Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/j_OtfjYAVW98cjM7I2ASvg6nEeQ.roa
File:                     j_OtfjYAVW98cjM7I2ASvg6nEeQ.roa (raw, json)
Hash identifier:          69toM96wZWI9DFPqWse/BZ5OnN0VmelWZS9asZkoTPM=
Subject key identifier:   8F:F3:AD:7E:36:00:55:6F:7C:72:33:3B:23:60:12:BE:0E:A7:11:E4
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188CA1E3F522EFDE517C3B181C1FD42A9C4
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/j_OtfjYAVW98cjM7I2ASvg6nEeQ.roa
Signing time:             Sat 17 Jun 2023 16:09:19 +0000
ROA not before:           Sat 17 Jun 2023 16:09:19 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:ca:1e:3f:52:2e:fd:e5:17:c3:b1:81:c1:fd:42:a9:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 17 16:09:19 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8ff3ad7e3600556f7c72333b236012be0ea711e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:e1:7b:54:e7:ab:6a:a2:cc:2d:c6:c2:19:dd:
                    74:0d:e0:1e:94:27:64:f8:86:2d:e5:d5:a4:8d:1b:
                    47:ea:a7:55:d2:7e:69:1a:e3:1b:ba:1c:61:48:18:
                    04:da:fe:30:43:76:2e:5b:a0:91:01:09:40:03:93:
                    84:0c:37:bf:ae:ad:0d:af:52:86:45:ae:fd:62:fa:
                    e2:1b:b7:15:88:62:ac:c4:4e:1f:73:be:df:90:cd:
                    ca:09:26:9f:64:fc:5e:86:55:14:d2:55:73:10:bd:
                    7f:82:95:e7:d5:88:97:1c:c4:90:a8:94:74:1c:6a:
                    c4:0d:44:7a:67:26:2c:09:37:c6:75:06:52:93:78:
                    af:ed:e1:51:44:2b:5a:ce:4e:5d:1e:ab:e5:26:9b:
                    29:ce:c7:e6:56:f6:d3:22:87:b1:99:fe:ca:21:3a:
                    d0:7f:10:d0:f1:21:c9:e2:d1:65:35:45:e9:ae:29:
                    0f:1b:88:4b:74:78:62:3c:57:06:89:da:02:05:ca:
                    f6:db:cf:52:61:43:12:89:33:9e:9d:55:72:ab:d9:
                    17:71:74:e6:d1:87:84:9f:ec:f4:9f:a2:96:55:99:
                    e3:64:1f:9d:7a:e7:44:f5:2c:17:d0:bf:4c:52:a0:
                    d0:3f:f2:50:6e:4d:f2:c7:9d:1e:25:94:f1:b1:d4:
                    f4:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:F3:AD:7E:36:00:55:6F:7C:72:33:3B:23:60:12:BE:0E:A7:11:E4
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/j_OtfjYAVW98cjM7I2ASvg6nEeQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a6:7b:65:4a:f9:e4:e4:46:52:69:fe:2c:a5:31:ec:10:ad:00:
         6d:be:6d:d5:dc:3f:2c:1b:2c:94:9b:01:d0:72:70:8c:a9:8f:
         6d:32:ec:75:fa:e3:29:de:83:9e:1c:e5:a9:69:d1:c6:32:5a:
         0d:78:c2:9e:08:1e:72:df:42:5c:8a:0d:8f:aa:f7:2f:e2:7c:
         a0:3a:98:d7:da:96:61:31:8e:af:37:ce:b2:f4:9b:fe:91:83:
         f7:a1:38:d5:28:ef:6d:52:51:89:8b:bc:c4:a3:87:9c:1e:af:
         7f:40:57:f1:2e:f4:34:04:e5:d8:7f:6b:77:58:9d:bb:e5:d8:
         57:57:c7:b7:42:1e:98:76:09:2a:22:25:c8:b4:94:35:d8:61:
         92:b4:20:50:5f:f5:25:30:52:52:9b:26:7b:06:2b:26:7b:35:
         c0:6f:79:47:d4:1f:32:8e:4a:c1:50:71:c3:63:af:b2:01:11:
         1a:55:db:39:89:84:1a:5b:91:2c:79:99:60:27:19:e2:59:88:
         63:40:16:ca:5b:2d:86:99:77:0d:83:77:49:64:37:d7:40:8c:
         15:ea:75:fb:58:ca:30:a9:11:11:87:35:ef:6f:41:36:10:13:
         1a:e3:04:19:90:f2:9e:3b:ab:8a:c1:65:93:fa:92:d5:d2:de:
         25:0e:75:80
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYjKHj9SLv3lF8OxgcH9QqnEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjE3MTYwOTE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmYzYWQ3ZTM2MDA1NTZmN2M3MjMzM2IyMzYwMTJiZTBlYTcxMWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+F7VOeraqLMLcbCGd10DeAelCdk
+IYt5dWkjRtH6qdV0n5pGuMbuhxhSBgE2v4wQ3YuW6CRAQlAA5OEDDe/rq0Nr1KG
Ra79YvriG7cViGKsxE4fc77fkM3KCSafZPxehlUU0lVzEL1/gpXn1YiXHMSQqJR0
HGrEDUR6ZyYsCTfGdQZSk3iv7eFRRCtazk5dHqvlJpspzsfmVvbTIoexmf7KITrQ
fxDQ8SHJ4tFlNUXprikPG4hLdHhiPFcGidoCBcr2289SYUMSiTOenVVyq9kXcXTm
0YeEn+z0n6KWVZnjZB+deudE9SwX0L9MUqDQP/JQbk3yx50eJZTxsdT0uQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFI/zrX42AFVvfHIzOyNgEr4OpxHkMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEval9PdGZqWUFWVzk4Y2pNN0kyQVN2ZzZuRWVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKZ7ZUr55ORGUmn+LKUx
7BCtAG2+bdXcPywbLJSbAdBycIypj20y7HX64yneg54c5alp0cYyWg14wp4IHnLf
QlyKDY+q9y/ifKA6mNfalmExjq83zrL0m/6Rg/ehONUo721SUYmLvMSjh5wer39A
V/Eu9DQE5dh/a3dYnbvl2FdXx7dCHph2CSoiJci0lDXYYZK0IFBf9SUwUlKbJnsG
KyZ7NcBveUfUHzKOSsFQccNjr7IBERpV2zmJhBpbkSx5mWAnGeJZiGNAFspbLYaZ
dw2Dd0lkN9dAjBXqdftYyjCpERGHNe9vQTYQExrjBBmQ8p47q4rBZZP6ktXS3iUO
dYA=
-----END CERTIFICATE-----