Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cjiFTojWzC2zmkCJ0LzS9pARlGs.roa
File:                     cjiFTojWzC2zmkCJ0LzS9pARlGs.roa (raw, json)
Hash identifier:          ozb8VLATuolUAfS4ZBQiU5XLUqPWAcCsArOuPtuVXYs=
Subject key identifier:   72:38:85:4E:88:D6:CC:2D:B3:9A:40:89:D0:BC:D2:F6:90:11:94:6B
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018810B4926B1806AA9E8BE1FACFC4E1A41E
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cjiFTojWzC2zmkCJ0LzS9pARlGs.roa
Signing time:             Fri 12 May 2023 16:04:09 +0000
ROA not before:           Fri 12 May 2023 16:04:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:10b4:701f/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:10:b4:92:6b:18:06:aa:9e:8b:e1:fa:cf:c4:e1:a4:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 12 16:04:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7238854e88d6cc2db39a4089d0bcd2f69011946b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:e8:c7:34:54:da:c1:5d:13:3e:4d:0d:b0:a4:
                    60:7f:68:ff:33:ee:7e:25:16:4f:38:89:e3:f6:33:
                    b7:f1:e1:90:3d:89:74:ac:fa:f0:5c:c0:90:94:96:
                    c8:69:f6:ff:33:84:a5:ae:4d:dd:b4:a3:61:82:3f:
                    e6:d9:5e:e2:4e:21:72:46:48:5f:6e:77:f7:3f:cc:
                    0a:bb:51:eb:3e:1f:92:04:4f:ae:9f:dd:5c:c9:46:
                    63:01:d9:b7:a4:14:b6:58:0a:bf:a8:f8:d7:39:de:
                    62:0d:97:43:8b:2a:15:3e:c0:b4:d5:da:f0:32:b5:
                    87:f7:ce:5f:e0:39:5b:a3:e1:fd:27:a4:92:ae:0b:
                    a5:6a:4b:06:37:ca:d7:92:94:a4:6e:bf:f5:b0:b2:
                    03:6d:7d:0e:ed:aa:67:06:d5:a2:27:09:e2:c4:c6:
                    25:be:1b:4e:14:72:95:f3:5f:95:9c:b0:ad:11:8a:
                    fc:9d:c3:ea:ac:2c:a6:4d:21:57:ef:ed:65:85:90:
                    50:85:e6:6e:5e:ba:02:1e:a3:f1:9d:1f:70:88:be:
                    ef:a1:fb:19:31:02:3a:98:b1:46:a3:19:98:06:0d:
                    80:5e:e8:e4:c2:a1:40:2c:55:4e:9a:db:35:77:ad:
                    69:7e:bf:5b:b3:10:39:22:90:88:c6:44:f9:d6:e2:
                    58:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:38:85:4E:88:D6:CC:2D:B3:9A:40:89:D0:BC:D2:F6:90:11:94:6B
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cjiFTojWzC2zmkCJ0LzS9pARlGs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         9d:1e:ba:7f:ef:30:1e:f5:a2:f5:a0:2a:53:9a:b3:c4:21:9f:
         ac:94:8b:b1:6d:10:5c:eb:83:63:27:99:d8:d4:df:2e:aa:15:
         f9:7e:b7:fb:72:ea:f0:24:d5:a7:d3:c5:ae:81:c9:48:20:1c:
         27:d6:74:90:10:f8:0b:0e:1c:84:bd:97:28:49:52:4d:84:86:
         b3:0e:4d:97:1d:83:e7:0b:41:ce:66:66:85:a4:5e:ef:35:d1:
         c5:1f:9d:51:19:bb:6d:ef:89:24:d1:5c:89:5a:84:10:df:78:
         e7:5d:9d:dc:93:9b:69:ef:8e:46:e8:1f:1c:a3:44:dd:17:e2:
         02:f5:ca:97:b4:d9:20:f2:7a:f9:2c:0b:37:37:8a:90:9e:9d:
         63:ae:7b:a2:3f:8e:96:40:48:aa:97:b8:94:00:48:a8:5e:96:
         ca:31:ce:95:4c:a8:8b:7c:3c:cb:01:ca:b5:ff:41:57:92:fa:
         9e:57:ab:67:49:8f:ab:3b:e6:4b:77:09:51:a3:09:2a:8e:7b:
         2b:a1:c7:f9:47:97:ab:4b:67:9f:c5:c9:87:90:be:eb:1c:84:
         0e:c3:ab:7e:c8:86:5c:26:ae:b5:6e:d4:fe:37:ee:4b:5a:b4:
         e9:31:f8:24:26:fb:2c:e3:52:7c:21:03:6a:eb:45:55:af:ec:
         1e:28:d1:0e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgQtJJrGAaqnovh+s/E4aQeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTEyMTYwNDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjM4ODU0ZTg4ZDZjYzJkYjM5YTQwODlkMGJjZDJmNjkwMTE5NDZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgujHNFTawV0TPk0NsKRgf2j/M+5+
JRZPOInj9jO38eGQPYl0rPrwXMCQlJbIafb/M4Slrk3dtKNhgj/m2V7iTiFyRkhf
bnf3P8wKu1HrPh+SBE+un91cyUZjAdm3pBS2WAq/qPjXOd5iDZdDiyoVPsC01drw
MrWH985f4Dlbo+H9J6SSrgulaksGN8rXkpSkbr/1sLIDbX0O7apnBtWiJwnixMYl
vhtOFHKV81+VnLCtEYr8ncPqrCymTSFX7+1lhZBQheZuXroCHqPxnR9wiL7vofsZ
MQI6mLFGoxmYBg2AXujkwqFALFVOmts1d61pfr9bsxA5IpCIxkT51uJYPwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHI4hU6I1swts5pAidC80vaQEZRrMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvY2ppRlRvald6QzJ6bWtDSjBMelM5cEFSbEdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJ0eun/vMB71ovWgKlOa
s8Qhn6yUi7FtEFzrg2MnmdjU3y6qFfl+t/ty6vAk1afTxa6ByUggHCfWdJAQ+AsO
HIS9lyhJUk2EhrMOTZcdg+cLQc5mZoWkXu810cUfnVEZu23viSTRXIlahBDfeOdd
ndyTm2nvjkboHxyjRN0X4gL1ype02SDyevksCzc3ipCenWOue6I/jpZASKqXuJQA
SKhelsoxzpVMqIt8PMsByrX/QVeS+p5Xq2dJj6s75kt3CVGjCSqOeyuhx/lHl6tL
Z5/FyYeQvuschA7Dq37IhlwmrrVu1P437ktatOkx+CQm+yzjUnwhA2rrRVWv7B4o
0Q4=
-----END CERTIFICATE-----