Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/XM0NgGSmsqdKUItnB4232aMYx-o.roa
File:                     XM0NgGSmsqdKUItnB4232aMYx-o.roa (raw, json)
Hash identifier:          qRgKHU2Ec2FtTjcVRu06ErsmsMykyZnQWOG5tux1N+M=
Subject key identifier:   5C:CD:0D:80:64:A6:B2:A7:4A:50:8B:67:07:8D:B7:D9:A3:18:C7:EA
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018938347A91D2F4B333E25B6FD66105784C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/XM0NgGSmsqdKUItnB4232aMYx-o.roa
Signing time:             Sun 09 Jul 2023 01:11:50 +0000
ROA not before:           Sun 09 Jul 2023 01:11:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:38:34:7a:91:d2:f4:b3:33:e2:5b:6f:d6:61:05:78:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul  9 01:11:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5ccd0d8064a6b2a74a508b67078db7d9a318c7ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:90:df:b7:75:a8:a4:6a:e2:f9:75:4a:f4:79:
                    bb:e2:6e:16:58:6e:ca:d1:1d:b7:e8:fb:bc:0a:6c:
                    1b:6d:30:e9:08:82:6d:b6:17:4c:f0:a1:52:db:fc:
                    fa:ca:46:29:0e:c1:71:93:d1:8c:18:73:69:73:7f:
                    32:e8:7a:56:10:5e:a3:48:ad:7d:f5:f2:06:58:09:
                    e6:5d:b5:a9:47:18:a9:aa:f8:7a:10:65:d1:18:ce:
                    d3:e1:56:30:4f:c1:27:03:bc:51:59:40:45:e0:75:
                    b8:f6:d2:44:35:1e:1e:33:d1:38:bf:3a:5c:95:c1:
                    22:5c:47:33:bd:c5:31:1e:22:95:24:04:67:5c:f4:
                    e5:05:20:af:4a:f5:e5:e6:0d:03:fb:81:99:18:9c:
                    30:69:71:ab:b5:ce:7e:0f:5b:9d:2b:4a:a3:5a:76:
                    ac:50:84:1a:19:d5:e5:a3:e3:58:aa:07:78:aa:2c:
                    92:57:6b:bc:bf:9e:46:e6:cf:e0:b5:d3:3c:7d:2b:
                    f2:3c:f3:f3:43:57:81:46:f4:06:4a:fb:e5:3e:18:
                    0c:c3:26:55:72:07:e7:54:f4:f1:2b:1c:9f:38:c8:
                    ba:a2:78:53:a0:a9:0a:48:bc:a2:f2:55:48:17:f8:
                    fb:bc:15:a1:40:95:34:4d:ab:25:94:2b:44:f8:e5:
                    18:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:CD:0D:80:64:A6:B2:A7:4A:50:8B:67:07:8D:B7:D9:A3:18:C7:EA
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/XM0NgGSmsqdKUItnB4232aMYx-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         63:13:b2:c4:fe:71:db:0f:80:ee:23:23:b4:1a:ea:6a:b3:c3:
         6e:4d:f6:b8:c2:48:f0:54:b7:1d:d8:eb:aa:2a:41:00:12:aa:
         b7:c6:33:f9:01:b3:5a:f7:44:15:99:fb:61:2e:8f:7e:b3:28:
         ef:4f:8e:83:e9:77:66:8d:6b:73:f1:aa:50:35:df:84:ee:28:
         75:82:9e:37:71:c7:2c:93:3e:94:15:3d:8a:a8:0d:11:95:b7:
         61:22:e7:9d:2f:29:bd:eb:b4:dc:56:6f:4e:5c:0b:02:8f:68:
         fb:ea:74:3c:b7:b9:20:a2:29:43:f1:3f:01:2f:1a:0b:85:16:
         4b:1d:bb:66:27:20:33:46:96:b4:b3:e2:51:88:c4:1e:14:af:
         6b:43:9b:bb:b7:39:12:e7:fd:66:ad:12:aa:f0:fe:cd:d7:0c:
         66:64:62:a0:1a:e6:2d:d6:dd:36:16:5a:aa:b3:bb:81:5f:36:
         86:83:0d:58:7f:56:96:58:76:75:96:5c:61:fa:76:e2:27:0e:
         a0:33:a1:42:d6:0a:cb:04:0f:82:c8:31:49:76:c9:5e:cf:5d:
         d2:8e:54:1f:22:78:9c:ca:ad:b3:ae:ed:bf:2a:f5:e2:fc:0b:
         ba:79:2c:db:64:7b:b6:28:7c:80:2f:b1:42:24:77:73:2a:99:
         7e:20:32:1f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYk4NHqR0vSzM+Jbb9ZhBXhMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzA5MDExMTUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2NkMGQ4MDY0YTZiMmE3NGE1MDhiNjcwNzhkYjdkOWEzMThjN2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA85Dft3WopGri+XVK9Hm74m4WWG7K
0R236Pu8CmwbbTDpCIJtthdM8KFS2/z6ykYpDsFxk9GMGHNpc38y6HpWEF6jSK19
9fIGWAnmXbWpRxipqvh6EGXRGM7T4VYwT8EnA7xRWUBF4HW49tJENR4eM9E4vzpc
lcEiXEczvcUxHiKVJARnXPTlBSCvSvXl5g0D+4GZGJwwaXGrtc5+D1udK0qjWnas
UIQaGdXlo+NYqgd4qiySV2u8v55G5s/gtdM8fSvyPPPzQ1eBRvQGSvvlPhgMwyZV
cgfnVPTxKxyfOMi6onhToKkKSLyi8lVIF/j7vBWhQJU0TasllCtE+OUYEwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFzNDYBkprKnSlCLZweNt9mjGMfqMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvWE0wTmdHU21zcWRLVUl0bkI0MjMyYU1ZeC1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGMTssT+cdsPgO4jI7Qa
6mqzw25N9rjCSPBUtx3Y66oqQQASqrfGM/kBs1r3RBWZ+2Euj36zKO9PjoPpd2aN
a3PxqlA134TuKHWCnjdxxyyTPpQVPYqoDRGVt2Ei550vKb3rtNxWb05cCwKPaPvq
dDy3uSCiKUPxPwEvGguFFksdu2YnIDNGlrSz4lGIxB4Ur2tDm7u3ORLn/WatEqrw
/s3XDGZkYqAa5i3W3TYWWqqzu4FfNoaDDVh/VpZYdnWWXGH6duInDqAzoULWCssE
D4LIMUl2yV7PXdKOVB8ieJzKrbOu7b8q9eL8C7p5LNtke7YofIAvsUIkd3MqmX4g
Mh8=
-----END CERTIFICATE-----