Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hDPmTaUAR8MbGiusUwuhDj1cJMc.roa
File:                     hDPmTaUAR8MbGiusUwuhDj1cJMc.roa (raw, json)
Hash identifier:          AqpSMguPF6UnNg9Bo8ME70Lby3poPpV3kDBY2wCiUc4=
Subject key identifier:   84:33:E6:4D:A5:00:47:C3:1B:1A:2B:AC:53:0B:A1:0E:3D:5C:24:C7
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01889F4D7007848A1B8CEADDBEC529A3F191
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hDPmTaUAR8MbGiusUwuhDj1cJMc.roa
Signing time:             Fri 09 Jun 2023 08:37:12 +0000
ROA not before:           Fri 09 Jun 2023 08:37:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:9f:4d:70:07:84:8a:1b:8c:ea:dd:be:c5:29:a3:f1:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  9 08:37:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8433e64da50047c31b1a2bac530ba10e3d5c24c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:6f:7c:05:7d:da:9b:20:c1:32:52:3d:87:80:
                    55:2c:f7:3f:0b:f4:59:eb:f0:35:a3:55:ed:77:9a:
                    d3:ca:31:0c:f0:07:f5:85:c7:22:04:b5:a2:d3:e9:
                    e6:54:4f:fa:89:fd:93:60:59:e4:75:2b:6d:4c:2b:
                    5f:3e:64:f4:4b:9a:e3:a8:ef:fe:e6:52:fb:b3:7a:
                    26:56:41:85:8e:8d:b9:c9:05:77:33:9a:b8:ac:20:
                    73:64:2d:8f:7a:22:54:cc:c2:56:60:94:26:ae:3d:
                    7e:1f:44:96:11:69:70:55:25:4d:52:7e:bd:1b:03:
                    68:69:4d:b9:f8:b8:fd:70:e9:cf:0f:58:31:23:c1:
                    70:e8:16:d8:1e:57:47:bf:0d:43:75:2c:79:e7:ff:
                    eb:8e:49:5f:0a:4a:93:d7:ae:fa:ec:b6:db:9f:15:
                    93:dd:ca:73:c9:ab:d8:a5:f4:8e:bf:7f:7d:59:6d:
                    44:4e:8c:ca:37:ce:c5:bf:87:45:3c:3d:65:45:a8:
                    e2:7c:f3:51:47:f9:34:86:a6:20:5e:1c:70:f4:23:
                    f8:89:41:5f:e6:bc:63:4e:73:a7:f7:24:d5:58:0a:
                    21:df:8c:90:e9:47:3c:f8:d3:64:04:ea:b9:78:8d:
                    6e:d3:d3:3b:fc:7e:be:76:8d:7a:d1:a9:e3:f8:bb:
                    14:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:33:E6:4D:A5:00:47:C3:1B:1A:2B:AC:53:0B:A1:0E:3D:5C:24:C7
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hDPmTaUAR8MbGiusUwuhDj1cJMc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         b1:0f:d3:29:77:8b:41:d1:83:48:ce:4e:3c:b9:7d:8d:52:7a:
         6f:4b:ea:7b:4e:a2:ee:0b:7c:58:25:4a:ca:38:28:aa:40:c8:
         e0:7b:94:25:fc:db:d0:c3:1f:a5:e1:57:a4:3a:63:77:1d:91:
         51:27:6b:89:0e:da:88:f6:ae:89:3f:cb:2b:0a:c7:53:25:11:
         a3:99:00:5a:18:02:5d:52:dc:87:77:9c:18:78:03:e3:6c:b1:
         4a:f5:40:aa:c5:95:bd:0b:0c:01:e7:15:9b:f2:1a:e3:49:96:
         3d:f1:b5:ac:3c:5f:c8:50:f5:ed:f1:f8:7c:59:97:bb:3d:82:
         36:02:85:2a:43:a2:ed:f1:40:0e:ea:01:34:24:af:e5:c4:96:
         07:de:3f:aa:bb:a4:cb:c7:30:39:b7:68:08:a8:47:92:04:a9:
         05:31:dc:8f:46:1d:a5:39:6d:fd:e7:7b:3e:5e:a3:ce:80:3d:
         47:4d:ab:ab:c7:8d:e0:f9:c4:d1:47:1e:d3:6e:ee:ff:53:5d:
         a9:3b:73:b0:cd:a2:cc:e0:4e:c2:f6:b3:d3:25:cc:dd:1a:7b:
         d1:cd:ee:68:05:96:a4:18:63:0c:6f:0d:c5:a4:4c:91:5d:10:
         79:85:df:0b:aa:24:df:8c:24:e2:4e:86:08:69:64:b3:89:d8:
         02:f9:28:1b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYifTXAHhIobjOrdvsUpo/GRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA5MDgzNzEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDMzZTY0ZGE1MDA0N2MzMWIxYTJiYWM1MzBiYTEwZTNkNWMyNGM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm98BX3amyDBMlI9h4BVLPc/C/RZ
6/A1o1Xtd5rTyjEM8Af1hcciBLWi0+nmVE/6if2TYFnkdSttTCtfPmT0S5rjqO/+
5lL7s3omVkGFjo25yQV3M5q4rCBzZC2PeiJUzMJWYJQmrj1+H0SWEWlwVSVNUn69
GwNoaU25+Lj9cOnPD1gxI8Fw6BbYHldHvw1DdSx55//rjklfCkqT16767LbbnxWT
3cpzyavYpfSOv399WW1ETozKN87Fv4dFPD1lRajifPNRR/k0hqYgXhxw9CP4iUFf
5rxjTnOn9yTVWAoh34yQ6Uc8+NNkBOq5eI1u09M7/H6+do160anj+LsUUwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIQz5k2lAEfDGxorrFMLoQ49XCTHMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvaERQbVRhVUFSOE1iR2l1c1V3dWhEajFjSk1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBALEP0yl3i0HRg0jOTjy5
fY1Sem9L6ntOou4LfFglSso4KKpAyOB7lCX829DDH6XhV6Q6Y3cdkVEna4kO2oj2
rok/yysKx1MlEaOZAFoYAl1S3Id3nBh4A+NssUr1QKrFlb0LDAHnFZvyGuNJlj3x
taw8X8hQ9e3x+HxZl7s9gjYChSpDou3xQA7qATQkr+XElgfeP6q7pMvHMDm3aAio
R5IEqQUx3I9GHaU5bf3nez5eo86APUdNq6vHjeD5xNFHHtNu7v9TXak7c7DNoszg
TsL2s9MlzN0ae9HN7mgFlqQYYwxvDcWkTJFdEHmF3wuqJN+MJOJOhghpZLOJ2AL5
KBs=
-----END CERTIFICATE-----