Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/bd_nl2pH9a5WnoGu3CNvRt3KjTY.roa
File:                     bd_nl2pH9a5WnoGu3CNvRt3KjTY.roa (raw, json)
Hash identifier:          2wBr/CoBFrHyHy5OE2UY98dpAnLB0U+g7yUMvBk3dxo=
Subject key identifier:   6D:DF:E7:97:6A:47:F5:AE:56:9E:81:AE:DC:23:6F:46:DD:CA:8D:36
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01898A66987A39AA95A1552734A246EF3D00
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/bd_nl2pH9a5WnoGu3CNvRt3KjTY.roa
Signing time:             Tue 25 Jul 2023 00:15:26 +0000
ROA not before:           Tue 25 Jul 2023 00:15:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:8a:66:98:7a:39:aa:95:a1:55:27:34:a2:46:ef:3d:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 25 00:15:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6ddfe7976a47f5ae569e81aedc236f46ddca8d36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:21:fb:e4:e7:33:66:8c:34:55:8d:91:ce:07:
                    f7:86:e9:f3:e6:17:1b:c5:48:b1:81:28:7a:15:de:
                    40:da:7d:f8:9e:0c:31:71:bf:33:a0:98:80:7e:0d:
                    09:c1:d3:b9:f8:55:23:48:6f:8f:8b:31:2d:86:92:
                    d0:2f:27:71:01:50:86:2a:fd:c5:84:0f:a1:24:9b:
                    dc:f1:cc:45:06:5f:5d:c3:7b:08:ac:4d:a2:f2:a9:
                    ce:21:4b:63:e5:45:f1:e6:c3:a7:5b:c1:ef:c2:05:
                    10:2d:41:ed:07:b7:51:57:56:0a:3c:12:fb:d2:f9:
                    db:a9:17:9c:e9:ec:07:de:55:7b:43:c4:d8:00:6d:
                    56:00:3e:fb:ef:2b:40:78:ab:80:09:ec:21:d1:54:
                    58:9e:9f:48:69:81:a2:2d:6a:95:a4:95:f6:20:da:
                    c1:2b:1f:8c:23:31:c9:ee:3a:2d:c2:81:45:4e:3b:
                    69:de:82:66:c4:92:83:99:32:87:0d:4a:7d:d8:9a:
                    e2:6d:e7:71:17:2c:ae:60:7b:10:93:2b:ab:af:9d:
                    42:be:63:05:f3:40:e5:7a:be:6e:32:b0:14:e5:c5:
                    98:5d:cb:c2:c1:c0:08:84:4c:24:93:1c:11:ff:27:
                    13:33:6c:fa:98:53:85:ba:5c:91:8f:05:fe:05:17:
                    cf:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:DF:E7:97:6A:47:F5:AE:56:9E:81:AE:DC:23:6F:46:DD:CA:8D:36
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/bd_nl2pH9a5WnoGu3CNvRt3KjTY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:e9:59:0f:55:de:6a:83:3d:c2:9a:6d:ed:52:f7:81:a0:03:
         a1:ef:78:f9:03:c6:f2:6e:a8:cc:f6:2f:32:8f:5c:bc:29:59:
         58:04:d9:8e:61:a3:13:ef:2a:be:4d:0a:11:6d:dc:82:88:ca:
         1e:19:82:bb:d5:59:f2:d4:a8:76:c7:1e:76:48:08:7b:0c:56:
         d2:f3:c9:3c:f4:ca:5a:c0:71:2a:6c:6c:de:7b:90:49:f5:e1:
         5b:9d:4a:db:14:b1:58:72:86:ea:46:49:64:92:9a:86:a3:e2:
         ca:ad:1c:75:85:03:f1:8a:c1:5d:5f:52:29:21:64:e4:73:d9:
         a9:6c:b9:33:f8:aa:c4:e2:4d:da:08:99:aa:8a:b7:bd:cc:9c:
         f2:61:72:42:fa:4e:f9:c9:f4:46:33:50:42:b1:60:ff:40:07:
         04:b2:fd:3a:44:d4:b7:e4:91:51:74:bd:2a:ac:39:0b:4a:12:
         16:04:2f:a4:73:8a:42:d8:81:c7:b3:ff:49:b3:4d:ff:1b:6d:
         92:06:36:90:72:65:c7:fb:ea:0d:53:b3:8e:9f:2d:14:92:b4:
         9b:9e:43:ba:e1:33:f3:09:ce:fb:7a:31:b1:0e:db:92:1f:0e:
         86:ef:13:e2:54:e0:62:ba:03:9a:e1:ff:eb:1b:55:98:c0:ed:
         01:03:ac:fa
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYmKZph6OaqVoVUnNKJG7z0AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzI1MDAxNTI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGRmZTc5NzZhNDdmNWFlNTY5ZTgxYWVkYzIzNmY0NmRkY2E4ZDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlyH75OczZow0VY2Rzgf3hunz5hcb
xUixgSh6Fd5A2n34ngwxcb8zoJiAfg0JwdO5+FUjSG+PizEthpLQLydxAVCGKv3F
hA+hJJvc8cxFBl9dw3sIrE2i8qnOIUtj5UXx5sOnW8HvwgUQLUHtB7dRV1YKPBL7
0vnbqRec6ewH3lV7Q8TYAG1WAD777ytAeKuACewh0VRYnp9IaYGiLWqVpJX2INrB
Kx+MIzHJ7jotwoFFTjtp3oJmxJKDmTKHDUp92JribedxFyyuYHsQkyurr51CvmMF
80Dler5uMrAU5cWYXcvCwcAIhEwkkxwR/ycTM2z6mFOFulyRjwX+BRfP7QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFG3f55dqR/WuVp6Brtwjb0bdyo02MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvYmRfbmwycEg5YTVXbm9HdTNDTnZSdDNLalRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACLpWQ9V3mqDPcKabe1S
94GgA6HvePkDxvJuqMz2LzKPXLwpWVgE2Y5hoxPvKr5NChFt3IKIyh4ZgrvVWfLU
qHbHHnZICHsMVtLzyTz0ylrAcSpsbN57kEn14VudStsUsVhyhupGSWSSmoaj4sqt
HHWFA/GKwV1fUikhZORz2alsuTP4qsTiTdoImaqKt73MnPJhckL6TvnJ9EYzUEKx
YP9ABwSy/TpE1LfkkVF0vSqsOQtKEhYEL6RzikLYgcez/0mzTf8bbZIGNpByZcf7
6g1Ts46fLRSStJueQ7rhM/MJzvt6MbEO25IfDobvE+JU4GK6A5rh/+sbVZjA7QED
rPo=
-----END CERTIFICATE-----