Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/XTGFwTgd0uHNvvcExAOfuHbcYLs.roa
File:                     XTGFwTgd0uHNvvcExAOfuHbcYLs.roa (raw, json)
Hash identifier:          uaKkte4i1dV3sBt7312mmt/83SHPYu6lGJ0VmndhGVE=
Subject key identifier:   5D:31:85:C1:38:1D:D2:E1:CD:BE:F7:04:C4:03:9F:B8:76:DC:60:BB
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188CB67DF2EDB26D0896D9E2C971FCA74A6
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/XTGFwTgd0uHNvvcExAOfuHbcYLs.roa
Signing time:             Sat 17 Jun 2023 22:09:22 +0000
ROA not before:           Sat 17 Jun 2023 22:09:22 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:cb:67:df:2e:db:26:d0:89:6d:9e:2c:97:1f:ca:74:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 17 22:09:22 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5d3185c1381dd2e1cdbef704c4039fb876dc60bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:8c:3e:0f:8c:cd:f5:59:f0:19:b6:2f:9e:c3:
                    4d:27:8b:a5:c1:59:f5:76:91:b1:b7:a5:6c:99:ee:
                    00:70:a5:ff:0b:d9:5b:ca:47:d9:ef:c4:6a:59:e0:
                    4f:d6:92:39:b1:a4:e4:bd:c8:77:1d:a5:e6:b6:af:
                    7e:10:71:10:e2:ad:a8:d4:1c:37:1b:e2:24:8d:51:
                    df:99:f9:74:96:a0:a7:6a:70:ed:a9:a7:bd:fa:08:
                    5d:81:90:d0:2b:d2:0c:89:2d:c8:d7:35:82:7c:a6:
                    33:43:2b:56:43:9f:e1:09:d4:5f:ec:8b:24:ae:5a:
                    a1:3d:ba:69:eb:44:12:11:88:dd:7b:6b:d5:5b:01:
                    3b:be:c1:82:04:a1:77:33:18:4d:c4:41:39:59:29:
                    09:31:c4:fb:90:85:b9:89:ff:0a:37:75:83:3a:54:
                    a7:36:b4:3d:54:b7:da:a6:38:6f:3e:e8:3f:3a:5f:
                    4e:74:43:8f:d3:26:12:8c:2a:8f:41:11:7e:0a:48:
                    26:c9:dd:34:33:da:62:89:b5:b3:a6:6b:45:c7:d0:
                    84:e7:4f:d5:53:b8:98:f0:35:c3:c4:40:05:f2:00:
                    a1:f7:99:52:da:42:56:4d:4c:8b:28:53:5d:d8:21:
                    47:7d:a2:54:8c:84:65:40:2e:42:a0:3d:c0:71:a2:
                    20:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:31:85:C1:38:1D:D2:E1:CD:BE:F7:04:C4:03:9F:B8:76:DC:60:BB
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/XTGFwTgd0uHNvvcExAOfuHbcYLs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         79:25:a2:76:71:13:0c:72:fa:ed:7e:b4:43:9d:e2:9f:8f:d7:
         86:d4:61:99:41:03:02:a3:4d:be:ef:08:0d:a6:7d:b8:4d:cd:
         d0:61:9b:bd:ac:21:95:76:20:1b:b1:e9:cd:f6:5f:30:c3:2a:
         d4:11:e8:e1:fd:e1:ba:0e:d3:37:24:23:ff:ac:9f:fa:57:4a:
         58:9c:65:1b:84:b7:59:3a:a3:49:e9:56:6a:65:82:fd:64:98:
         bf:47:f6:4d:ec:89:c2:01:83:34:17:c9:cb:27:72:71:f5:ba:
         a9:47:1b:50:d3:69:76:1f:db:ce:f4:ad:07:3e:20:f2:45:8e:
         c3:e4:93:86:61:15:8d:75:f8:43:9e:b5:da:b8:0e:01:82:52:
         95:aa:79:b5:98:2a:92:56:5b:44:5e:64:cf:6f:63:5b:2f:db:
         6c:5c:1a:a8:59:41:25:24:a9:0d:97:06:e9:ef:95:65:60:01:
         49:72:df:4d:cd:f4:aa:d7:7d:5f:6d:88:cb:78:3f:bb:2c:5b:
         f1:12:dc:85:cc:58:f4:f6:41:b1:75:4c:b2:76:22:ed:8a:a3:
         06:f4:fd:1f:65:63:41:7c:17:88:8f:aa:04:76:ce:7e:e5:d2:
         99:93:f6:33:7a:17:77:56:0c:a2:92:e0:fa:8f:4a:be:5a:80:
         2f:11:de:4a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYjLZ98u2ybQiW2eLJcfynSmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjE3MjIwOTIyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDMxODVjMTM4MWRkMmUxY2RiZWY3MDRjNDAzOWZiODc2ZGM2MGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlow+D4zN9VnwGbYvnsNNJ4ulwVn1
dpGxt6Vsme4AcKX/C9lbykfZ78RqWeBP1pI5saTkvch3HaXmtq9+EHEQ4q2o1Bw3
G+IkjVHfmfl0lqCnanDtqae9+ghdgZDQK9IMiS3I1zWCfKYzQytWQ5/hCdRf7Isk
rlqhPbpp60QSEYjde2vVWwE7vsGCBKF3MxhNxEE5WSkJMcT7kIW5if8KN3WDOlSn
NrQ9VLfapjhvPug/Ol9OdEOP0yYSjCqPQRF+Ckgmyd00M9piibWzpmtFx9CE50/V
U7iY8DXDxEAF8gCh95lS2kJWTUyLKFNd2CFHfaJUjIRlQC5CoD3AcaIgDwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFF0xhcE4HdLhzb73BMQDn7h23GC7MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvWFRHRndUZ2QwdUhOdnZjRXhBT2Z1SGJjWUxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHklonZxEwxy+u1+tEOd
4p+P14bUYZlBAwKjTb7vCA2mfbhNzdBhm72sIZV2IBux6c32XzDDKtQR6OH94boO
0zckI/+sn/pXSlicZRuEt1k6o0npVmplgv1kmL9H9k3sicIBgzQXycsncnH1uqlH
G1DTaXYf2870rQc+IPJFjsPkk4ZhFY11+EOetdq4DgGCUpWqebWYKpJWW0ReZM9v
Y1sv22xcGqhZQSUkqQ2XBunvlWVgAUly303N9KrXfV9tiMt4P7ssW/ES3IXMWPT2
QbF1TLJ2Iu2Kowb0/R9lY0F8F4iPqgR2zn7l0pmT9jN6F3dWDKKS4PqPSr5agC8R
3ko=
-----END CERTIFICATE-----