:63:8e:74:75:d7:c1:bf:b5:
         ee:82:7d:e1:86:da:1a:19:41:3d:81:46:41:1c:77:79:43:91:
         c8:c4:de:69:ba:01:1a:5c:1a:ed:d7:37:9c:9a:ab:42:24:db:
         a3:7d:25:d0:60:a9:26:19:34:e1:15:09:15:e7:65:2a:96:3d:
         b9:50:df:c0:54:1f:b3:77:9a:37:22:12:48:96:a0:6e:b5:f6:
         66:15:2b:cc:33:33:23:83:d9:61:b6:3e:27:6c:85:fa:95:86:
         3a:b4:cf:5b:ab:9b:ff:e8:77:e2:a0:90:2f:46:cc:92:96:48:
         47:ca:ea:e0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgeB9SFBDqaUKvf7QOwbTHyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTE1MDYxMDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmU0NTMyMmRlZWM1OTYwNmZhMjhkNTk1ODJiYTY1MmFiODRkZGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMD+OQEary1nBIHf32qMlGAvkEPc
E7c2WNUkZokiw1XTPKoZKESeS5Amg/QPzzcsryHnbbA5K4wO2PIT0682hPBHM0sv
DMR3M++7tVV0Fz6eUKy96G7PBqGMcVz5J/knsnlFyob3M3H4mcO/9WnM7vlq2i35
zynyGdnPOjCZCEbXbTfIj4F8iPHCR6mZwSi2lfXSZGysbRD4i9wQFslI3GF3R7Zp
XkpSHgKbXOVIfYnMYE9bsN3YThU4FU2izLZ80lz+5bANqtBHjgNK0hxQMvQvtVYt
Osmo4+OwX5VzKGTf5ZAFZJ1rny2cGvl2N37HJzlmpfUnlphQtQ5LqxeorQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFF/kUyLe7Flgb6KNWVgrplKrhN34MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvWC1SVEl0N3NXV0J2b28xWldDdW1VcXVFM2ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFJ9NUJiDVroEbJ7h9aW
nhOBDJDtQIia2fCF9wfDz3na3KcAYpXjE9dfsdySea26OUhCFw3ocfbVb+X2PPxx
39RWkqpu5VMiEqZ+67YGP84P5TG70HRwUGRfQ9BM5mOcUcG2ylrHiUpwzOqADw8J
rxtKer/oJ5eE3QxWtw/CB6oS8oTUX2/+uk9jjnR118G/te6CfeGG2hoZQT2BRkEc
d3lDkcjE3mm6ARpcGu3XN5yaq0Ik26N9JdBgqSYZNOEVCRXnZSqWPblQ38BUH7N3
mjciEkiWoG619mYVK8wzMyOD2WG2PidshfqVhjq0z1urm//od+KgkC9GzJKWSEfK
6uA=
-----END CERTIFICATE-----