Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/igFKTvoMXZEVruSE_KAv7ZAxpNs.roa
File:                     igFKTvoMXZEVruSE_KAv7ZAxpNs.roa (raw, json)
Hash identifier:          WbjIeq0oH4lvjWIcMQtudQqRkBT6AyboeXNi7Xs9r2I=
Subject key identifier:   8A:01:4A:4E:FA:0C:5D:91:15:AE:E4:84:FC:A0:2F:ED:90:31:A4:DB
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01893C122B257931197C9DFC5FCFAF15CD3E
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/igFKTvoMXZEVruSE_KAv7ZAxpNs.roa
Signing time:             Sun 09 Jul 2023 19:12:50 +0000
ROA not before:           Sun 09 Jul 2023 19:12:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:3c:12:2b:25:79:31:19:7c:9d:fc:5f:cf:af:15:cd:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul  9 19:12:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8a014a4efa0c5d9115aee484fca02fed9031a4db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:a2:df:e2:30:82:7d:d1:6c:09:c6:33:3c:34:
                    ef:6a:5e:6e:87:d5:b8:a3:f2:ad:8d:52:3c:f5:de:
                    f7:1e:e6:f7:a0:fd:f0:3c:e8:18:d5:a6:d1:20:98:
                    4c:9f:40:51:c0:03:a3:04:d4:b2:49:0f:9e:96:4f:
                    e8:22:c2:8c:08:6b:a2:77:17:c7:a5:eb:7a:49:51:
                    fa:74:2e:7b:23:4a:b5:40:cd:c6:5e:6b:39:6a:8c:
                    24:40:db:52:85:11:47:d5:33:9e:eb:48:e2:03:09:
                    14:7c:e6:f4:00:3f:5e:0a:bf:69:11:e9:59:5b:c3:
                    f1:08:16:48:df:36:b6:ce:e9:64:a7:25:f7:9a:d2:
                    c2:3b:d6:24:7d:1c:a5:cb:d6:76:72:5f:b1:de:84:
                    16:2d:f0:38:22:bc:c2:58:34:28:56:63:08:43:7c:
                    f1:6c:4a:24:97:c8:d4:b5:d5:6e:30:e6:21:1b:98:
                    df:79:34:82:83:cd:be:b4:a4:e8:e2:52:81:69:af:
                    57:da:ab:fc:8f:38:cd:e6:bf:61:c4:a3:11:4b:8c:
                    92:98:c2:68:ef:aa:60:f6:4c:0a:19:18:13:b4:5e:
                    ed:45:ff:32:5e:22:a2:50:61:87:75:d1:8b:eb:b9:
                    07:ef:5e:d9:f4:99:46:f3:a8:11:72:81:76:14:95:
                    10:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:01:4A:4E:FA:0C:5D:91:15:AE:E4:84:FC:A0:2F:ED:90:31:A4:DB
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/igFKTvoMXZEVruSE_KAv7ZAxpNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         95:96:39:6c:c2:29:5d:21:4e:16:f6:c0:fd:c8:d2:30:9e:20:
         b1:3f:d0:28:4f:7b:78:79:08:d2:d1:81:62:63:a5:fa:3f:48:
         7f:6d:d6:66:f9:84:8a:65:03:aa:e4:8a:c0:e1:01:89:88:95:
         b4:20:52:ed:72:e2:70:4f:76:c2:6d:80:31:23:b6:db:70:20:
         12:0b:1b:14:ed:1c:9b:ff:3b:0b:f4:53:42:2f:77:ae:61:a1:
         51:fd:41:11:f8:04:fe:82:f5:93:81:91:4d:68:4c:45:75:74:
         b1:10:b9:ec:7c:1b:ca:b5:34:df:c6:bd:fa:0a:0f:8e:53:46:
         a6:dc:66:9a:a1:c4:96:23:6c:bc:06:04:c0:92:8b:2e:72:e9:
         8b:69:ac:5f:b1:65:99:ce:08:07:b8:2c:dd:04:92:27:ec:4e:
         2f:3c:8c:e8:c6:bc:94:1a:0d:81:cb:5e:ab:a7:20:a1:1c:c4:
         8e:6d:19:ae:1c:b0:2a:e3:92:52:15:a4:e3:19:91:a4:0f:7a:
         e9:12:de:91:77:b5:13:da:6b:70:bf:81:89:79:15:90:65:ff:
         55:be:ea:da:f3:11:25:48:db:79:b9:7e:55:0a:07:0b:15:0f:
         bf:14:ce:f0:fa:5e:77:5f:9c:2a:d4:59:8e:c9:bf:d4:25:2e:
         f6:ba:78:98
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYk8EisleTEZfJ38X8+vFc0+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzA5MTkxMjUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTAxNGE0ZWZhMGM1ZDkxMTVhZWU0ODRmY2EwMmZlZDkwMzFhNGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiqLf4jCCfdFsCcYzPDTval5uh9W4
o/KtjVI89d73Hub3oP3wPOgY1abRIJhMn0BRwAOjBNSySQ+elk/oIsKMCGuidxfH
pet6SVH6dC57I0q1QM3GXms5aowkQNtShRFH1TOe60jiAwkUfOb0AD9eCr9pEelZ
W8PxCBZI3za2zulkpyX3mtLCO9YkfRyly9Z2cl+x3oQWLfA4IrzCWDQoVmMIQ3zx
bEokl8jUtdVuMOYhG5jfeTSCg82+tKTo4lKBaa9X2qv8jzjN5r9hxKMRS4ySmMJo
76pg9kwKGRgTtF7tRf8yXiKiUGGHddGL67kH717Z9JlG86gRcoF2FJUQUwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIoBSk76DF2RFa7khPygL+2QMaTbMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvaWdGS1R2b01YWkVWcnVTRV9LQXY3WkF4cE5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJWWOWzCKV0hThb2wP3I
0jCeILE/0ChPe3h5CNLRgWJjpfo/SH9t1mb5hIplA6rkisDhAYmIlbQgUu1y4nBP
dsJtgDEjtttwIBILGxTtHJv/Owv0U0Ivd65hoVH9QRH4BP6C9ZOBkU1oTEV1dLEQ
uex8G8q1NN/GvfoKD45TRqbcZpqhxJYjbLwGBMCSiy5y6YtprF+xZZnOCAe4LN0E
kifsTi88jOjGvJQaDYHLXqunIKEcxI5tGa4csCrjklIVpOMZkaQPeukS3pF3tRPa
a3C/gYl5FZBl/1W+6trzESVI23m5flUKBwsVD78UzvD6XndfnCrUWY7Jv9QlLva6
eJg=
-----END CERTIFICATE-----