Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/bECgZsIMCxXkRYSrlwTCQgy9e4A.roa
File:                     bECgZsIMCxXkRYSrlwTCQgy9e4A.roa (raw, json)
Hash identifier:          t8vpBGz4j9HAp6ePtMiuzHb4eRgnGhYBSalcQEjlFXM=
Subject key identifier:   6C:40:A0:66:C2:0C:0B:15:E4:45:84:AB:97:04:C2:42:0C:BD:7B:80
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01887593470EEDA969987211FC94116BC12A
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/bECgZsIMCxXkRYSrlwTCQgy9e4A.roa
Signing time:             Thu 01 Jun 2023 06:09:26 +0000
ROA not before:           Thu 01 Jun 2023 06:09:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:75:93:47:0e:ed:a9:69:98:72:11:fc:94:11:6b:c1:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  1 06:09:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6c40a066c20c0b15e44584ab9704c2420cbd7b80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:e5:85:68:da:92:b9:56:29:80:d0:17:49:df:
                    57:4b:41:6c:b8:f7:45:c1:50:ef:92:70:7e:38:9c:
                    de:95:ad:c6:d2:ee:47:7d:6a:49:3f:fe:e9:76:54:
                    a0:ba:ae:76:ee:6a:70:a8:d2:5a:9d:13:08:32:d2:
                    38:3a:43:ce:d6:5b:55:f0:11:c2:e6:59:9c:3d:db:
                    67:8b:b7:1b:82:82:48:ba:64:f1:b9:c1:e8:44:c8:
                    72:9f:eb:97:6a:4b:83:83:c3:e0:d4:72:c7:ec:02:
                    b7:1c:a9:7d:d9:ff:74:ef:fc:4b:ee:05:52:56:42:
                    c4:21:ab:b8:d7:c6:f0:0b:0a:0a:a4:8b:58:48:8c:
                    07:08:7a:6a:d4:9d:ab:00:33:2f:03:c9:42:d8:ae:
                    d1:14:84:76:2b:76:da:4b:92:ef:3c:85:30:67:30:
                    81:f9:11:7f:f5:73:51:5f:ad:10:0d:6e:e8:90:91:
                    67:1a:b7:2b:c9:7c:59:bf:71:31:9e:a8:48:8e:59:
                    06:9c:22:ed:d2:23:b6:43:46:47:35:fc:c6:a8:bc:
                    cb:08:43:b1:d6:14:9f:46:bc:13:d7:82:ac:74:e8:
                    1c:b1:06:aa:fd:44:4e:55:1c:64:c0:41:bd:11:fc:
                    1f:6f:f8:85:64:2f:df:db:05:e7:c1:43:5e:bd:ba:
                    bd:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:40:A0:66:C2:0C:0B:15:E4:45:84:AB:97:04:C2:42:0C:BD:7B:80
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/bECgZsIMCxXkRYSrlwTCQgy9e4A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:19:ab:36:a9:34:8f:74:5a:05:b0:b4:dd:67:44:97:a3:f7:
         4f:7d:2c:09:f0:ee:b8:80:c6:0b:56:1f:6f:c6:4b:76:57:cf:
         e2:51:6a:9f:d4:a4:a3:0b:c0:16:10:ec:02:95:f6:c9:dd:11:
         34:b8:57:78:3d:b0:ce:b4:b3:3d:fa:c9:34:7e:94:ae:7e:96:
         9d:e0:6a:4d:fe:90:4d:1f:a9:e3:f7:b4:d4:f5:a5:74:07:08:
         f7:30:9d:6b:69:a8:95:31:33:92:de:9e:18:9f:c8:bb:3a:79:
         94:70:83:70:45:6b:e8:eb:0c:45:c2:3c:1f:54:ca:c3:e0:2c:
         77:6d:28:ff:06:9e:3f:9b:b9:18:1b:1e:3d:e3:08:c0:ff:80:
         71:19:5c:91:28:04:c9:b5:02:12:43:c7:26:3f:5c:a3:70:2f:
         0b:31:64:74:d8:94:38:ee:a8:6c:c9:26:3d:2e:37:4e:e9:7f:
         24:01:ee:dc:28:cc:d6:57:bc:9f:a8:ea:eb:e6:75:50:7a:60:
         1c:c1:5d:f4:54:fa:3b:43:e3:bd:e5:ed:13:ee:47:79:d0:d6:
         8e:b3:57:5c:16:03:b6:16:3e:19:58:8d:da:18:45:bd:dd:90:
         d0:32:8f:6d:a6:4f:a3:7f:a4:57:53:c7:3f:1b:55:36:f9:52:
         6c:40:8d:c5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYh1k0cO7alpmHIR/JQRa8EqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjAxMDYwOTI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzQwYTA2NmMyMGMwYjE1ZTQ0NTg0YWI5NzA0YzI0MjBjYmQ3YjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi+WFaNqSuVYpgNAXSd9XS0FsuPdF
wVDvknB+OJzela3G0u5HfWpJP/7pdlSguq527mpwqNJanRMIMtI4OkPO1ltV8BHC
5lmcPdtni7cbgoJIumTxucHoRMhyn+uXakuDg8Pg1HLH7AK3HKl92f907/xL7gVS
VkLEIau418bwCwoKpItYSIwHCHpq1J2rADMvA8lC2K7RFIR2K3baS5LvPIUwZzCB
+RF/9XNRX60QDW7okJFnGrcryXxZv3ExnqhIjlkGnCLt0iO2Q0ZHNfzGqLzLCEOx
1hSfRrwT14KsdOgcsQaq/UROVRxkwEG9Efwfb/iFZC/f2wXnwUNevbq9PwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGxAoGbCDAsV5EWEq5cEwkIMvXuAMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvYkVDZ1pzSU1DeFhrUllTcmx3VENRZ3k5ZTRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAYZqzapNI90WgWwtN1n
RJej9099LAnw7riAxgtWH2/GS3ZXz+JRap/UpKMLwBYQ7AKV9sndETS4V3g9sM60
sz36yTR+lK5+lp3gak3+kE0fqeP3tNT1pXQHCPcwnWtpqJUxM5LenhifyLs6eZRw
g3BFa+jrDEXCPB9UysPgLHdtKP8Gnj+buRgbHj3jCMD/gHEZXJEoBMm1AhJDxyY/
XKNwLwsxZHTYlDjuqGzJJj0uN07pfyQB7twozNZXvJ+o6uvmdVB6YBzBXfRU+jtD
473l7RPuR3nQ1o6zV1wWA7YWPhlYjdoYRb3dkNAyj22mT6N/pFdTxz8bVTb5UmxA
jcU=
-----END CERTIFICATE-----