Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/_p2wtXFT5O-Y2JenjOL-Kb1lFPU.roa
File:                     _p2wtXFT5O-Y2JenjOL-Kb1lFPU.roa (raw, json)
Hash identifier:          CTupvMa2pEPHyXa9YYugSmENm6s8LlKn4veLsFuk9oY=
Subject key identifier:   FE:9D:B0:B5:71:53:E4:EF:98:D8:97:A7:8C:E2:FE:29:BD:65:14:F5
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01888618CC80125B0B9B60D67A0ADB1810A2
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/_p2wtXFT5O-Y2JenjOL-Kb1lFPU.roa
Signing time:             Sun 04 Jun 2023 11:09:12 +0000
ROA not before:           Sun 04 Jun 2023 11:09:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:86:18:cc:80:12:5b:0b:9b:60:d6:7a:0a:db:18:10:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  4 11:09:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fe9db0b57153e4ef98d897a78ce2fe29bd6514f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:39:da:dd:9c:13:88:2b:58:ef:13:46:ca:cc:
                    86:6d:0c:ad:01:79:73:22:5a:bd:20:d7:8e:2c:28:
                    6a:f9:5f:a3:f3:da:b6:35:dc:b0:89:7c:84:31:f5:
                    08:ca:fe:fc:62:c1:35:12:b0:7f:25:be:59:2c:c5:
                    75:a1:00:97:d9:4b:5c:5a:07:80:28:40:d6:d7:f9:
                    90:12:bd:56:15:04:7d:d9:9c:28:95:5c:45:27:3e:
                    b4:cf:21:72:c9:81:1b:ee:97:7c:fd:1a:15:6f:3f:
                    f4:3e:5d:25:e0:0b:ab:b9:3c:e7:c3:69:d8:5d:26:
                    de:16:b9:1c:0c:c6:7b:c0:0f:06:3c:87:4c:24:41:
                    ed:63:a4:8e:6b:99:31:5a:8b:4c:43:05:10:36:21:
                    98:bc:bb:77:13:88:ae:97:d7:b7:81:d2:81:48:18:
                    65:82:65:d6:14:c6:3c:d6:74:ce:5d:e7:c5:b1:b6:
                    57:0d:cc:61:a2:9b:cd:76:d0:3d:90:40:df:10:e6:
                    37:51:e6:20:1a:80:f6:49:29:a6:5d:25:23:0e:b3:
                    7e:c1:7a:ad:6e:c9:e4:9a:f1:62:69:6e:be:37:f5:
                    e6:1b:58:be:3d:ae:0d:43:03:7a:d5:0b:d7:ac:fc:
                    97:1b:c4:aa:e6:e8:b8:5d:a4:47:c3:ad:6e:66:f2:
                    e1:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:9D:B0:B5:71:53:E4:EF:98:D8:97:A7:8C:E2:FE:29:BD:65:14:F5
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/_p2wtXFT5O-Y2JenjOL-Kb1lFPU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:13:11:60:26:14:e6:b1:ed:71:d9:99:1f:fb:11:47:7c:73:
         a5:59:c3:f5:f5:2c:8a:45:65:b1:d3:16:ee:7a:53:b1:a7:27:
         88:3f:9b:c1:69:69:04:e0:63:29:68:80:44:8a:1b:98:78:39:
         5d:db:d2:c7:cc:e1:d3:fa:b8:bb:9c:4c:9c:84:e9:a0:32:d7:
         66:7c:1f:66:e2:38:cc:5d:35:f9:b8:17:2c:79:6b:76:36:28:
         49:bb:95:13:d3:a1:90:00:54:30:de:8b:79:5c:54:dd:ea:a8:
         d4:19:38:16:bc:a5:65:a2:ce:92:bf:b3:c7:f7:69:ad:cb:ed:
         71:52:27:7c:18:d4:19:68:31:64:e3:71:fd:12:51:fc:f5:d3:
         a2:25:cf:9f:5b:37:73:b5:6b:fe:54:66:6a:7c:a8:bc:fa:26:
         ac:4a:73:67:53:8c:e6:d3:7a:3e:db:34:c8:6f:b5:d1:ec:54:
         8b:05:ef:06:5b:1e:c2:75:a3:85:ca:65:5e:0a:26:af:60:ad:
         1d:3a:2c:d6:98:6f:b1:fc:63:51:4e:92:26:92:01:eb:e1:3a:
         2e:4b:e2:dc:52:03:ef:86:2d:21:39:5e:85:18:82:fe:45:99:
         d7:3c:92:6d:f1:4d:64:52:8a:e4:93:59:1c:3b:7a:3f:a1:2b:
         82:f8:ea:4d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiGGMyAElsLm2DWegrbGBCiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA0MTEwOTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTlkYjBiNTcxNTNlNGVmOThkODk3YTc4Y2UyZmUyOWJkNjUxNGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhTna3ZwTiCtY7xNGysyGbQytAXlz
Ilq9INeOLChq+V+j89q2NdywiXyEMfUIyv78YsE1ErB/Jb5ZLMV1oQCX2UtcWgeA
KEDW1/mQEr1WFQR92ZwolVxFJz60zyFyyYEb7pd8/RoVbz/0Pl0l4AuruTznw2nY
XSbeFrkcDMZ7wA8GPIdMJEHtY6SOa5kxWotMQwUQNiGYvLt3E4iul9e3gdKBSBhl
gmXWFMY81nTOXefFsbZXDcxhopvNdtA9kEDfEOY3UeYgGoD2SSmmXSUjDrN+wXqt
bsnkmvFiaW6+N/XmG1i+Pa4NQwN61QvXrPyXG8Sq5ui4XaRHw61uZvLhoQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFP6dsLVxU+TvmNiXp4zi/im9ZRT1MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvX3Ayd3RYRlQ1Ty1ZMkplbmpPTC1LYjFsRlBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFITEWAmFOax7XHZmR/7
EUd8c6VZw/X1LIpFZbHTFu56U7GnJ4g/m8FpaQTgYylogESKG5h4OV3b0sfM4dP6
uLucTJyE6aAy12Z8H2biOMxdNfm4Fyx5a3Y2KEm7lRPToZAAVDDei3lcVN3qqNQZ
OBa8pWWizpK/s8f3aa3L7XFSJ3wY1BloMWTjcf0SUfz106Ilz59bN3O1a/5UZmp8
qLz6JqxKc2dTjObTej7bNMhvtdHsVIsF7wZbHsJ1o4XKZV4KJq9grR06LNaYb7H8
Y1FOkiaSAevhOi5L4txSA++GLSE5XoUYgv5Fmdc8km3xTWRSiuSTWRw7ej+hK4L4
6k0=
-----END CERTIFICATE-----