Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/jpj-kG7J4rfvTYLrwuUecSr4mLg.roa
File:                     jpj-kG7J4rfvTYLrwuUecSr4mLg.roa (raw, json)
Hash identifier:          ZXNb0ogMkaqXhTehRG2JcLf+knzEYvMcLbpz2T0h2i4=
Subject key identifier:   8E:98:FE:90:6E:C9:E2:B7:EF:4D:82:EB:C2:E5:1E:71:2A:F8:98:B8
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01883F4A7815E0928EFF6357A2156B28C174
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/jpj-kG7J4rfvTYLrwuUecSr4mLg.roa
Signing time:             Sun 21 May 2023 17:10:25 +0000
ROA not before:           Sun 21 May 2023 17:10:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:3f:4a:78:15:e0:92:8e:ff:63:57:a2:15:6b:28:c1:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 21 17:10:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8e98fe906ec9e2b7ef4d82ebc2e51e712af898b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:11:01:6c:15:8b:e6:24:f0:37:d0:67:4f:dc:
                    63:01:79:42:66:43:fc:e4:b2:b6:85:f8:7f:94:36:
                    71:32:17:b5:c8:c6:2b:ca:b3:47:ee:15:50:18:f5:
                    35:33:66:a2:27:24:1b:ce:bb:81:98:0e:5b:08:93:
                    df:d8:28:f6:bf:7a:d3:05:22:78:e0:3d:1a:c1:af:
                    06:83:0a:ac:72:45:a3:99:a9:85:e1:8b:b3:98:6a:
                    2e:1e:f7:24:0d:a9:19:79:51:85:c3:75:3e:4e:85:
                    7c:e5:57:2f:eb:b6:4f:96:78:5a:93:95:c8:33:ef:
                    94:58:37:eb:5f:72:8e:33:54:4f:68:70:31:53:19:
                    e9:41:a5:84:69:13:d7:28:48:a1:4b:bd:af:94:ec:
                    a0:0b:01:cb:86:c8:f9:ed:4f:ce:bb:73:63:6e:4c:
                    a0:b3:48:b5:45:5d:69:76:94:b0:7f:c3:e9:f1:93:
                    0d:cc:1d:13:cd:06:c3:cb:54:d9:4b:d7:72:7b:d4:
                    28:21:20:48:f5:27:38:b9:d3:ad:ef:9a:90:13:b4:
                    a6:9c:08:43:20:be:d7:fc:30:e8:c4:3b:a8:b9:e0:
                    d7:1b:03:9e:c9:d6:96:67:2d:4a:52:6c:ea:17:82:
                    63:1c:b8:cc:4c:52:6f:55:28:f2:85:ec:04:b2:f5:
                    c2:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:98:FE:90:6E:C9:E2:B7:EF:4D:82:EB:C2:E5:1E:71:2A:F8:98:B8
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/jpj-kG7J4rfvTYLrwuUecSr4mLg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2c:cb:92:24:04:bb:bc:2f:f4:b7:cc:62:27:96:23:4f:44:cc:
         4e:47:3f:aa:be:9a:0e:8e:9b:b1:ae:7d:41:46:cc:42:af:b3:
         84:6f:c6:dd:dc:04:8a:38:bd:cc:11:b7:75:7d:c0:a3:42:f5:
         83:85:ab:79:49:ae:2f:68:b9:63:b5:a4:63:4a:ff:6f:9e:55:
         85:be:ad:9a:86:0a:e5:e7:fc:27:c3:e7:6b:6f:f2:4c:34:aa:
         b6:ac:91:8a:4e:37:73:fd:86:bc:7f:b0:26:29:a5:40:a3:d3:
         71:c7:39:1f:31:51:81:d3:f6:c8:86:f7:a1:31:c3:ec:6a:bb:
         84:49:26:8e:66:c7:eb:9b:f9:8b:39:a9:10:f7:ca:e3:8b:99:
         23:dc:e5:68:cf:99:94:2f:5e:f3:c9:51:60:6f:0f:74:6e:38:
         49:ae:1f:53:5a:6e:37:fb:be:b1:08:b4:7a:32:a4:16:de:ef:
         3b:8e:8c:62:88:f2:bf:99:bb:11:07:9b:83:8e:8a:e1:82:8b:
         18:4f:2f:d1:2b:93:90:6a:3f:bc:41:9b:5f:ac:46:a5:d0:d6:
         55:9a:9b:2a:d9:b1:97:bd:23:95:61:a5:ba:4a:a1:af:3d:f8:
         38:54:a2:93:12:35:a5:bb:09:bc:25:76:2d:e6:0e:30:45:86:
         fe:af:9f:f6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYg/SngV4JKO/2NXohVrKMF0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTIxMTcxMDI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTk4ZmU5MDZlYzllMmI3ZWY0ZDgyZWJjMmU1MWU3MTJhZjg5OGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxxEBbBWL5iTwN9BnT9xjAXlCZkP8
5LK2hfh/lDZxMhe1yMYryrNH7hVQGPU1M2aiJyQbzruBmA5bCJPf2Cj2v3rTBSJ4
4D0awa8GgwqsckWjmamF4YuzmGouHvckDakZeVGFw3U+ToV85Vcv67ZPlnhak5XI
M++UWDfrX3KOM1RPaHAxUxnpQaWEaRPXKEihS72vlOygCwHLhsj57U/Ou3Njbkyg
s0i1RV1pdpSwf8Pp8ZMNzB0TzQbDy1TZS9dye9QoISBI9Sc4udOt75qQE7SmnAhD
IL7X/DDoxDuoueDXGwOeydaWZy1KUmzqF4JjHLjMTFJvVSjyhewEsvXCewIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFI6Y/pBuyeK3702C68LlHnEq+Ji4MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvanBqLWtHN0o0cmZ2VFlMcnd1VWVjU3I0bUxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACzLkiQEu7wv9LfMYieW
I09EzE5HP6q+mg6Om7GufUFGzEKvs4Rvxt3cBIo4vcwRt3V9wKNC9YOFq3lJri9o
uWO1pGNK/2+eVYW+rZqGCuXn/CfD52tv8kw0qraskYpON3P9hrx/sCYppUCj03HH
OR8xUYHT9siG96Exw+xqu4RJJo5mx+ub+Ys5qRD3yuOLmSPc5WjPmZQvXvPJUWBv
D3RuOEmuH1Nabjf7vrEItHoypBbe7zuOjGKI8r+ZuxEHm4OOiuGCixhPL9Erk5Bq
P7xBm1+sRqXQ1lWamyrZsZe9I5VhpbpKoa89+DhUopMSNaW7Cbwldi3mDjBFhv6v
n/Y=
-----END CERTIFICATE-----