Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/gum0Kgz0v_FALyNMW9IPrPwBa2k.roa
File:                     gum0Kgz0v_FALyNMW9IPrPwBa2k.roa (raw, json)
Hash identifier:          /IrusE2/m0+rcnUpQ1r/vOeuYvPdNjQQ9t2rsWBGHMA=
Subject key identifier:   82:E9:B4:2A:0C:F4:BF:F1:40:2F:23:4C:5B:D2:0F:AC:FC:01:6B:69
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01896847057699369F52DFE0B26EBDEA5F3D
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/gum0Kgz0v_FALyNMW9IPrPwBa2k.roa
Signing time:             Tue 18 Jul 2023 09:13:52 +0000
ROA not before:           Tue 18 Jul 2023 09:13:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:68:47:05:76:99:36:9f:52:df:e0:b2:6e:bd:ea:5f:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 18 09:13:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=82e9b42a0cf4bff1402f234c5bd20facfc016b69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:91:02:1a:3a:bf:a6:a4:57:f7:02:c0:39:17:
                    cf:7d:39:e8:16:a5:85:9c:10:7f:03:c1:52:f9:c5:
                    dd:66:ce:69:32:a6:45:2a:b2:42:62:90:a2:a1:14:
                    f2:1a:b1:ae:a3:7c:67:37:95:a1:65:1f:9f:02:60:
                    08:ba:e6:58:88:8a:01:c9:15:18:af:26:37:9e:7e:
                    81:61:b3:bd:6b:52:d6:b4:35:02:2c:63:16:ce:21:
                    e7:7f:e2:80:a2:e1:38:ff:b8:97:17:9d:ec:be:ad:
                    43:9a:73:c6:10:39:5b:4b:ee:c5:4d:de:a1:16:39:
                    0b:e6:b8:f5:6e:94:96:8b:cf:c8:50:6d:34:61:c4:
                    b9:a8:c3:1c:bd:db:89:a8:bb:b2:ec:bb:08:f5:c7:
                    c1:6e:89:ab:8b:c0:79:97:65:09:93:b2:e6:bb:3b:
                    82:c6:8b:06:d2:6b:16:2a:a4:46:ba:1c:77:bb:cc:
                    cf:52:7f:36:e6:ee:68:6f:da:08:2a:b5:d0:07:8c:
                    ae:df:43:32:f7:71:40:c8:6e:8b:8c:a2:33:0d:05:
                    ff:af:63:72:e7:ca:c7:c5:6e:a9:b5:e7:4e:55:45:
                    58:b4:12:cb:d3:08:9c:12:fa:fe:13:85:4f:9e:f7:
                    27:f5:c8:f4:c1:34:ae:b8:0d:5f:e5:ba:36:96:8c:
                    8e:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:E9:B4:2A:0C:F4:BF:F1:40:2F:23:4C:5B:D2:0F:AC:FC:01:6B:69
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/gum0Kgz0v_FALyNMW9IPrPwBa2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         86:e3:01:1e:36:d9:d8:92:cf:7c:8e:03:a5:80:d1:ef:6c:9d:
         4c:67:1c:07:f6:53:38:e7:75:6b:a8:f8:9d:f7:59:35:7e:5a:
         31:fe:da:db:d5:11:f9:bd:7c:2c:1d:f3:c5:e5:ee:ab:18:ea:
         d1:29:71:9f:8b:93:d6:63:10:bb:0b:ae:3b:d6:c2:8b:64:b0:
         95:51:21:ea:14:23:72:30:27:9e:67:40:d5:40:cf:39:fb:cf:
         c9:df:cd:08:93:17:e4:37:9c:40:f9:22:5e:c6:10:cf:64:b4:
         99:29:56:18:d9:cd:9d:0e:ed:b0:c5:92:f4:17:30:7b:bf:80:
         26:05:09:a3:e9:cb:72:4f:cd:f6:1f:1f:07:40:32:9f:63:7f:
         a5:46:e0:03:ba:e3:4f:6a:de:c6:48:59:60:76:5d:38:7a:c8:
         9a:27:11:a1:e0:6b:85:bf:fa:42:62:fd:ae:05:f7:fa:9c:52:
         f5:2e:84:92:8d:46:68:fc:d9:c6:f6:dc:d0:1b:40:24:34:f5:
         79:ce:28:03:bd:f9:7a:b3:e9:c1:fa:82:ae:6e:7f:96:d1:f5:
         a2:e3:a9:94:5b:9a:25:38:93:2d:c6:b6:9c:d1:7e:71:28:fd:
         df:62:f6:37:83:7e:a6:5b:e6:59:49:b1:48:a7:e5:22:d2:ed:
         36:a6:da:b2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYloRwV2mTafUt/gsm696l89MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzE4MDkxMzUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmU5YjQyYTBjZjRiZmYxNDAyZjIzNGM1YmQyMGZhY2ZjMDE2YjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiJECGjq/pqRX9wLAORfPfTnoFqWF
nBB/A8FS+cXdZs5pMqZFKrJCYpCioRTyGrGuo3xnN5WhZR+fAmAIuuZYiIoByRUY
ryY3nn6BYbO9a1LWtDUCLGMWziHnf+KAouE4/7iXF53svq1DmnPGEDlbS+7FTd6h
FjkL5rj1bpSWi8/IUG00YcS5qMMcvduJqLuy7LsI9cfBbomri8B5l2UJk7LmuzuC
xosG0msWKqRGuhx3u8zPUn825u5ob9oIKrXQB4yu30My93FAyG6LjKIzDQX/r2Ny
58rHxW6ptedOVUVYtBLL0wicEvr+E4VPnvcn9cj0wTSuuA1f5bo2loyOAQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFILptCoM9L/xQC8jTFvSD6z8AWtpMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvZ3VtMEtnejB2X0ZBTHlOTVc5SVByUHdCYTJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIbjAR422diSz3yOA6WA
0e9snUxnHAf2UzjndWuo+J33WTV+WjH+2tvVEfm9fCwd88Xl7qsY6tEpcZ+Lk9Zj
ELsLrjvWwotksJVRIeoUI3IwJ55nQNVAzzn7z8nfzQiTF+Q3nED5Il7GEM9ktJkp
VhjZzZ0O7bDFkvQXMHu/gCYFCaPpy3JPzfYfHwdAMp9jf6VG4AO6409q3sZIWWB2
XTh6yJonEaHga4W/+kJi/a4F9/qcUvUuhJKNRmj82cb23NAbQCQ09XnOKAO9+Xqz
6cH6gq5uf5bR9aLjqZRbmiU4ky3GtpzRfnEo/d9i9jeDfqZb5llJsUin5SLS7Tam
2rI=
-----END CERTIFICATE-----