Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hrLponvMXiEM2VeUITOWaheKT6s.roa
File:                     hrLponvMXiEM2VeUITOWaheKT6s.roa (raw, json)
Hash identifier:          Lb7+xUIP5LRyxSqMaMN70ez5mHmpYDEIfD6pe9s7N1c=
Subject key identifier:   86:B2:E9:A2:7B:CC:5E:21:0C:D9:57:94:21:33:96:6A:17:8A:4F:AB
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188A79264382F48F0B2F0ECBA469450B1DA
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hrLponvMXiEM2VeUITOWaheKT6s.roa
Signing time:             Sat 10 Jun 2023 23:09:28 +0000
ROA not before:           Sat 10 Jun 2023 23:09:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:a7:92:64:38:2f:48:f0:b2:f0:ec:ba:46:94:50:b1:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 10 23:09:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=86b2e9a27bcc5e210cd957942133966a178a4fab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:01:91:8b:a5:df:15:7a:54:50:4d:9e:cf:6c:
                    bf:5f:43:9b:76:08:c4:e9:46:7c:07:23:f9:fb:80:
                    40:3a:3f:73:6c:39:68:09:42:2d:23:c2:90:a0:c7:
                    3c:e9:f8:af:c6:49:df:60:45:60:9c:c0:a0:15:5d:
                    94:71:86:05:91:1b:c0:af:46:fa:4b:b1:ff:0c:d8:
                    d9:93:d9:18:0d:58:f0:8f:8c:7e:9a:ee:59:e2:ff:
                    86:60:ad:c8:86:ce:1b:43:a0:22:7b:d7:60:a1:cb:
                    82:a0:2f:80:02:ba:e1:79:6a:d3:da:d6:ef:65:8a:
                    92:2b:58:de:1b:ad:fc:f3:d6:30:62:81:9a:0e:e8:
                    6b:e9:e3:b3:f6:48:15:44:3c:12:38:c4:74:9a:e5:
                    22:d8:5d:b3:5e:98:bc:69:b8:68:84:91:e6:0d:4d:
                    4d:20:d3:8c:51:6b:c2:82:95:33:a5:03:b0:6b:4d:
                    12:74:3d:17:60:f9:4e:c7:94:a6:ce:1d:80:e5:27:
                    0a:37:6d:79:ab:19:bf:48:f9:75:8b:61:a5:4e:6e:
                    5e:c5:2c:f5:4b:de:fa:1c:96:65:1a:0a:86:17:eb:
                    d9:70:50:15:ec:1c:18:a2:0c:f4:25:95:09:ca:0b:
                    e2:94:ff:36:53:d0:41:1a:2c:6c:9b:c2:71:49:1c:
                    6b:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:B2:E9:A2:7B:CC:5E:21:0C:D9:57:94:21:33:96:6A:17:8A:4F:AB
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hrLponvMXiEM2VeUITOWaheKT6s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         45:7b:81:91:df:c7:54:c1:3a:ab:94:78:14:8d:05:3a:82:8a:
         e8:3d:88:e3:a6:12:76:dd:62:8e:2d:cb:0d:cf:ee:84:2a:bb:
         46:f5:56:f6:83:dd:12:9a:50:b0:61:36:ab:20:85:51:5c:ae:
         a0:84:1f:e4:35:a7:01:ac:dc:a6:ac:1b:0a:50:43:c0:b7:79:
         92:5a:7c:ef:66:5e:36:07:a2:56:fe:04:ee:cd:bc:9c:6e:aa:
         3b:a6:cc:01:ad:1e:73:11:fd:5c:58:15:04:ef:90:f6:c5:3e:
         4c:9a:c1:72:8a:d9:e5:dd:e9:58:2d:69:09:24:2f:b3:e2:dd:
         2c:39:a6:61:06:e0:0f:28:2f:9a:b5:41:1e:f7:c2:58:6e:92:
         9f:2b:cb:45:10:7b:59:69:39:d6:52:d8:1b:aa:1f:e1:f2:9b:
         d6:d2:f3:90:cc:ec:f8:ce:e5:ff:d0:76:e0:dd:5d:dd:86:4e:
         b1:42:f3:e5:02:d6:56:1d:d7:8c:4c:c9:ef:67:e6:fa:20:a0:
         25:e8:7f:65:23:14:1f:de:00:bd:e6:fd:fe:5f:66:c5:cf:5f:
         95:21:26:9e:02:67:1b:f7:2b:f6:b5:1b:1a:06:17:f4:f7:fb:
         46:26:57:44:c4:a1:c3:0c:97:d3:52:82:d5:46:b6:16:a6:2d:
         3a:8c:73:6b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYinkmQ4L0jwsvDsukaUULHaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjEwMjMwOTI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmIyZTlhMjdiY2M1ZTIxMGNkOTU3OTQyMTMzOTY2YTE3OGE0ZmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnwGRi6XfFXpUUE2ez2y/X0ObdgjE
6UZ8ByP5+4BAOj9zbDloCUItI8KQoMc86fivxknfYEVgnMCgFV2UcYYFkRvAr0b6
S7H/DNjZk9kYDVjwj4x+mu5Z4v+GYK3Ihs4bQ6Aie9dgocuCoC+AArrheWrT2tbv
ZYqSK1jeG63889YwYoGaDuhr6eOz9kgVRDwSOMR0muUi2F2zXpi8abhohJHmDU1N
INOMUWvCgpUzpQOwa00SdD0XYPlOx5Smzh2A5ScKN215qxm/SPl1i2GlTm5exSz1
S976HJZlGgqGF+vZcFAV7BwYogz0JZUJygvilP82U9BBGixsm8JxSRxrAQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIay6aJ7zF4hDNlXlCEzlmoXik+rMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvaHJMcG9udk1YaUVNMlZlVUlUT1dhaGVLVDZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEV7gZHfx1TBOquUeBSN
BTqCiug9iOOmEnbdYo4tyw3P7oQqu0b1VvaD3RKaULBhNqsghVFcrqCEH+Q1pwGs
3KasGwpQQ8C3eZJafO9mXjYHolb+BO7NvJxuqjumzAGtHnMR/VxYFQTvkPbFPkya
wXKK2eXd6VgtaQkkL7Pi3Sw5pmEG4A8oL5q1QR73wlhukp8ry0UQe1lpOdZS2Buq
H+Hym9bS85DM7PjO5f/QduDdXd2GTrFC8+UC1lYd14xMye9n5vogoCXof2UjFB/e
AL3m/f5fZsXPX5UhJp4CZxv3K/a1GxoGF/T3+0YmV0TEocMMl9NSgtVGthamLTqM
c2s=
-----END CERTIFICATE-----