Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/crKF9S-EaCLu6Qp-KLBE4D61yJ0.roa
File:                     crKF9S-EaCLu6Qp-KLBE4D61yJ0.roa (raw, json)
Hash identifier:          bxHpGgL/Bleq2Z3hHrASvaiY2tPdpMrtmuMseOMKBFY=
Subject key identifier:   72:B2:85:F5:2F:84:68:22:EE:E9:0A:7E:28:B0:44:E0:3E:B5:C8:9D
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01885D1878B7016898F3C264089474EDD6D4
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/crKF9S-EaCLu6Qp-KLBE4D61yJ0.roa
Signing time:             Sat 27 May 2023 12:04:24 +0000
ROA not before:           Sat 27 May 2023 12:04:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5d18:52e8/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:5d:18:78:b7:01:68:98:f3:c2:64:08:94:74:ed:d6:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 27 12:04:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=72b285f52f846822eee90a7e28b044e03eb5c89d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:00:09:83:0b:e4:32:aa:8f:90:96:73:9b:d5:
                    a8:60:2b:5b:c8:7f:0b:1f:67:d0:f1:70:bd:8a:f0:
                    97:d9:a4:e1:cb:b5:1d:cd:30:35:23:94:ea:ed:f5:
                    b3:8b:74:ac:e2:ea:76:06:0e:3e:3a:64:80:f6:0d:
                    8a:1e:96:5e:8f:2e:3b:8b:ee:43:94:e8:e5:7f:29:
                    72:6a:16:9e:1d:b9:c3:e3:d5:0f:a0:be:5c:8b:55:
                    ef:52:92:5f:be:4a:f5:00:ab:c1:cc:56:67:16:3b:
                    bd:a1:a0:a2:fe:06:77:89:f7:cf:66:c7:51:f7:97:
                    e0:33:0f:a1:03:09:c3:48:86:36:3b:a1:e1:05:71:
                    95:97:18:05:c5:6f:81:c9:0c:c0:a9:19:fa:e0:72:
                    a3:4a:44:7b:0b:2b:fd:25:b4:1e:ef:c2:1e:98:87:
                    47:95:ce:70:5c:46:82:d1:11:8b:fb:76:7b:02:56:
                    27:47:61:bb:1e:d8:eb:52:b4:55:14:d2:b8:a7:2a:
                    2a:c1:7e:91:a0:cd:a1:e6:ad:33:f3:15:32:e6:84:
                    38:ea:82:bb:56:5d:52:0d:f4:26:22:61:da:ec:4f:
                    5e:63:ca:16:33:8e:07:6c:9e:e0:a1:5a:b4:51:65:
                    42:be:8f:c8:0a:5b:de:41:11:d7:38:5a:87:92:d0:
                    f3:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:B2:85:F5:2F:84:68:22:EE:E9:0A:7E:28:B0:44:E0:3E:B5:C8:9D
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/crKF9S-EaCLu6Qp-KLBE4D61yJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:25:21:d6:b8:3a:94:04:ec:68:1d:46:91:3c:cb:f5:b9:fe:
         1b:43:c2:e1:53:6b:8d:80:2a:09:4c:11:c9:26:2c:75:1d:c0:
         bf:95:a6:b1:ae:b0:a5:88:0e:bc:74:62:07:1c:01:0c:93:30:
         ae:02:1b:97:6c:8a:c8:36:3a:6a:36:57:1b:f3:27:7d:fb:3c:
         72:ea:1b:d4:d7:16:4d:eb:79:41:02:f2:66:cd:65:0e:6c:1e:
         5f:f5:96:c1:0a:f2:26:b5:79:d7:57:3f:74:57:87:f4:13:72:
         f3:2b:2e:9d:eb:14:54:8a:a8:2e:c8:11:9c:e4:2b:0b:75:24:
         f4:2a:de:41:cb:41:52:af:43:39:c9:07:37:e1:13:b8:3d:7f:
         81:a6:58:7a:09:74:61:7c:4e:ab:01:3e:69:9c:32:f9:ab:31:
         bb:e8:ad:49:54:8f:67:1a:96:de:a6:06:72:60:d0:d5:17:e8:
         df:de:4e:14:4b:03:94:83:93:c8:5c:08:59:61:23:b4:6f:13:
         79:54:34:8d:7e:d3:1e:cd:ed:1c:f1:42:49:30:c8:ab:5d:ca:
         90:6d:38:56:1c:f8:58:b5:5b:e3:6d:a9:d5:06:80:6c:a7:8f:
         4e:6e:36:d6:29:0f:a8:3c:0c:80:19:73:58:f8:de:b2:c7:a0:
         bc:75:1b:02
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhdGHi3AWiY88JkCJR07dbUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTI3MTIwNDI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmIyODVmNTJmODQ2ODIyZWVlOTBhN2UyOGIwNDRlMDNlYjVjODlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwAJgwvkMqqPkJZzm9WoYCtbyH8L
H2fQ8XC9ivCX2aThy7UdzTA1I5Tq7fWzi3Ss4up2Bg4+OmSA9g2KHpZejy47i+5D
lOjlfylyahaeHbnD49UPoL5ci1XvUpJfvkr1AKvBzFZnFju9oaCi/gZ3iffPZsdR
95fgMw+hAwnDSIY2O6HhBXGVlxgFxW+ByQzAqRn64HKjSkR7Cyv9JbQe78IemIdH
lc5wXEaC0RGL+3Z7AlYnR2G7HtjrUrRVFNK4pyoqwX6RoM2h5q0z8xUy5oQ46oK7
Vl1SDfQmImHa7E9eY8oWM44HbJ7goVq0UWVCvo/IClveQRHXOFqHktDzBQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHKyhfUvhGgi7ukKfiiwROA+tcidMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvY3JLRjlTLUVhQ0x1NlFwLUtMQkU0RDYxeUowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFIlIda4OpQE7GgdRpE8
y/W5/htDwuFTa42AKglMEckmLHUdwL+VprGusKWIDrx0YgccAQyTMK4CG5dsisg2
Omo2VxvzJ337PHLqG9TXFk3reUEC8mbNZQ5sHl/1lsEK8ia1eddXP3RXh/QTcvMr
Lp3rFFSKqC7IEZzkKwt1JPQq3kHLQVKvQznJBzfhE7g9f4GmWHoJdGF8TqsBPmmc
MvmrMbvorUlUj2calt6mBnJg0NUX6N/eThRLA5SDk8hcCFlhI7RvE3lUNI1+0x7N
7RzxQkkwyKtdypBtOFYc+Fi1W+NtqdUGgGynj05uNtYpD6g8DIAZc1j43rLHoLx1
GwI=
-----END CERTIFICATE-----