Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/dAZq8QqnontZCXlza4neFYZRtrk.roa
File:                     dAZq8QqnontZCXlza4neFYZRtrk.roa (raw, json)
Hash identifier:          XpspaJDyFyCZBLITLjTQV1nrrPM5hF0ActLFuQLMWRo=
Subject key identifier:   74:06:6A:F1:0A:A7:A2:7B:59:09:79:73:6B:89:DE:15:86:51:B6:B9
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188B70553C485238FCC726BFA4FEC2DA886
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/dAZq8QqnontZCXlza4neFYZRtrk.roa
Signing time:             Tue 13 Jun 2023 23:09:19 +0000
ROA not before:           Tue 13 Jun 2023 23:09:19 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:b7:05:53:c4:85:23:8f:cc:72:6b:fa:4f:ec:2d:a8:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 13 23:09:19 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=74066af10aa7a27b590979736b89de158651b6b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:b3:19:be:5f:c2:fc:59:a0:e1:48:53:e3:f4:
                    48:96:75:6d:4a:f0:3c:97:13:28:ee:2a:f2:50:f1:
                    91:18:38:bc:ae:0e:5f:10:cb:57:2b:98:84:29:f8:
                    e2:e9:52:22:c6:bb:25:51:02:29:65:e4:ea:1d:2f:
                    78:e4:a8:37:92:c2:1e:1d:86:20:12:62:86:16:d5:
                    3f:6a:72:9c:eb:10:a9:66:e1:3c:9f:7b:90:dd:d9:
                    3c:9a:14:a2:4a:f0:8b:5e:b5:49:48:3b:1b:a5:d7:
                    bd:80:ab:9f:24:ca:62:2d:08:53:8b:bb:ea:a4:7b:
                    3f:b1:fe:04:84:91:62:b2:f9:f2:39:d8:b9:71:54:
                    4c:61:70:59:dc:39:a0:3e:1a:6f:bb:03:8f:bb:d8:
                    28:c9:eb:5b:27:1d:c1:f1:85:e0:b3:2c:f2:21:6f:
                    ba:e3:7b:77:47:90:28:3c:c9:3b:cf:c9:a7:8f:e5:
                    85:f7:06:fe:df:22:70:bb:b0:41:7a:40:1a:83:a4:
                    c5:57:de:1b:36:7e:65:32:4f:a0:00:25:7d:0c:38:
                    79:ac:5d:80:51:c3:9c:5d:85:7b:a4:bc:33:ee:fb:
                    32:1f:04:4e:d8:3f:c7:83:16:47:32:a8:c8:fb:23:
                    6d:95:3d:77:f3:2c:56:27:21:d0:26:45:8d:67:73:
                    8c:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:06:6A:F1:0A:A7:A2:7B:59:09:79:73:6B:89:DE:15:86:51:B6:B9
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/dAZq8QqnontZCXlza4neFYZRtrk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:e1:3a:ab:5e:78:8a:06:19:41:27:d1:07:97:f6:58:8f:45:
         d0:14:13:27:10:ad:12:2c:09:ed:cd:b3:cf:93:08:82:82:df:
         0d:83:ab:96:f0:1f:9a:ab:b2:d1:54:28:33:b5:83:d9:11:08:
         2f:cb:3a:6e:37:be:5b:1a:d9:c6:d1:16:53:0b:87:7e:b0:42:
         03:29:f1:fa:72:e1:b7:c7:19:11:1c:3a:d9:36:40:90:99:83:
         1c:2a:f6:66:c6:eb:66:51:71:7a:7f:ea:2f:81:b4:8d:3e:4c:
         74:14:da:68:64:7f:c7:7a:42:d0:8b:52:56:50:da:b8:2d:17:
         24:48:0c:19:4f:97:b4:90:52:63:88:14:9c:3d:a3:67:c4:56:
         a6:9e:a3:4a:a8:83:42:41:1c:b8:99:ba:fe:a2:e6:2f:1d:7e:
         76:98:c7:8f:6c:ba:fc:f8:81:d7:32:b7:70:32:60:31:1f:12:
         c7:37:4d:9c:1a:45:1f:cd:c0:d4:2e:9d:59:37:34:61:78:b2:
         14:74:eb:8b:54:a2:06:0b:cf:63:59:c6:66:57:a8:af:13:eb:
         09:80:2a:a5:01:17:f2:14:1d:58:05:5a:18:46:9c:6b:d0:1e:
         e2:8e:77:1f:4e:27:16:1c:a9:d3:6b:e8:e0:7b:de:6b:54:39:
         ab:6b:e0:88
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYi3BVPEhSOPzHJr+k/sLaiGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjEzMjMwOTE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDA2NmFmMTBhYTdhMjdiNTkwOTc5NzM2Yjg5ZGUxNTg2NTFiNmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAprMZvl/C/Fmg4UhT4/RIlnVtSvA8
lxMo7iryUPGRGDi8rg5fEMtXK5iEKfji6VIixrslUQIpZeTqHS945Kg3ksIeHYYg
EmKGFtU/anKc6xCpZuE8n3uQ3dk8mhSiSvCLXrVJSDsbpde9gKufJMpiLQhTi7vq
pHs/sf4EhJFisvnyOdi5cVRMYXBZ3DmgPhpvuwOPu9goyetbJx3B8YXgsyzyIW+6
43t3R5AoPMk7z8mnj+WF9wb+3yJwu7BBekAag6TFV94bNn5lMk+gACV9DDh5rF2A
UcOcXYV7pLwz7vsyHwRO2D/HgxZHMqjI+yNtlT138yxWJyHQJkWNZ3OMlwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHQGavEKp6J7WQl5c2uJ3hWGUba5MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvZEFacThRcW5vbnRaQ1hsemE0bmVGWVpSdHJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAA/hOqteeIoGGUEn0QeX
9liPRdAUEycQrRIsCe3Ns8+TCIKC3w2Dq5bwH5qrstFUKDO1g9kRCC/LOm43vlsa
2cbRFlMLh36wQgMp8fpy4bfHGREcOtk2QJCZgxwq9mbG62ZRcXp/6i+BtI0+THQU
2mhkf8d6QtCLUlZQ2rgtFyRIDBlPl7SQUmOIFJw9o2fEVqaeo0qog0JBHLiZuv6i
5i8dfnaYx49suvz4gdcyt3AyYDEfEsc3TZwaRR/NwNQunVk3NGF4shR064tUogYL
z2NZxmZXqK8T6wmAKqUBF/IUHVgFWhhGnGvQHuKOdx9OJxYcqdNr6OB73mtUOatr
4Ig=
-----END CERTIFICATE-----