Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/drBi8iHFbRMSHXN-qrrB4rA2Fw4.roa
File:                     drBi8iHFbRMSHXN-qrrB4rA2Fw4.roa (raw, json)
Hash identifier:          U+dlVFQOYMuMd9DJWpghfYCVGsZ6qCvsex6PqHnqS7Y=
Subject key identifier:   76:B0:62:F2:21:C5:6D:13:12:1D:73:7E:AA:BA:C1:E2:B0:36:17:0E
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018976DD11B610577B6AEF6BB078D11C57C7
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/drBi8iHFbRMSHXN-qrrB4rA2Fw4.roa
Signing time:             Fri 21 Jul 2023 05:12:26 +0000
ROA not before:           Fri 21 Jul 2023 05:12:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:76:dd:11:b6:10:57:7b:6a:ef:6b:b0:78:d1:1c:57:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 21 05:12:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=76b062f221c56d13121d737eaabac1e2b036170e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:84:87:71:a5:12:9e:50:f1:a9:db:83:4e:6e:
                    d2:35:26:07:cb:09:ee:73:8c:dc:cc:1c:9b:6e:9d:
                    f1:2f:62:c6:26:36:59:26:f5:75:fe:c3:38:89:da:
                    a4:83:15:b8:fe:a0:d2:ec:d0:41:e6:c4:63:e2:87:
                    2c:c6:b1:bd:67:7d:b8:36:72:d9:bb:7c:b5:64:1a:
                    49:c3:e4:90:89:cf:ce:20:8a:8b:47:8b:e7:20:30:
                    39:df:84:c2:ae:a9:7f:6f:4f:68:c2:cc:bc:7e:8b:
                    bc:27:aa:6b:c4:64:18:6d:03:e2:d7:b3:75:e3:e7:
                    6e:de:8b:50:3b:c0:c8:90:5e:e5:bd:d7:ee:f5:ad:
                    3d:49:bb:1b:20:fa:04:7f:f8:40:e0:3f:55:f7:6d:
                    1f:3c:1f:e8:b3:a9:7d:ac:de:c5:66:5e:f1:05:4e:
                    2a:6a:c7:0e:db:ff:1f:da:c8:5c:55:5e:be:15:1a:
                    db:d2:0d:12:fa:dc:55:c1:77:8c:86:ac:97:c4:fc:
                    65:c7:b1:61:9a:6e:45:29:6a:4b:a9:e4:c4:49:fe:
                    62:65:18:9c:af:b2:fc:31:14:0d:23:8b:da:da:84:
                    f9:ec:6d:a4:1e:af:1b:7e:a1:06:5c:4d:f2:ad:9a:
                    f5:85:97:57:7f:26:92:d7:19:de:d0:7c:be:a0:a4:
                    8e:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:B0:62:F2:21:C5:6D:13:12:1D:73:7E:AA:BA:C1:E2:B0:36:17:0E
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/drBi8iHFbRMSHXN-qrrB4rA2Fw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         13:40:e7:fc:30:5d:63:fd:c5:99:02:2e:cd:5f:38:1a:e5:33:
         c6:5f:86:2b:ce:18:8b:e3:0d:32:3d:e6:92:43:50:6a:58:04:
         fa:75:1c:70:d7:24:62:5d:95:41:ff:02:01:53:aa:2d:bf:40:
         39:be:b8:93:35:f0:74:9e:ee:4a:56:ef:e7:85:3f:d1:5f:9e:
         32:88:54:b9:78:38:c5:48:8f:3c:aa:56:b5:89:c2:2e:2f:44:
         23:76:1d:0f:1f:76:76:9c:3c:50:67:94:ba:fb:73:a4:d4:11:
         a1:49:01:08:1b:0e:84:a5:db:04:99:cf:a9:bf:65:49:ae:ef:
         f8:83:28:e5:1b:cb:7b:e0:c6:dc:bf:2b:8b:0a:4d:82:c5:44:
         38:ae:39:9b:b6:f6:a7:81:32:49:14:5b:3e:4d:f2:4e:67:03:
         90:71:e6:35:0e:a0:3d:9c:8c:9b:c2:fb:3b:cf:9c:a9:a3:de:
         9b:bb:09:48:15:3b:03:31:29:ee:2e:d8:9e:13:c3:37:1a:a1:
         79:e2:19:b9:bb:a9:0d:04:9b:e0:2c:fe:92:22:6d:5e:e7:f6:
         f4:17:f4:95:23:3a:4a:b2:4a:cd:92:0d:f5:b7:0b:bb:85:78:
         3f:82:4b:b3:81:35:c7:a6:c0:09:8a:6d:e6:8b:35:26:9c:fc:
         c7:16:da:11
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYl23RG2EFd7au9rsHjRHFfHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzIxMDUxMjI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmIwNjJmMjIxYzU2ZDEzMTIxZDczN2VhYWJhYzFlMmIwMzYxNzBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYSHcaUSnlDxqduDTm7SNSYHywnu
c4zczBybbp3xL2LGJjZZJvV1/sM4idqkgxW4/qDS7NBB5sRj4ocsxrG9Z324NnLZ
u3y1ZBpJw+SQic/OIIqLR4vnIDA534TCrql/b09owsy8fou8J6prxGQYbQPi17N1
4+du3otQO8DIkF7lvdfu9a09SbsbIPoEf/hA4D9V920fPB/os6l9rN7FZl7xBU4q
ascO2/8f2shcVV6+FRrb0g0S+txVwXeMhqyXxPxlx7Fhmm5FKWpLqeTESf5iZRic
r7L8MRQNI4va2oT57G2kHq8bfqEGXE3yrZr1hZdXfyaS1xne0Hy+oKSO6wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHawYvIhxW0TEh1zfqq6weKwNhcOMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvZHJCaThpSEZiUk1TSFhOLXFyckI0ckEyRnc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABNA5/wwXWP9xZkCLs1f
OBrlM8ZfhivOGIvjDTI95pJDUGpYBPp1HHDXJGJdlUH/AgFTqi2/QDm+uJM18HSe
7kpW7+eFP9FfnjKIVLl4OMVIjzyqVrWJwi4vRCN2HQ8fdnacPFBnlLr7c6TUEaFJ
AQgbDoSl2wSZz6m/ZUmu7/iDKOUby3vgxty/K4sKTYLFRDiuOZu29qeBMkkUWz5N
8k5nA5Bx5jUOoD2cjJvC+zvPnKmj3pu7CUgVOwMxKe4u2J4TwzcaoXniGbm7qQ0E
m+As/pIibV7n9vQX9JUjOkqySs2SDfW3C7uFeD+CS7OBNcemwAmKbeaLNSac/McW
2hE=
-----END CERTIFICATE-----