Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ht8d3oa4MzedWTlxFifOlEV-9sA.roa
File:                     ht8d3oa4MzedWTlxFifOlEV-9sA.roa (raw, json)
Hash identifier:          tsGEskRlaPBP7Q8umqfISxe2sbLh/hGGVR37ZONKYzg=
Subject key identifier:   86:DF:1D:DE:86:B8:33:37:9D:59:39:71:16:27:CE:94:45:7E:F6:C0
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188DDA4AC091D17D9440AD33F5B6782BAD0
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ht8d3oa4MzedWTlxFifOlEV-9sA.roa
Signing time:             Wed 21 Jun 2023 11:08:56 +0000
ROA not before:           Wed 21 Jun 2023 11:08:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:dd:a4:ac:09:1d:17:d9:44:0a:d3:3f:5b:67:82:ba:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 21 11:08:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=86df1dde86b833379d5939711627ce94457ef6c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:0f:eb:ee:43:b3:95:f5:fe:54:ea:db:93:2f:
                    24:d0:9b:89:35:02:13:37:f6:d8:fd:42:ad:ad:cb:
                    7a:20:bb:4a:a6:40:b8:4c:32:86:0d:eb:3a:ef:d7:
                    d4:50:eb:7b:ec:74:64:23:b8:6a:23:a6:01:d6:8f:
                    f9:0a:47:c6:d9:51:d2:56:80:a2:a7:69:aa:60:f3:
                    97:8c:cc:16:a1:57:1d:a9:06:76:53:57:09:c5:67:
                    92:b9:a3:0a:04:bc:c1:5f:3b:0c:3e:ed:34:2d:8d:
                    3b:e0:85:d0:43:4b:a9:fe:80:40:4c:7c:ca:12:95:
                    40:2e:3e:dd:8b:c6:b8:64:4c:c6:62:0d:d4:32:3c:
                    22:e8:6c:36:68:5c:49:71:bb:c9:49:07:67:5d:6d:
                    4f:f7:cf:37:a4:68:21:9b:44:ca:b3:11:c3:d7:e4:
                    51:5f:02:4a:6c:8b:a1:f6:79:fc:04:8e:17:32:d7:
                    e2:76:06:79:cb:58:a4:0d:35:56:d2:eb:19:80:47:
                    b8:31:ed:57:db:7a:0b:9f:fc:88:4e:9d:73:14:f3:
                    98:aa:45:12:13:63:d3:c8:be:57:81:1e:1a:d1:eb:
                    65:46:0c:17:2f:d6:f5:74:17:f8:28:99:f3:de:21:
                    14:1b:6d:a7:14:ab:29:59:07:be:29:ff:19:48:ed:
                    97:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:DF:1D:DE:86:B8:33:37:9D:59:39:71:16:27:CE:94:45:7E:F6:C0
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ht8d3oa4MzedWTlxFifOlEV-9sA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:b1:36:a4:d4:26:f4:85:72:85:2a:6f:cc:dd:e3:9c:bb:c5:
         f8:26:d1:d8:9e:78:c9:4e:67:20:f3:94:7b:17:6a:eb:6f:8e:
         5c:5e:1f:a5:78:2b:9b:d2:2e:a3:62:7e:23:8f:de:d0:cd:1c:
         0a:cf:bb:eb:a2:49:61:56:13:66:90:14:eb:7b:04:f6:b3:18:
         a9:97:da:2d:50:46:a3:d7:97:fc:4f:9a:58:d1:88:24:e0:26:
         e6:69:5b:bd:fe:75:a5:bc:0b:86:35:eb:63:d1:88:a5:5b:51:
         6f:13:f0:3f:39:46:d3:26:a8:2a:44:a4:f1:41:52:51:12:3f:
         7c:92:ad:ac:40:f9:e8:72:45:ef:83:29:90:50:39:de:1b:1c:
         51:59:2f:ca:59:c1:16:00:d2:12:b5:ed:ef:46:0c:5f:97:98:
         87:25:3e:9a:9c:08:d5:5b:22:40:88:2a:b0:eb:11:9a:ba:62:
         ed:36:a5:88:c8:4b:db:21:21:24:85:f0:54:6f:e8:23:b1:ca:
         42:1b:25:aa:03:e6:8f:da:06:ec:91:56:b0:37:12:e6:31:f3:
         d3:75:9f:07:4a:0c:33:7b:29:05:4d:50:f3:d1:11:8b:bb:fd:
         a6:52:91:86:d6:d2:f6:d2:cd:91:b0:fc:b5:63:8a:68:a8:d6:
         18:80:bc:b7
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYjdpKwJHRfZRArTP1tngrrQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjIxMTEwODU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmRmMWRkZTg2YjgzMzM3OWQ1OTM5NzExNjI3Y2U5NDQ1N2VmNmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAig/r7kOzlfX+VOrbky8k0JuJNQIT
N/bY/UKtrct6ILtKpkC4TDKGDes679fUUOt77HRkI7hqI6YB1o/5CkfG2VHSVoCi
p2mqYPOXjMwWoVcdqQZ2U1cJxWeSuaMKBLzBXzsMPu00LY074IXQQ0up/oBATHzK
EpVALj7di8a4ZEzGYg3UMjwi6Gw2aFxJcbvJSQdnXW1P9883pGghm0TKsxHD1+RR
XwJKbIuh9nn8BI4XMtfidgZ5y1ikDTVW0usZgEe4Me1X23oLn/yITp1zFPOYqkUS
E2PTyL5XgR4a0etlRgwXL9b1dBf4KJnz3iEUG22nFKspWQe+Kf8ZSO2XawIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIbfHd6GuDM3nVk5cRYnzpRFfvbAMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvaHQ4ZDNvYTRNemVkV1RseEZpZk9sRVYtOXNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAyxNqTUJvSFcoUqb8zd
45y7xfgm0dieeMlOZyDzlHsXautvjlxeH6V4K5vSLqNifiOP3tDNHArPu+uiSWFW
E2aQFOt7BPazGKmX2i1QRqPXl/xPmljRiCTgJuZpW73+daW8C4Y162PRiKVbUW8T
8D85RtMmqCpEpPFBUlESP3ySraxA+ehyRe+DKZBQOd4bHFFZL8pZwRYA0hK17e9G
DF+XmIclPpqcCNVbIkCIKrDrEZq6Yu02pYjIS9shISSF8FRv6COxykIbJaoD5o/a
BuyRVrA3EuYx89N1nwdKDDN7KQVNUPPREYu7/aZSkYbW0vbSzZGw/LVjimio1hiA
vLc=
-----END CERTIFICATE-----