Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hp3Pbfb01qz5HQVHdWJf8wbF8Xg.roa
File:                     hp3Pbfb01qz5HQVHdWJf8wbF8Xg.roa (raw, json)
Hash identifier:          WWZFTbfiX7M2RK46ARjnCcdNS/7IM0RO+C/IcwYYx2Y=
Subject key identifier:   86:9D:CF:6D:F6:F4:D6:AC:F9:1D:05:47:75:62:5F:F3:06:C5:F1:78
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018888ADCE69ED1B3DF164FE1C9B612F6E69
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hp3Pbfb01qz5HQVHdWJf8wbF8Xg.roa
Signing time:             Sun 04 Jun 2023 23:11:11 +0000
ROA not before:           Sun 04 Jun 2023 23:11:11 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:88:ad:ce:69:ed:1b:3d:f1:64:fe:1c:9b:61:2f:6e:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  4 23:11:11 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=869dcf6df6f4d6acf91d054775625ff306c5f178
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:55:46:67:fa:b5:72:f5:f0:49:04:c1:60:61:
                    ea:12:c8:6f:3e:2c:6d:68:7c:fa:ab:0f:48:ff:8b:
                    0a:91:a3:f9:ca:9e:0d:9c:76:9f:62:49:bd:97:8f:
                    de:9c:c1:27:a6:42:60:cd:cb:35:4e:d2:8c:b9:d6:
                    41:cf:d5:a2:34:46:98:54:3b:85:cc:f9:c9:e8:e9:
                    82:f8:f2:d5:df:3f:4a:e0:7f:60:c3:49:41:ae:ee:
                    f7:cf:fa:73:eb:14:25:00:b0:64:89:61:07:4d:34:
                    c5:19:16:fe:e8:d0:df:5e:99:d3:df:f0:18:cd:fd:
                    93:b2:e9:19:ce:9b:f8:d6:36:96:89:f7:4b:cc:40:
                    7a:d0:c3:54:7c:a6:67:65:85:db:c7:7f:8b:9d:e9:
                    2b:b5:33:8f:77:f0:ea:0a:12:8a:f1:55:d9:8c:d3:
                    63:22:c2:12:23:21:f2:5c:06:b1:7c:2a:8c:2a:e7:
                    ed:30:17:c1:5d:e0:7a:35:ff:7c:4d:fb:fa:81:d6:
                    a3:53:7f:8e:0c:06:eb:5f:69:f6:bd:cb:4e:57:75:
                    04:01:aa:83:ad:c3:89:6e:3d:df:63:2f:73:97:a7:
                    f7:e8:9e:98:54:c0:6a:30:cd:4c:1c:df:0d:74:b4:
                    53:07:e2:41:85:8c:4d:0e:1e:1b:6c:66:b6:91:46:
                    eb:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:9D:CF:6D:F6:F4:D6:AC:F9:1D:05:47:75:62:5F:F3:06:C5:F1:78
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hp3Pbfb01qz5HQVHdWJf8wbF8Xg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         0e:a7:be:25:13:bb:39:84:fd:41:59:5b:b1:c2:9a:9d:a3:54:
         7f:47:a0:51:98:38:db:50:f7:68:62:0e:dc:15:9e:fa:55:a1:
         67:65:6e:5e:d5:15:5f:d4:1a:9a:75:ea:3a:ac:a6:ac:f5:01:
         88:3e:60:c2:a8:19:15:ea:c5:27:04:58:a9:53:f6:6b:a5:43:
         b5:73:f4:5a:17:23:4f:93:95:4e:9c:f7:a3:e1:fc:e2:d1:44:
         a7:8a:15:ee:2f:9f:7b:cd:09:a6:4b:91:6a:90:c7:eb:c5:6a:
         82:e9:96:46:cf:74:99:c2:b3:d3:4c:9c:ec:f9:8a:c0:6c:ed:
         5a:19:49:83:1b:8f:c4:06:a6:74:6c:75:bb:56:a8:98:06:f8:
         24:2b:90:62:f3:82:22:86:3e:67:a9:fb:38:7a:1d:e1:8e:5e:
         93:f8:08:25:54:58:85:0a:c1:b0:44:c0:fe:c4:ed:e6:82:ba:
         80:5d:0e:e6:46:b1:8d:81:10:25:65:3c:e9:df:69:93:f0:59:
         4e:03:f6:a1:12:a9:b1:b6:7f:c9:ed:1d:e5:fd:a6:8f:40:7a:
         16:11:d2:46:01:5a:97:14:bd:a1:c0:21:08:1c:fc:86:6a:69:
         0a:37:83:04:1e:39:38:bb:07:b8:aa:da:c6:ba:a9:ef:b7:1e:
         a5:19:b8:de
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiIrc5p7Rs98WT+HJthL25pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA0MjMxMTExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjlkY2Y2ZGY2ZjRkNmFjZjkxZDA1NDc3NTYyNWZmMzA2YzVmMTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFVGZ/q1cvXwSQTBYGHqEshvPixt
aHz6qw9I/4sKkaP5yp4NnHafYkm9l4/enMEnpkJgzcs1TtKMudZBz9WiNEaYVDuF
zPnJ6OmC+PLV3z9K4H9gw0lBru73z/pz6xQlALBkiWEHTTTFGRb+6NDfXpnT3/AY
zf2TsukZzpv41jaWifdLzEB60MNUfKZnZYXbx3+LnekrtTOPd/DqChKK8VXZjNNj
IsISIyHyXAaxfCqMKuftMBfBXeB6Nf98Tfv6gdajU3+ODAbrX2n2vctOV3UEAaqD
rcOJbj3fYy9zl6f36J6YVMBqMM1MHN8NdLRTB+JBhYxNDh4bbGa2kUbrhQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIadz2329Nas+R0FR3ViX/MGxfF4MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvaHAzUGJmYjAxcXo1SFFWSGRXSmY4d2JGOFhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAA6nviUTuzmE/UFZW7HC
mp2jVH9HoFGYONtQ92hiDtwVnvpVoWdlbl7VFV/UGpp16jqspqz1AYg+YMKoGRXq
xScEWKlT9mulQ7Vz9FoXI0+TlU6c96Ph/OLRRKeKFe4vn3vNCaZLkWqQx+vFaoLp
lkbPdJnCs9NMnOz5isBs7VoZSYMbj8QGpnRsdbtWqJgG+CQrkGLzgiKGPmep+zh6
HeGOXpP4CCVUWIUKwbBEwP7E7eaCuoBdDuZGsY2BECVlPOnfaZPwWU4D9qESqbG2
f8ntHeX9po9AehYR0kYBWpcUvaHAIQgc/IZqaQo3gwQeOTi7B7iq2sa6qe+3HqUZ
uN4=
-----END CERTIFICATE-----