Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Yca45gprqlb0svxJk5lMz31I0dQ.roa
File:                     Yca45gprqlb0svxJk5lMz31I0dQ.roa (raw, json)
Hash identifier:          SzIUkdcKumxk9QsuJ2Tt2iJlg3f3BqZ3Kg1QZvQf7UI=
Subject key identifier:   61:C6:B8:E6:0A:6B:AA:56:F4:B2:FC:49:93:99:4C:CF:7D:48:D1:D4
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188AB01F4AF45E44FD7BD2928E6DC08C119
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Yca45gprqlb0svxJk5lMz31I0dQ.roa
Signing time:             Sun 11 Jun 2023 15:10:12 +0000
ROA not before:           Sun 11 Jun 2023 15:10:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:ab:01:f4:af:45:e4:4f:d7:bd:29:28:e6:dc:08:c1:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 11 15:10:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=61c6b8e60a6baa56f4b2fc4993994ccf7d48d1d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:8e:8b:67:69:1b:e3:73:54:b2:f2:3c:f0:c6:
                    00:c1:52:7b:3b:c2:04:25:6b:58:db:a8:f3:01:01:
                    dc:eb:e4:54:0c:a3:06:fc:ce:99:6b:14:88:fb:30:
                    a6:28:87:ff:7d:52:5c:f9:f7:42:b6:da:27:4e:95:
                    51:f9:d7:e4:b2:7a:3b:c3:61:8d:f2:af:96:ab:4d:
                    9e:a8:06:4e:ad:fe:d2:45:ed:25:32:1f:ce:7a:20:
                    05:3a:6c:a7:1c:f7:a0:9f:c1:03:97:4b:21:1e:8b:
                    3b:58:ad:0a:01:37:a1:21:da:b7:a8:75:d0:d8:d1:
                    cf:02:c7:84:3d:31:3a:07:6d:80:ce:24:fb:44:ea:
                    29:c4:a6:00:db:a2:25:01:6b:d2:ca:02:14:51:aa:
                    f1:84:91:82:86:75:63:f7:98:66:53:cf:d2:0e:d2:
                    df:e4:25:2f:49:a2:97:c7:8c:76:01:9b:35:08:76:
                    80:f0:56:95:53:8e:fa:39:22:33:be:fa:b8:6d:ef:
                    90:4f:07:5b:38:b4:e5:c0:4b:b6:aa:1f:86:bf:16:
                    78:0e:e6:b6:80:8a:ab:a1:0f:22:2b:97:be:0f:e0:
                    20:cc:0b:b7:04:79:af:68:65:02:e4:62:37:a6:89:
                    29:e2:f9:61:84:56:d3:47:32:d3:b2:98:44:36:4c:
                    5e:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:C6:B8:E6:0A:6B:AA:56:F4:B2:FC:49:93:99:4C:CF:7D:48:D1:D4
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Yca45gprqlb0svxJk5lMz31I0dQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:52:68:23:86:b5:e5:cc:01:14:fb:3e:ef:11:85:29:7a:50:
         94:0a:c1:30:77:32:1b:7b:9d:e0:93:45:4b:6c:dc:ef:1b:7e:
         61:e2:27:ed:31:32:7c:60:b5:d4:f7:1e:36:66:f8:3a:f8:78:
         e4:3d:81:da:37:3a:bb:0f:da:09:48:eb:99:fc:c7:20:27:af:
         74:58:a1:f1:03:03:be:d6:38:db:cb:3c:21:f1:f5:25:e2:ab:
         57:a4:43:e2:bd:05:96:9b:9e:82:1a:3c:7f:0a:a7:2b:56:42:
         3a:16:e7:0b:9a:aa:79:45:29:29:d5:04:27:36:18:08:f6:6e:
         87:8d:79:cd:f1:51:af:ad:cd:df:30:03:46:ac:56:13:05:9f:
         96:56:1a:42:18:18:3b:ad:22:82:8f:8a:b5:65:f9:75:06:62:
         2d:13:4f:17:58:2c:00:c2:d5:af:46:47:1b:ef:ec:66:a3:f9:
         94:50:89:a0:e6:0f:cc:ca:16:41:6e:81:ff:cd:29:10:9a:20:
         98:bb:56:28:80:b7:35:b8:81:20:40:21:1c:b3:d6:65:49:de:
         6b:ba:e5:89:c3:00:15:4f:78:31:c2:1a:3f:c6:37:c3:a8:2a:
         50:12:c9:bb:ef:fa:c9:7a:18:ed:26:38:c3:c9:38:55:d4:cc:
         dd:5a:f3:47
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYirAfSvReRP170pKObcCMEZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjExMTUxMDEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWM2YjhlNjBhNmJhYTU2ZjRiMmZjNDk5Mzk5NGNjZjdkNDhkMWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo46LZ2kb43NUsvI88MYAwVJ7O8IE
JWtY26jzAQHc6+RUDKMG/M6ZaxSI+zCmKIf/fVJc+fdCttonTpVR+dfksno7w2GN
8q+Wq02eqAZOrf7SRe0lMh/OeiAFOmynHPegn8EDl0shHos7WK0KATehIdq3qHXQ
2NHPAseEPTE6B22AziT7ROopxKYA26IlAWvSygIUUarxhJGChnVj95hmU8/SDtLf
5CUvSaKXx4x2AZs1CHaA8FaVU476OSIzvvq4be+QTwdbOLTlwEu2qh+GvxZ4Dua2
gIqroQ8iK5e+D+AgzAu3BHmvaGUC5GI3pokp4vlhhFbTRzLTsphENkxe0QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGHGuOYKa6pW9LL8SZOZTM99SNHUMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvWWNhNDVncHJxbGIwc3Z4Sms1bE16MzFJMGRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAG1SaCOGteXMART7Pu8R
hSl6UJQKwTB3Mht7neCTRUts3O8bfmHiJ+0xMnxgtdT3HjZm+Dr4eOQ9gdo3OrsP
2glI65n8xyAnr3RYofEDA77WONvLPCHx9SXiq1ekQ+K9BZabnoIaPH8KpytWQjoW
5wuaqnlFKSnVBCc2GAj2boeNec3xUa+tzd8wA0asVhMFn5ZWGkIYGDutIoKPirVl
+XUGYi0TTxdYLADC1a9GRxvv7Gaj+ZRQiaDmD8zKFkFugf/NKRCaIJi7ViiAtzW4
gSBAIRyz1mVJ3mu65YnDABVPeDHCGj/GN8OoKlASybvv+sl6GO0mOMPJOFXUzN1a
80c=
-----END CERTIFICATE-----