Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/gGcgkPqoniRllWmF0EfWK2djAOo.roa
File:                     gGcgkPqoniRllWmF0EfWK2djAOo.roa (raw, json)
Hash identifier:          zK6pRL/qEXgb8XfHh28k1yDIrrow8ggQdHgrYT12Q7s=
Subject key identifier:   80:67:20:90:FA:A8:9E:24:65:95:69:85:D0:47:D6:2B:67:63:00:EA
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01888F53199CAA51A66AA2F107305A7EBAAE
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/gGcgkPqoniRllWmF0EfWK2djAOo.roa
Signing time:             Tue 06 Jun 2023 06:09:27 +0000
ROA not before:           Tue 06 Jun 2023 06:09:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:8f:53:19:9c:aa:51:a6:6a:a2:f1:07:30:5a:7e:ba:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  6 06:09:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=80672090faa89e2465956985d047d62b676300ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:b3:e1:31:a6:f5:ff:ca:95:cc:f6:62:3b:c2:
                    9c:05:cf:ee:a3:93:9c:40:86:85:73:a7:c8:e3:f2:
                    b6:33:e3:e8:f2:62:df:b1:69:a8:2f:71:74:7f:f5:
                    02:be:45:22:f7:2f:aa:05:0f:76:18:e6:00:69:9e:
                    bc:03:c3:3e:f7:4e:76:fa:26:4f:c7:2a:81:78:c1:
                    eb:fe:e5:c4:94:28:ca:09:00:3a:8d:9c:b1:c0:a2:
                    4d:d3:af:e4:0d:2b:30:7b:14:ca:c8:36:ce:ba:a3:
                    c6:7c:74:ba:1c:be:0f:b6:67:1b:02:5c:2e:13:32:
                    9f:ed:ab:7e:25:2b:3c:cf:ef:aa:6e:19:00:91:66:
                    c1:df:7a:29:fd:b8:24:2e:19:a0:77:ba:4c:e0:bf:
                    78:57:8a:2a:61:f4:3c:63:45:1d:27:5c:6f:05:25:
                    5f:91:93:8a:28:ca:82:06:44:5a:07:8a:13:b2:6c:
                    2e:0e:06:2f:63:9d:50:db:3a:97:e0:59:df:d0:90:
                    b0:6a:82:eb:01:de:80:0d:53:2d:6e:8b:35:bb:21:
                    c8:b9:6f:e9:35:14:9e:9d:51:89:1b:68:f6:19:fd:
                    08:14:6e:0b:e8:3d:dd:e0:8f:74:38:e5:7a:cc:0e:
                    a0:6b:f3:81:6a:bd:fc:a3:4b:94:20:1b:28:e7:0b:
                    45:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:67:20:90:FA:A8:9E:24:65:95:69:85:D0:47:D6:2B:67:63:00:EA
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/gGcgkPqoniRllWmF0EfWK2djAOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:22:b2:f4:32:ea:1c:59:03:0d:74:f0:21:67:c0:e5:fa:dd:
         28:f0:a9:b8:be:42:9a:1a:65:26:89:af:10:ea:27:c3:5c:63:
         ea:f2:a3:42:a9:4e:4d:f2:d0:b4:cb:16:77:9d:f8:6d:55:f3:
         f7:1a:47:80:c6:77:2c:8b:50:25:3c:77:bc:08:4c:5e:0c:52:
         90:09:41:f6:52:a7:b6:c9:fb:03:c9:7f:f7:90:73:4c:65:35:
         c9:04:60:18:21:ee:cc:b7:42:fc:34:83:ac:fc:6a:ef:67:9a:
         c6:ad:e5:be:ae:3e:7e:a8:7b:60:63:64:d9:ad:96:98:8c:e4:
         f9:f1:9a:78:97:dd:82:74:5b:7c:74:cb:05:d0:e8:1b:06:3f:
         cf:28:9c:9d:c7:16:92:4b:87:45:9f:93:c3:9e:ed:68:19:52:
         fe:47:60:85:98:fd:d8:5e:e2:96:c8:ae:18:b3:8c:76:75:f1:
         94:f7:7a:3d:9a:00:1c:5b:42:7b:e3:79:9b:cb:02:86:02:a9:
         00:be:ea:c9:32:9c:92:ef:54:f2:93:21:c1:2c:5c:6b:ea:9e:
         6d:22:17:d2:c4:18:79:8c:6a:b6:fe:d7:d4:17:fc:e5:e5:dd:
         2e:2e:f5:0b:25:3c:54:2c:f9:a7:ce:98:46:4d:83:ea:4c:52:
         69:1f:99:44
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiPUxmcqlGmaqLxBzBafrquMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA2MDYwOTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDY3MjA5MGZhYTg5ZTI0NjU5NTY5ODVkMDQ3ZDYyYjY3NjMwMGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsrPhMab1/8qVzPZiO8KcBc/uo5Oc
QIaFc6fI4/K2M+Po8mLfsWmoL3F0f/UCvkUi9y+qBQ92GOYAaZ68A8M+9052+iZP
xyqBeMHr/uXElCjKCQA6jZyxwKJN06/kDSswexTKyDbOuqPGfHS6HL4PtmcbAlwu
EzKf7at+JSs8z++qbhkAkWbB33op/bgkLhmgd7pM4L94V4oqYfQ8Y0UdJ1xvBSVf
kZOKKMqCBkRaB4oTsmwuDgYvY51Q2zqX4Fnf0JCwaoLrAd6ADVMtbos1uyHIuW/p
NRSenVGJG2j2Gf0IFG4L6D3d4I90OOV6zA6ga/OBar38o0uUIBso5wtFKwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIBnIJD6qJ4kZZVphdBH1itnYwDqMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvZ0djZ2tQcW9uaVJsbFdtRjBFZldLMmRqQU9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAI4isvQy6hxZAw108CFn
wOX63Sjwqbi+QpoaZSaJrxDqJ8NcY+ryo0KpTk3y0LTLFned+G1V8/caR4DGdyyL
UCU8d7wITF4MUpAJQfZSp7bJ+wPJf/eQc0xlNckEYBgh7sy3Qvw0g6z8au9nmsat
5b6uPn6oe2BjZNmtlpiM5PnxmniX3YJ0W3x0ywXQ6BsGP88onJ3HFpJLh0Wfk8Oe
7WgZUv5HYIWY/dhe4pbIrhizjHZ18ZT3ej2aABxbQnvjeZvLAoYCqQC+6skynJLv
VPKTIcEsXGvqnm0iF9LEGHmMarb+19QX/OXl3S4u9QslPFQs+afOmEZNg+pMUmkf
mUQ=
-----END CERTIFICATE-----