Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Xi-gpxY25VmQ-_zRvbe8P3h3y7Q.roa
File:                     Xi-gpxY25VmQ-_zRvbe8P3h3y7Q.roa (raw, json)
Hash identifier:          GG74f9wdjI6MB0IySwv2NMJofo6OwTQe+iHoXbiEdMs=
Subject key identifier:   5E:2F:A0:A7:16:36:E5:59:90:FB:FC:D1:BD:B7:BC:3F:78:77:CB:B4
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188A45BFD5FC0C05FCF7C81D82E90C5BADB
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Xi-gpxY25VmQ-_zRvbe8P3h3y7Q.roa
Signing time:             Sat 10 Jun 2023 08:11:12 +0000
ROA not before:           Sat 10 Jun 2023 08:11:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:a4:5b:fd:5f:c0:c0:5f:cf:7c:81:d8:2e:90:c5:ba:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 10 08:11:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5e2fa0a71636e55990fbfcd1bdb7bc3f7877cbb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:2c:5f:d1:d7:a2:6e:a7:8c:be:b2:54:94:cc:
                    38:c3:18:47:86:a5:ae:5a:d7:5d:4a:ba:66:b0:6f:
                    45:19:69:d2:d7:6f:7e:54:bb:e6:3c:e7:07:d6:1f:
                    b7:af:d6:05:ac:07:de:b6:d4:9f:0e:82:f2:b7:80:
                    ed:20:3b:6e:6e:7e:81:85:11:c7:11:9b:3b:b1:16:
                    a9:f1:68:3c:df:d1:ce:5b:e8:a4:4e:6c:c4:a9:81:
                    fb:88:74:e1:13:75:0f:8e:fd:6c:46:dc:9e:07:94:
                    0e:c9:94:40:19:1e:4e:9b:cc:c2:a6:30:85:83:3d:
                    ef:2f:37:f8:f6:50:30:49:2a:26:3d:6a:76:a4:1f:
                    7f:bf:47:50:16:9b:24:db:0c:4c:72:04:0d:58:69:
                    ee:ce:c6:86:1a:50:c7:98:00:6e:d3:67:4a:d8:72:
                    e5:64:5c:b0:2b:69:3a:b7:f5:55:ff:fd:64:98:85:
                    70:19:f5:50:26:62:21:77:4c:1d:fe:e3:98:0a:6b:
                    00:72:ef:50:52:7f:8d:86:d3:68:0f:5d:8b:06:cd:
                    23:e0:78:6e:7d:c6:bf:47:f0:d2:86:e0:2e:c3:c2:
                    10:9a:f7:c4:f8:7a:39:f8:ba:c7:7a:b5:ee:02:2f:
                    33:36:26:db:e9:45:2b:71:aa:96:32:bb:7c:5e:57:
                    c0:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:2F:A0:A7:16:36:E5:59:90:FB:FC:D1:BD:B7:BC:3F:78:77:CB:B4
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Xi-gpxY25VmQ-_zRvbe8P3h3y7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         ab:a8:bf:cc:d3:6f:32:b4:15:78:1e:8a:26:a6:9a:67:04:8e:
         c9:4a:48:ce:4e:c3:ed:62:c2:ec:37:70:4e:95:96:d3:ff:99:
         8a:51:8d:84:85:3e:b0:8d:e0:dd:af:3a:70:a0:96:d6:fc:da:
         db:93:7a:51:24:cd:a3:9b:50:c8:d4:76:95:6b:fe:6f:23:cb:
         53:e1:65:06:13:4d:d4:a8:ba:5e:bd:78:2a:7d:8b:ad:4b:f6:
         7e:11:71:6c:32:68:89:bc:1e:f5:75:90:0a:3c:d3:38:38:46:
         fa:9e:eb:b6:5d:f6:6b:fd:f8:e4:ab:3a:41:4e:47:ed:34:09:
         e2:37:72:ac:0b:7a:bc:16:5f:84:4d:93:75:b7:d8:d2:16:f1:
         df:45:ef:ae:2e:a4:26:3b:3e:e8:ed:99:eb:c7:82:7c:db:4f:
         bb:76:d6:6a:3f:77:72:10:1d:43:c4:93:63:d2:9a:ed:ed:47:
         45:27:c4:a1:12:07:0e:57:db:2f:c9:b2:28:ce:23:d6:92:87:
         92:f5:21:30:00:24:ef:e8:97:de:3e:33:91:4a:26:66:ac:8e:
         83:32:f0:1b:69:1d:78:3f:fd:0b:ff:68:94:61:0e:bb:88:e5:
         86:60:fb:bf:23:4d:51:90:22:97:45:c1:0b:f0:b1:f6:21:09:
         4d:d7:df:31
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYikW/1fwMBfz3yB2C6QxbrbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjEwMDgxMTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTJmYTBhNzE2MzZlNTU5OTBmYmZjZDFiZGI3YmMzZjc4NzdjYmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCxf0deibqeMvrJUlMw4wxhHhqWu
WtddSrpmsG9FGWnS129+VLvmPOcH1h+3r9YFrAfettSfDoLyt4DtIDtubn6BhRHH
EZs7sRap8Wg839HOW+ikTmzEqYH7iHThE3UPjv1sRtyeB5QOyZRAGR5Om8zCpjCF
gz3vLzf49lAwSSomPWp2pB9/v0dQFpsk2wxMcgQNWGnuzsaGGlDHmABu02dK2HLl
ZFywK2k6t/VV//1kmIVwGfVQJmIhd0wd/uOYCmsAcu9QUn+NhtNoD12LBs0j4Hhu
fca/R/DShuAuw8IQmvfE+Ho5+LrHerXuAi8zNibb6UUrcaqWMrt8XlfA9wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFF4voKcWNuVZkPv80b23vD94d8u0MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvWGktZ3B4WTI1Vm1RLV96UnZiZThQM2gzeTdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKuov8zTbzK0FXgeiiam
mmcEjslKSM5Ow+1iwuw3cE6VltP/mYpRjYSFPrCN4N2vOnCgltb82tuTelEkzaOb
UMjUdpVr/m8jy1PhZQYTTdSoul69eCp9i61L9n4RcWwyaIm8HvV1kAo80zg4Rvqe
67Zd9mv9+OSrOkFOR+00CeI3cqwLerwWX4RNk3W32NIW8d9F764upCY7PujtmevH
gnzbT7t21mo/d3IQHUPEk2PSmu3tR0UnxKESBw5X2y/JsijOI9aSh5L1ITAAJO/o
l94+M5FKJmasjoMy8BtpHXg//Qv/aJRhDruI5YZg+78jTVGQIpdFwQvwsfYhCU3X
3zE=
-----END CERTIFICATE-----