Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/_chVXWfLzVG7TUUDSexHPHwpRis.roa
File:                     _chVXWfLzVG7TUUDSexHPHwpRis.roa (raw, json)
Hash identifier:          HDCPWzhksgtGMaPx7eXTy+JY2TSKjYLdS8aycXUpdyU=
Subject key identifier:   FD:C8:55:5D:67:CB:CD:51:BB:4D:45:03:49:EC:47:3C:7C:29:46:2B
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01897480D472DE2EA554D16EAB7DD8460CB5
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/_chVXWfLzVG7TUUDSexHPHwpRis.roa
Signing time:             Thu 20 Jul 2023 18:12:27 +0000
ROA not before:           Thu 20 Jul 2023 18:12:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:74:80:d4:72:de:2e:a5:54:d1:6e:ab:7d:d8:46:0c:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 20 18:12:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fdc8555d67cbcd51bb4d450349ec473c7c29462b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:e3:4e:b2:da:78:fd:79:1d:04:15:53:25:78:
                    50:d5:11:51:ec:e5:47:19:49:9b:e0:0d:61:d3:af:
                    01:62:30:98:ea:d9:81:d8:12:05:22:ec:82:08:51:
                    8b:31:24:b8:19:e3:af:23:d4:ce:6f:6c:5f:3e:82:
                    de:a3:02:57:28:0f:36:40:8a:8f:19:46:3c:26:7d:
                    f8:d9:3e:00:89:9f:c7:04:14:84:e2:cf:32:33:30:
                    b6:cc:9d:06:95:3a:9b:4b:bd:0a:04:48:ac:b3:fe:
                    bf:3c:49:70:0b:56:fd:71:bf:b1:59:c1:90:b4:c4:
                    d4:64:c1:bf:0e:77:ef:65:85:11:23:f8:7f:a4:35:
                    a8:f8:75:14:37:3a:65:30:ea:4b:a3:3c:92:3f:dc:
                    0d:93:07:ff:85:14:d8:cf:49:1c:16:f7:db:a2:a2:
                    ac:5b:5c:ae:13:f7:83:9f:5a:dc:b3:6f:67:e6:be:
                    b5:7e:71:9a:1d:67:fb:77:48:51:5e:43:b4:bd:ea:
                    e2:31:4f:87:0f:89:1d:d9:25:7b:47:68:2b:3c:c0:
                    5f:03:95:e3:fb:86:51:bd:86:21:e5:61:55:4f:d4:
                    1c:61:c6:47:7c:bf:c3:8b:ba:8a:d2:03:ec:61:63:
                    96:14:f3:ce:00:7e:a6:42:ef:8f:d5:5c:93:08:39:
                    0f:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:C8:55:5D:67:CB:CD:51:BB:4D:45:03:49:EC:47:3C:7C:29:46:2B
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/_chVXWfLzVG7TUUDSexHPHwpRis.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         11:4a:70:cb:34:1f:a4:99:af:d2:5d:24:ff:1c:e4:eb:16:b7:
         c1:e1:87:71:34:6f:f1:50:7b:f8:3f:85:25:c8:54:13:3c:65:
         40:4d:55:ba:f1:9f:f8:b7:b6:ba:98:09:e5:8e:d0:20:27:6f:
         cc:63:fd:c3:e3:e6:52:3f:ee:85:3b:2e:12:37:d3:f4:ab:28:
         0a:d7:a0:37:43:f5:0f:97:98:75:2f:e0:37:3b:c5:b3:c3:8a:
         5e:9d:cc:e2:25:74:93:49:23:e0:a5:c6:b7:e5:fa:7e:c1:4d:
         41:84:0a:90:c0:ec:38:ae:61:80:48:78:96:ba:4e:df:95:86:
         be:2d:ca:8f:7c:ab:43:73:52:ed:63:00:8a:cc:e9:fd:25:12:
         4e:6f:09:a2:86:7c:18:8b:f7:14:93:b8:c1:3e:40:5a:b3:d1:
         cf:4f:1f:28:14:dc:2f:75:01:4c:3b:d1:11:06:63:fb:43:01:
         66:83:c7:22:fc:1b:03:1d:09:06:43:ce:fa:69:75:5d:b4:0d:
         03:58:05:8e:6b:41:66:78:84:c8:f7:8b:42:d1:75:89:39:eb:
         dc:ce:bf:de:5c:e9:46:5c:dd:29:12:93:ad:46:0d:ed:89:b4:
         8f:de:f9:a6:e8:ce:e6:9f:2d:84:4b:39:71:04:36:33:77:39:
         a8:65:f2:6a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYl0gNRy3i6lVNFuq33YRgy1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzIwMTgxMjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGM4NTU1ZDY3Y2JjZDUxYmI0ZDQ1MDM0OWVjNDczYzdjMjk0NjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhONOstp4/XkdBBVTJXhQ1RFR7OVH
GUmb4A1h068BYjCY6tmB2BIFIuyCCFGLMSS4GeOvI9TOb2xfPoLeowJXKA82QIqP
GUY8Jn342T4AiZ/HBBSE4s8yMzC2zJ0GlTqbS70KBEiss/6/PElwC1b9cb+xWcGQ
tMTUZMG/DnfvZYURI/h/pDWo+HUUNzplMOpLozySP9wNkwf/hRTYz0kcFvfboqKs
W1yuE/eDn1rcs29n5r61fnGaHWf7d0hRXkO0veriMU+HD4kd2SV7R2grPMBfA5Xj
+4ZRvYYh5WFVT9QcYcZHfL/Di7qK0gPsYWOWFPPOAH6mQu+P1VyTCDkPdQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFP3IVV1ny81Ru01FA0nsRzx8KUYrMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvX2NoVlhXZkx6Vkc3VFVVRFNleEhQSHdwUmlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABFKcMs0H6SZr9JdJP8c
5OsWt8Hhh3E0b/FQe/g/hSXIVBM8ZUBNVbrxn/i3trqYCeWO0CAnb8xj/cPj5lI/
7oU7LhI30/SrKArXoDdD9Q+XmHUv4Dc7xbPDil6dzOIldJNJI+Clxrfl+n7BTUGE
CpDA7DiuYYBIeJa6Tt+Vhr4tyo98q0NzUu1jAIrM6f0lEk5vCaKGfBiL9xSTuME+
QFqz0c9PHygU3C91AUw70REGY/tDAWaDxyL8GwMdCQZDzvppdV20DQNYBY5rQWZ4
hMj3i0LRdYk569zOv95c6UZc3SkSk61GDe2JtI/e+abozuafLYRLOXEENjN3Oahl
8mo=
-----END CERTIFICATE-----