Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/bFMEFVWUQXCYTuckm9XqxK8obhE.roa
File:                     bFMEFVWUQXCYTuckm9XqxK8obhE.roa (raw, json)
Hash identifier:          eZWZcIQkjQ5poQYIRyHWEch0N76ps1ZMBRFxbBcGE1Y=
Subject key identifier:   6C:53:04:15:55:94:41:70:98:4E:E7:24:9B:D5:EA:C4:AF:28:6E:11
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01889E212501B67E8EB5391A8D3249326BCB
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/bFMEFVWUQXCYTuckm9XqxK8obhE.roa
Signing time:             Fri 09 Jun 2023 03:09:12 +0000
ROA not before:           Fri 09 Jun 2023 03:09:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:9e:21:25:01:b6:7e:8e:b5:39:1a:8d:32:49:32:6b:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  9 03:09:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6c53041555944170984ee7249bd5eac4af286e11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:9a:dc:f0:6a:d8:4f:f1:03:07:d0:1f:65:7e:
                    c7:49:57:1f:2c:70:ee:55:c7:41:40:14:3b:ca:fb:
                    d4:0d:7d:9c:bd:bf:ea:47:bd:c0:9f:3a:f5:dc:79:
                    0a:43:a2:9e:6e:49:98:53:cb:48:17:1b:f8:81:b5:
                    0f:94:d2:fb:b9:35:a4:91:5a:5f:ed:bb:34:e1:0b:
                    6a:56:cb:24:01:84:bb:54:59:cb:09:6c:4b:00:be:
                    e1:92:68:f0:03:1b:dc:ed:89:58:38:67:53:1a:9b:
                    d0:10:9b:34:1e:cd:c3:58:3c:29:c5:92:cf:0a:bb:
                    c0:dd:6e:a4:5f:2c:58:67:d2:3d:99:65:a6:aa:ef:
                    a0:8b:d3:a6:46:a1:40:0a:ac:45:c7:f5:42:77:70:
                    ee:40:4a:c9:87:0f:68:45:74:61:26:f3:44:4b:4d:
                    5b:21:df:f6:48:11:46:30:1a:0d:cb:7d:4f:17:b2:
                    af:e6:c0:2f:5c:2a:7f:77:32:a1:2e:85:cd:87:a8:
                    7f:ab:b3:55:9f:66:7c:3d:64:51:a8:39:1a:f2:5c:
                    74:d5:b4:e1:7c:dc:7b:9d:d1:10:d9:af:65:71:47:
                    e8:54:f8:36:22:76:40:2f:87:9d:42:7e:ff:eb:38:
                    3e:69:87:b3:a2:fb:20:87:8e:10:0a:f6:b9:7f:00:
                    10:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:53:04:15:55:94:41:70:98:4E:E7:24:9B:D5:EA:C4:AF:28:6E:11
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/bFMEFVWUQXCYTuckm9XqxK8obhE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         49:a8:5a:d7:51:1a:24:1a:47:11:ec:7c:e8:c8:8a:aa:59:1d:
         4b:87:41:9e:b6:f5:6a:99:22:44:11:f3:6d:d4:8c:28:e5:82:
         b5:ac:fd:ba:fd:f1:63:a0:2c:19:a2:e2:50:1e:55:8a:d8:b7:
         78:b4:00:af:14:e4:24:10:d3:65:9c:b0:fe:b5:69:40:bd:6d:
         d3:e4:88:34:bd:1b:dc:bc:73:3c:05:1f:08:8f:52:a4:76:ed:
         25:6f:22:a6:98:90:ca:ea:b1:ba:32:9e:b4:44:e4:92:15:83:
         b0:a7:26:3e:4e:d2:1a:c6:b8:59:78:47:8e:b4:64:1a:0f:ba:
         ca:f9:e6:bb:ca:eb:e5:4f:25:c0:7c:88:e9:04:df:e3:45:12:
         81:ce:e1:c1:d9:60:2a:cd:f1:27:6b:04:ba:5d:dd:35:f1:14:
         ef:cb:23:6a:f3:0c:0d:dc:b4:48:60:b6:b0:db:0b:11:8b:64:
         95:31:d3:12:e1:52:ca:0c:98:8f:6c:f3:f9:f7:26:88:65:6d:
         62:d5:2d:24:6b:57:87:63:00:9d:72:62:87:da:59:05:26:1f:
         e2:ea:1a:12:a1:2b:95:e8:b4:c9:4d:2f:dd:3f:e6:c0:cf:51:
         df:ad:3f:8c:65:30:f1:82:da:d7:3c:db:99:6f:67:6a:b0:15:
         3a:0f:c2:0e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYieISUBtn6OtTkajTJJMmvLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA5MDMwOTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzUzMDQxNTU1OTQ0MTcwOTg0ZWU3MjQ5YmQ1ZWFjNGFmMjg2ZTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhZrc8GrYT/EDB9AfZX7HSVcfLHDu
VcdBQBQ7yvvUDX2cvb/qR73Anzr13HkKQ6KebkmYU8tIFxv4gbUPlNL7uTWkkVpf
7bs04QtqVsskAYS7VFnLCWxLAL7hkmjwAxvc7YlYOGdTGpvQEJs0Hs3DWDwpxZLP
CrvA3W6kXyxYZ9I9mWWmqu+gi9OmRqFACqxFx/VCd3DuQErJhw9oRXRhJvNES01b
Id/2SBFGMBoNy31PF7Kv5sAvXCp/dzKhLoXNh6h/q7NVn2Z8PWRRqDka8lx01bTh
fNx7ndEQ2a9lcUfoVPg2InZAL4edQn7/6zg+aYezovsgh44QCva5fwAQRQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGxTBBVVlEFwmE7nJJvV6sSvKG4RMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvYkZNRUZWV1VRWENZVHVja205WHF4SzhvYmhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEmoWtdRGiQaRxHsfOjI
iqpZHUuHQZ629WqZIkQR823UjCjlgrWs/br98WOgLBmi4lAeVYrYt3i0AK8U5CQQ
02WcsP61aUC9bdPkiDS9G9y8czwFHwiPUqR27SVvIqaYkMrqsboynrRE5JIVg7Cn
Jj5O0hrGuFl4R460ZBoPusr55rvK6+VPJcB8iOkE3+NFEoHO4cHZYCrN8SdrBLpd
3TXxFO/LI2rzDA3ctEhgtrDbCxGLZJUx0xLhUsoMmI9s8/n3JohlbWLVLSRrV4dj
AJ1yYofaWQUmH+LqGhKhK5XotMlNL90/5sDPUd+tP4xlMPGC2tc825lvZ2qwFToP
wg4=
-----END CERTIFICATE-----