Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/d8purcAOwZ0D_HqaqgZoFDpV_aU.roa
File:                     d8purcAOwZ0D_HqaqgZoFDpV_aU.roa (raw, json)
Hash identifier:          YJEZWFLWGzWEHlrCv/eo/OjFmygY1l8AEB+N7dzsj6w=
Subject key identifier:   77:CA:6E:AD:C0:0E:C1:9D:03:FC:7A:9A:AA:06:68:14:3A:55:FD:A5
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188619E9E330E08A049EA2263F60BA59B10
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/d8purcAOwZ0D_HqaqgZoFDpV_aU.roa
Signing time:             Sun 28 May 2023 09:09:25 +0000
ROA not before:           Sun 28 May 2023 09:09:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:61:9e:9e:33:0e:08:a0:49:ea:22:63:f6:0b:a5:9b:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 28 09:09:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=77ca6eadc00ec19d03fc7a9aaa0668143a55fda5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:ab:86:3b:9d:11:2f:70:8d:68:e7:5d:b7:04:
                    e6:ce:f5:bb:f1:08:a6:7e:bc:52:ad:5d:89:21:fb:
                    b5:56:ae:38:d2:1e:19:95:95:81:02:8f:c5:ec:db:
                    24:dd:ea:08:b3:52:cb:ba:97:64:21:91:d3:99:23:
                    61:89:34:c7:ad:f3:dd:6a:d4:31:bb:d0:a1:31:83:
                    34:27:f3:ec:e6:60:b4:08:3e:63:97:8f:93:23:47:
                    43:d6:4e:cc:dc:16:e4:86:3f:b5:ce:89:6a:ef:a9:
                    ea:08:34:9b:df:ea:22:cd:3c:3d:38:24:17:a5:80:
                    a8:d2:43:29:41:75:c0:3d:a5:0b:f2:d7:04:a1:ef:
                    e0:db:11:2d:c4:82:61:05:54:94:97:3b:57:a7:da:
                    9e:18:2f:f0:9e:73:99:13:70:cf:e4:d5:b4:dc:54:
                    7c:5a:91:5b:da:6b:b3:84:0a:b3:a2:2f:93:27:9b:
                    34:a8:46:f4:25:44:e1:af:d4:0e:45:14:3a:13:74:
                    cf:09:f9:d4:59:b5:4d:a6:b3:6f:82:dd:e5:40:11:
                    85:81:ce:fd:37:bb:e6:4c:64:70:4b:d5:15:22:9e:
                    3b:92:5f:8c:cf:91:ef:46:2b:ad:de:08:05:8f:df:
                    a3:12:a0:7e:09:0b:05:45:ff:a9:a4:7d:99:2e:08:
                    2e:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:CA:6E:AD:C0:0E:C1:9D:03:FC:7A:9A:AA:06:68:14:3A:55:FD:A5
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/d8purcAOwZ0D_HqaqgZoFDpV_aU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:1e:13:7e:e3:78:3d:e7:a3:55:27:59:05:5b:0c:1d:19:8d:
         c1:ec:9e:49:e8:59:e4:01:40:10:85:01:8f:68:64:83:44:fc:
         16:bf:9f:f3:b6:bc:6d:c5:be:51:3b:d9:6a:5a:09:2b:21:01:
         17:a6:21:bf:c7:30:ef:af:16:77:93:f9:9f:c0:e6:93:af:ff:
         82:ac:8f:d2:b4:5a:78:35:8a:ee:74:18:7f:02:f3:95:9c:81:
         95:43:2a:87:7b:ae:b5:d8:3d:6e:c6:a5:13:9e:1b:f1:7f:5f:
         c9:26:5f:71:00:fc:20:a2:bd:02:80:0f:9c:ab:6a:0b:be:a1:
         1e:5d:50:d7:83:a4:0a:26:4e:e3:6b:45:0b:ac:e6:4e:62:83:
         79:97:33:7b:e1:b2:6a:36:2b:42:ec:e8:1a:e6:90:1a:75:d3:
         69:66:97:e5:f5:94:f3:35:0f:6f:fd:45:9c:3f:28:10:ef:8a:
         90:d1:5d:97:4f:0a:87:7b:c7:4c:c1:5d:01:97:ad:8d:2d:a3:
         7c:05:cf:49:61:47:22:f2:88:4d:c4:c0:25:a2:92:b1:00:79:
         a4:bb:f5:d6:a7:55:63:3a:e2:df:7e:d3:e8:40:b8:3c:09:96:
         41:50:9e:6b:d5:b7:98:a0:3b:57:c4:cd:86:1f:52:a4:e9:ae:
         e1:84:0d:41
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhhnp4zDgigSeoiY/YLpZsQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTI4MDkwOTI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2NhNmVhZGMwMGVjMTlkMDNmYzdhOWFhYTA2NjgxNDNhNTVmZGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1KuGO50RL3CNaOddtwTmzvW78Qim
frxSrV2JIfu1Vq440h4ZlZWBAo/F7Nsk3eoIs1LLupdkIZHTmSNhiTTHrfPdatQx
u9ChMYM0J/Ps5mC0CD5jl4+TI0dD1k7M3Bbkhj+1zolq76nqCDSb3+oizTw9OCQX
pYCo0kMpQXXAPaUL8tcEoe/g2xEtxIJhBVSUlztXp9qeGC/wnnOZE3DP5NW03FR8
WpFb2muzhAqzoi+TJ5s0qEb0JUThr9QORRQ6E3TPCfnUWbVNprNvgt3lQBGFgc79
N7vmTGRwS9UVIp47kl+Mz5HvRiut3ggFj9+jEqB+CQsFRf+ppH2ZLgguKQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHfKbq3ADsGdA/x6mqoGaBQ6Vf2lMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvZDhwdXJjQU93WjBEX0hxYXFnWm9GRHBWX2FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFIeE37jeD3no1UnWQVb
DB0ZjcHsnknoWeQBQBCFAY9oZINE/Ba/n/O2vG3FvlE72WpaCSshARemIb/HMO+v
FneT+Z/A5pOv/4Ksj9K0Wng1iu50GH8C85WcgZVDKod7rrXYPW7GpROeG/F/X8km
X3EA/CCivQKAD5yragu+oR5dUNeDpAomTuNrRQus5k5ig3mXM3vhsmo2K0Ls6Brm
kBp102lml+X1lPM1D2/9RZw/KBDvipDRXZdPCod7x0zBXQGXrY0to3wFz0lhRyLy
iE3EwCWikrEAeaS79danVWM64t9+0+hAuDwJlkFQnmvVt5igO1fEzYYfUqTpruGE
DUE=
-----END CERTIFICATE-----