Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/jk8ol7UImctQQrsoLHv9gSngqjA.roa
File:                     jk8ol7UImctQQrsoLHv9gSngqjA.roa (raw, json)
Hash identifier:          3DSbFrV+OaCVQJNDPS271rkPsRtRuD1lrYIMKCnkRNs=
Subject key identifier:   8E:4F:28:97:B5:08:99:CB:50:42:BB:28:2C:7B:FD:81:29:E0:AA:30
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018963F424DB70209FB79555BF91798CED74
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/jk8ol7UImctQQrsoLHv9gSngqjA.roa
Signing time:             Mon 17 Jul 2023 13:04:51 +0000
ROA not before:           Mon 17 Jul 2023 13:04:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:189:63f3:9f62/128 maxlen: 128
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:63:f4:24:db:70:20:9f:b7:95:55:bf:91:79:8c:ed:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 17 13:04:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8e4f2897b50899cb5042bb282c7bfd8129e0aa30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:12:f6:0b:f2:9e:f8:63:9e:ef:1a:7a:0b:3c:
                    7c:0f:56:6d:5a:81:b5:71:a6:8d:72:bc:b5:3c:ef:
                    6a:89:9f:71:c1:f2:01:02:a6:17:0e:71:c4:11:87:
                    8f:bc:c2:d3:9b:26:66:ab:b4:89:b4:b3:b4:75:7a:
                    5c:79:0f:d9:9a:62:f8:4b:64:ea:4f:dd:e4:ac:bb:
                    a1:28:54:70:14:30:c2:2f:bb:3b:85:4d:c6:7b:2e:
                    cb:d5:fc:ee:1b:47:42:48:69:06:b3:be:7f:dd:fa:
                    86:59:e4:1c:40:3f:ab:e2:3e:2b:b3:8e:60:f4:84:
                    4a:56:c7:e7:a4:8b:16:4a:a5:30:4e:c6:6f:05:d7:
                    3e:d0:8c:16:eb:76:f4:92:92:f6:f6:46:d8:00:25:
                    ad:2c:fb:4e:10:86:b8:f0:a8:96:ff:6e:16:c9:cd:
                    7f:d6:9a:73:95:3c:3e:b6:ba:bc:3b:28:56:a5:af:
                    c1:20:2f:71:ef:f9:b3:e5:ab:41:1a:68:5d:04:78:
                    26:9b:03:5c:27:12:26:a5:2b:e4:30:37:2b:f9:27:
                    7e:f6:b3:28:a8:72:c4:fc:e4:1e:ba:29:5b:50:e0:
                    6a:80:b8:a0:2d:06:3b:3d:f8:11:b4:3f:d1:6b:65:
                    5d:3b:c9:e6:eb:05:9f:6d:9a:81:9b:c3:68:c2:57:
                    7b:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:4F:28:97:B5:08:99:CB:50:42:BB:28:2C:7B:FD:81:29:E0:AA:30
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/jk8ol7UImctQQrsoLHv9gSngqjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a5:eb:12:fc:d5:81:1b:c4:2e:f3:2c:89:48:90:9b:8e:1e:6e:
         4a:53:62:1e:c6:26:a2:ca:f3:35:0c:bb:f2:f7:a4:5d:c5:1e:
         46:0b:f8:39:81:f8:55:77:97:f0:cb:34:4b:24:36:6f:62:49:
         05:ed:29:4c:ce:6d:3b:5b:3f:7b:0f:e3:1e:01:b6:18:0c:2d:
         0b:9f:9c:c4:02:3a:af:52:22:14:52:2c:0a:42:d9:cd:5d:92:
         93:e4:09:2e:64:df:7f:07:0a:28:e9:9f:ba:3d:c5:4b:02:4d:
         78:52:89:e7:e2:1c:d1:01:5e:6b:bf:58:e7:ca:16:3e:d1:1e:
         3c:fd:20:cf:b7:02:64:45:54:13:5d:d4:24:fd:6a:86:09:91:
         41:71:53:53:95:c0:51:58:7d:1b:c2:6c:a6:c5:39:dd:b8:0d:
         7d:9c:dd:17:35:b1:5c:16:26:8f:f1:30:61:d8:b5:c0:ad:f3:
         e2:31:06:87:7f:a2:a2:a6:3f:5d:4d:cb:34:14:77:2b:1a:44:
         9f:eb:dd:d9:bf:a7:51:26:c0:81:32:e6:2b:ca:1b:95:6f:3d:
         9c:d2:1e:e2:3f:26:80:bc:30:ea:8c:ab:e5:20:83:b0:8c:04:
         a7:8f:14:a6:d8:41:50:e0:8e:5e:77:6d:bd:16:06:c0:70:6c:
         11:e5:45:39
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlj9CTbcCCft5VVv5F5jO10MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzE3MTMwNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTRmMjg5N2I1MDg5OWNiNTA0MmJiMjgyYzdiZmQ4MTI5ZTBhYTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyBL2C/Ke+GOe7xp6Czx8D1ZtWoG1
caaNcry1PO9qiZ9xwfIBAqYXDnHEEYePvMLTmyZmq7SJtLO0dXpceQ/ZmmL4S2Tq
T93krLuhKFRwFDDCL7s7hU3Gey7L1fzuG0dCSGkGs75/3fqGWeQcQD+r4j4rs45g
9IRKVsfnpIsWSqUwTsZvBdc+0IwW63b0kpL29kbYACWtLPtOEIa48KiW/24Wyc1/
1ppzlTw+trq8OyhWpa/BIC9x7/mz5atBGmhdBHgmmwNcJxImpSvkMDcr+Sd+9rMo
qHLE/OQeuilbUOBqgLigLQY7PfgRtD/Ra2VdO8nm6wWfbZqBm8Nowld7LQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFI5PKJe1CJnLUEK7KCx7/YEp4KowMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvams4b2w3VUltY3RRUXJzb0xIdjlnU25ncWpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKXrEvzVgRvELvMsiUiQ
m44ebkpTYh7GJqLK8zUMu/L3pF3FHkYL+DmB+FV3l/DLNEskNm9iSQXtKUzObTtb
P3sP4x4BthgMLQufnMQCOq9SIhRSLApC2c1dkpPkCS5k338HCijpn7o9xUsCTXhS
iefiHNEBXmu/WOfKFj7RHjz9IM+3AmRFVBNd1CT9aoYJkUFxU1OVwFFYfRvCbKbF
Od24DX2c3Rc1sVwWJo/xMGHYtcCt8+IxBod/oqKmP11NyzQUdysaRJ/r3dm/p1Em
wIEy5ivKG5VvPZzSHuI/JoC8MOqMq+Ugg7CMBKePFKbYQVDgjl53bb0WBsBwbBHl
RTk=
-----END CERTIFICATE-----