Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hFGcQMFqeIiF1YrFikuDxe5tKnk.roa
File:                     hFGcQMFqeIiF1YrFikuDxe5tKnk.roa (raw, json)
Hash identifier:          /pGv/hejBnHABoe8XM7brxGwqsIRFxcwTfZvEQx2JJo=
Subject key identifier:   84:51:9C:40:C1:6A:78:88:85:D5:8A:C5:8A:4B:83:C5:EE:6D:2A:79
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188ADCC1195C205E740939759E5A6F81CF2
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hFGcQMFqeIiF1YrFikuDxe5tKnk.roa
Signing time:             Mon 12 Jun 2023 04:10:12 +0000
ROA not before:           Mon 12 Jun 2023 04:10:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:ad:cc:11:95:c2:05:e7:40:93:97:59:e5:a6:f8:1c:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 12 04:10:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=84519c40c16a788885d58ac58a4b83c5ee6d2a79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:cd:17:e1:dc:59:67:0c:0e:b2:de:13:3c:52:
                    98:a5:bf:fa:38:0b:64:8c:16:c0:c9:aa:30:39:84:
                    f5:40:4e:99:17:a1:b0:da:40:00:9d:86:0b:83:34:
                    2b:77:f6:8f:ac:66:7a:60:12:d5:68:cf:3c:c0:51:
                    54:a3:b4:4c:2a:3a:7c:ee:92:bb:42:e0:b9:d7:00:
                    57:85:d1:21:1b:15:6a:97:3c:12:3f:f1:74:13:7b:
                    88:5c:21:ee:e0:52:81:15:60:f6:40:41:85:b9:e2:
                    0d:57:dd:40:37:c1:36:78:9c:2d:8b:c2:73:de:b5:
                    8a:27:cb:ff:f5:31:b0:e9:96:62:89:e6:0a:8f:72:
                    c4:82:35:94:15:8a:3b:a9:78:52:2d:0a:83:fe:25:
                    24:86:62:a5:85:b6:9a:17:50:bc:19:f1:57:01:6b:
                    30:a8:8f:c5:f0:c3:57:56:14:b2:0f:df:81:d2:ca:
                    b9:f4:cc:0b:94:6b:0c:d9:99:ad:74:cb:44:ca:9b:
                    2e:f3:d3:a4:36:af:dd:4a:04:d6:49:1b:73:6f:6a:
                    7d:73:d5:eb:87:41:60:a0:a5:24:53:20:62:f7:1d:
                    83:80:b6:08:f0:0a:40:9b:9c:b4:09:5e:55:b5:ee:
                    22:9f:43:b6:9c:3f:df:dc:91:2b:c4:6b:60:bc:cc:
                    8d:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:51:9C:40:C1:6A:78:88:85:D5:8A:C5:8A:4B:83:C5:EE:6D:2A:79
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hFGcQMFqeIiF1YrFikuDxe5tKnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         4e:b9:87:ba:e6:3f:92:b0:9a:01:a2:6a:d1:00:23:6c:22:f6:
         1e:88:98:5e:69:8f:9e:00:80:8b:a9:4f:81:74:81:9d:5c:85:
         ff:be:06:b2:41:b8:6d:3d:75:b5:ee:d4:b9:2b:84:73:d2:1e:
         be:3b:9b:c8:54:3f:e0:6f:0f:86:e1:02:11:ec:07:8c:76:d3:
         8c:bc:4d:a8:3f:ab:52:4e:7b:b0:bf:16:21:34:00:1e:c8:c9:
         5d:bb:0c:d3:aa:53:66:11:42:ce:a0:40:d3:fe:d8:12:ba:72:
         d9:ad:2b:2c:93:87:59:e4:7c:32:d5:fa:fc:93:57:2b:55:a5:
         0a:93:d4:1a:49:2f:1a:c3:35:b6:1f:6c:71:ce:25:ea:32:e2:
         07:2e:3b:c1:7f:4e:f9:f8:75:87:9f:f1:b0:2a:95:20:31:97:
         9b:8e:6a:59:24:81:2e:f5:59:39:18:6e:1b:50:af:c4:50:f9:
         6a:c6:c2:92:f5:16:37:40:a6:32:f4:ce:0a:1c:4a:19:b0:00:
         27:19:80:fc:73:19:ff:28:e3:b9:bb:5e:46:1d:d5:0a:d2:e0:
         90:7f:77:e3:b1:4b:1c:87:04:4a:ea:40:50:80:82:a5:c1:29:
         fa:87:6a:40:e1:f9:dd:41:59:35:a0:16:53:7a:3c:cd:54:cb:
         c4:f5:29:2f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYitzBGVwgXnQJOXWeWm+BzyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjEyMDQxMDEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDUxOWM0MGMxNmE3ODg4ODVkNThhYzU4YTRiODNjNWVlNmQyYTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAus0X4dxZZwwOst4TPFKYpb/6OAtk
jBbAyaowOYT1QE6ZF6Gw2kAAnYYLgzQrd/aPrGZ6YBLVaM88wFFUo7RMKjp87pK7
QuC51wBXhdEhGxVqlzwSP/F0E3uIXCHu4FKBFWD2QEGFueINV91AN8E2eJwti8Jz
3rWKJ8v/9TGw6ZZiieYKj3LEgjWUFYo7qXhSLQqD/iUkhmKlhbaaF1C8GfFXAWsw
qI/F8MNXVhSyD9+B0sq59MwLlGsM2ZmtdMtEypsu89OkNq/dSgTWSRtzb2p9c9Xr
h0FgoKUkUyBi9x2DgLYI8ApAm5y0CV5Vte4in0O2nD/f3JErxGtgvMyNBwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIRRnEDBaniIhdWKxYpLg8XubSp5MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvaEZHY1FNRnFlSWlGMVlyRmlrdUR4ZTV0S25rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAE65h7rmP5KwmgGiatEA
I2wi9h6ImF5pj54AgIupT4F0gZ1chf++BrJBuG09dbXu1LkrhHPSHr47m8hUP+Bv
D4bhAhHsB4x204y8Tag/q1JOe7C/FiE0AB7IyV27DNOqU2YRQs6gQNP+2BK6ctmt
KyyTh1nkfDLV+vyTVytVpQqT1BpJLxrDNbYfbHHOJeoy4gcuO8F/Tvn4dYef8bAq
lSAxl5uOalkkgS71WTkYbhtQr8RQ+WrGwpL1FjdApjL0zgocShmwACcZgPxzGf8o
47m7XkYd1QrS4JB/d+OxSxyHBErqQFCAgqXBKfqHakDh+d1BWTWgFlN6PM1Uy8T1
KS8=
-----END CERTIFICATE-----