Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ai2-886a2l4OvYRER6QW32sTS44.roa
File:                     ai2-886a2l4OvYRER6QW32sTS44.roa (raw, json)
Hash identifier:          FKe6PdtyGSlo4BbKmXxhmoh0P43+gW9eiiz2mYgRnhU=
Subject key identifier:   6A:2D:BE:F3:CE:9A:DA:5E:0E:BD:84:44:47:A4:16:DF:6B:13:4B:8E
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188D7A1CA5C1716768A82D178E9E2CDF64B
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ai2-886a2l4OvYRER6QW32sTS44.roa
Signing time:             Tue 20 Jun 2023 07:08:04 +0000
ROA not before:           Tue 20 Jun 2023 07:08:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:d7:a1:ca:5c:17:16:76:8a:82:d1:78:e9:e2:cd:f6:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 20 07:08:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6a2dbef3ce9ada5e0ebd844447a416df6b134b8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:89:5b:eb:b0:8a:05:9d:06:46:b0:6f:cc:4b:
                    e1:3c:d2:32:55:81:03:8b:49:2c:01:ff:65:f4:19:
                    1c:4b:ef:f8:0f:dd:ad:70:a8:84:c7:2c:f0:bb:e8:
                    00:3b:73:01:fa:b3:66:96:57:e0:19:a6:50:b4:ec:
                    e2:b1:7e:22:b9:a8:c6:87:af:53:12:ca:e1:29:40:
                    56:6b:a7:f2:ae:72:34:1d:b4:79:6d:8c:a1:5d:e5:
                    86:29:8d:bc:fe:48:dc:e4:7f:30:6a:88:f4:80:3e:
                    aa:83:3a:06:20:54:5a:ba:b1:d3:85:65:10:be:03:
                    94:46:f5:a4:d4:0a:ff:04:6e:ed:95:ba:a1:e2:ae:
                    04:cd:a9:0d:4f:b8:ae:ea:d5:26:7d:a0:fb:e5:78:
                    4a:7f:2b:b1:9a:a9:65:ec:44:2e:02:65:49:04:46:
                    71:a6:91:c0:3e:3a:28:5a:57:81:8a:48:9d:a6:28:
                    b9:00:c9:4c:93:25:9b:52:4d:45:3e:c4:fc:c0:8a:
                    d7:98:3d:5c:6f:fe:c0:92:30:a8:5c:64:90:bc:2b:
                    10:dd:23:50:d3:2e:30:d3:70:47:53:f0:28:3d:17:
                    06:50:1e:75:c5:1b:0b:bd:b1:1b:fd:19:7a:9a:3c:
                    58:d3:38:78:dc:57:97:02:ec:0c:29:2e:91:ac:f4:
                    56:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:2D:BE:F3:CE:9A:DA:5E:0E:BD:84:44:47:A4:16:DF:6B:13:4B:8E
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ai2-886a2l4OvYRER6QW32sTS44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         ab:0a:64:17:a3:e5:c6:01:99:ca:33:05:37:5b:18:9f:18:95:
         be:d4:53:b2:37:81:aa:7e:d5:49:fd:5a:60:9a:a7:25:73:42:
         10:2f:5f:35:27:0c:b9:3e:21:d7:60:43:20:52:20:8b:cc:f9:
         94:6e:69:36:fe:13:b4:40:3a:1e:9f:fa:b9:c7:dd:7a:60:cc:
         c0:74:e1:47:e5:8c:8d:b7:4b:5b:86:72:41:bf:c8:7b:a5:ab:
         e4:3c:95:74:59:ab:f7:ae:43:68:86:8f:31:30:7b:4a:13:46:
         f3:83:ee:63:ee:71:b1:83:80:24:3f:6e:58:c9:02:50:9b:b9:
         6a:40:38:9c:47:b1:68:a2:f5:7f:05:2f:ed:59:95:d7:a8:5f:
         e2:1d:9c:8c:81:48:e6:51:c9:f8:e2:a3:0f:85:7e:6a:72:ec:
         c3:51:d7:a3:c3:b9:9e:e2:f0:ad:f9:18:11:12:f9:a7:00:8d:
         4f:48:43:cc:04:97:27:81:da:32:ae:d9:5d:7d:e4:dc:0c:b0:
         85:e5:ed:6d:56:89:3c:9c:20:2c:72:5d:47:cd:cf:0c:63:da:
         2d:bb:82:0f:b1:e1:f2:33:9b:7b:5b:e9:10:3c:ac:19:7c:09:
         3b:69:4b:2b:a6:22:22:79:8e:bf:a0:e9:b1:af:e9:cf:3a:fd:
         d8:3b:c5:7b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYjXocpcFxZ2ioLReOnizfZLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjIwMDcwODA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTJkYmVmM2NlOWFkYTVlMGViZDg0NDQ0N2E0MTZkZjZiMTM0YjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh4lb67CKBZ0GRrBvzEvhPNIyVYED
i0ksAf9l9BkcS+/4D92tcKiExyzwu+gAO3MB+rNmllfgGaZQtOzisX4iuajGh69T
EsrhKUBWa6fyrnI0HbR5bYyhXeWGKY28/kjc5H8waoj0gD6qgzoGIFRaurHThWUQ
vgOURvWk1Ar/BG7tlbqh4q4EzakNT7iu6tUmfaD75XhKfyuxmqll7EQuAmVJBEZx
ppHAPjooWleBikidpii5AMlMkyWbUk1FPsT8wIrXmD1cb/7AkjCoXGSQvCsQ3SNQ
0y4w03BHU/AoPRcGUB51xRsLvbEb/Rl6mjxY0zh43FeXAuwMKS6RrPRWjwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGotvvPOmtpeDr2EREekFt9rE0uOMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvYWkyLTg4NmEybDRPdllSRVI2UVczMnNUUzQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKsKZBej5cYBmcozBTdb
GJ8Ylb7UU7I3gap+1Un9WmCapyVzQhAvXzUnDLk+IddgQyBSIIvM+ZRuaTb+E7RA
Oh6f+rnH3XpgzMB04UfljI23S1uGckG/yHulq+Q8lXRZq/euQ2iGjzEwe0oTRvOD
7mPucbGDgCQ/bljJAlCbuWpAOJxHsWii9X8FL+1ZldeoX+IdnIyBSOZRyfjiow+F
fmpy7MNR16PDuZ7i8K35GBES+acAjU9IQ8wElyeB2jKu2V195NwMsIXl7W1WiTyc
ICxyXUfNzwxj2i27gg+x4fIzm3tb6RA8rBl8CTtpSyumIiJ5jr+g6bGv6c86/dg7
xXs=
-----END CERTIFICATE-----