Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/k4QgQkvGYq9wERij5BiHUqlOq-A.roa
File:                     k4QgQkvGYq9wERij5BiHUqlOq-A.roa (raw, json)
Hash identifier:          1YtW79fDgBnyYRvsWIavM6PgESj+XhPC6WhYSwdhwmU=
Subject key identifier:   93:84:20:42:4B:C6:62:AF:70:11:18:A3:E4:18:87:52:A9:4E:AB:E0
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01895D566B7C093AE4B4A65C3634E2E1AB82
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/k4QgQkvGYq9wERij5BiHUqlOq-A.roa
Signing time:             Sun 16 Jul 2023 06:14:51 +0000
ROA not before:           Sun 16 Jul 2023 06:14:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:5d:56:6b:7c:09:3a:e4:b4:a6:5c:36:34:e2:e1:ab:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 16 06:14:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=938420424bc662af701118a3e4188752a94eabe0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:89:ec:72:68:5d:40:f5:4f:06:2a:1c:20:9d:
                    39:f5:16:b9:f3:85:73:b2:d3:ab:c3:19:1c:2a:3b:
                    1f:95:08:e7:8d:bb:94:2c:ef:7f:26:75:89:af:cf:
                    ea:52:ba:8b:a9:d4:f6:e4:fb:4b:93:96:a0:53:8f:
                    a3:07:c7:9f:52:ec:70:86:be:74:15:f6:af:d7:c2:
                    97:e8:bd:9d:fa:af:bd:64:ae:c1:6c:36:ed:dc:93:
                    30:a7:ce:44:78:ce:9f:9b:1e:c9:2c:79:24:ff:e0:
                    34:3a:f6:ee:92:2f:a5:d8:e2:bf:d9:74:df:bf:d9:
                    de:17:e8:ba:56:d1:68:f5:0b:86:eb:1a:6b:53:77:
                    18:39:d6:15:6d:56:89:f0:1b:8c:b4:79:ce:4b:de:
                    db:e7:eb:13:9c:7d:47:2a:4d:ad:41:09:05:7d:48:
                    c2:31:9b:7a:58:c6:62:e0:dd:6c:22:0f:ce:45:41:
                    53:ff:eb:c6:f5:37:f8:88:74:cd:c5:ae:28:36:70:
                    82:65:e3:82:43:6c:f7:25:57:4d:15:9a:05:62:24:
                    c7:1c:25:b8:87:b5:7f:4f:15:f4:cb:e1:10:c0:fb:
                    7d:91:9a:e3:69:df:54:ac:17:42:64:ac:0b:7a:ae:
                    34:9b:fd:1d:a0:43:46:b0:e4:61:d8:d6:fd:b4:d0:
                    63:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:84:20:42:4B:C6:62:AF:70:11:18:A3:E4:18:87:52:A9:4E:AB:E0
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/k4QgQkvGYq9wERij5BiHUqlOq-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         12:89:50:24:7a:e9:cc:ca:f6:bd:68:e3:fe:fc:dd:15:fb:d5:
         1c:53:22:b4:c0:05:f8:01:69:83:54:2c:68:dc:57:6a:66:09:
         f3:0b:58:12:9e:ed:0e:1c:18:bd:9c:b3:66:45:8c:7e:04:ee:
         83:6b:f6:9e:84:43:e6:bd:1b:33:34:54:60:29:bd:51:69:af:
         70:ab:64:b3:88:d0:58:52:5d:b1:93:ed:39:2d:f0:ba:34:28:
         2d:af:59:b7:15:b0:0a:bc:2f:0e:cd:cf:b3:5c:92:9c:c8:de:
         70:a3:03:2b:50:97:6b:42:38:18:87:d1:c6:87:2d:26:50:26:
         5d:87:18:a7:42:2c:c5:03:79:80:79:08:fb:e4:ea:63:27:4a:
         27:67:8f:0a:2b:d4:49:8a:5e:4a:cb:65:01:af:93:d6:50:d2:
         5d:f0:46:1c:18:77:bf:d8:c9:ec:be:7e:f0:1a:30:03:29:d8:
         7b:1d:d5:c6:37:62:68:5b:fd:8d:cf:1b:db:8a:af:a7:47:e7:
         11:a8:9d:94:28:df:ef:d5:0a:69:9e:51:9b:68:c2:94:52:1b:
         0e:bb:48:cb:1b:9d:8d:71:aa:36:3c:18:c7:11:1d:18:c4:fd:
         8f:f9:10:a1:39:f9:a4:b0:34:1c:b5:a8:af:82:53:b4:5f:a5:
         1c:65:c0:09
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYldVmt8CTrktKZcNjTi4auCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzE2MDYxNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mzg0MjA0MjRiYzY2MmFmNzAxMTE4YTNlNDE4ODc1MmE5NGVhYmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYnscmhdQPVPBiocIJ059Ra584Vz
stOrwxkcKjsflQjnjbuULO9/JnWJr8/qUrqLqdT25PtLk5agU4+jB8efUuxwhr50
Ffav18KX6L2d+q+9ZK7BbDbt3JMwp85EeM6fmx7JLHkk/+A0Ovbuki+l2OK/2XTf
v9neF+i6VtFo9QuG6xprU3cYOdYVbVaJ8BuMtHnOS97b5+sTnH1HKk2tQQkFfUjC
MZt6WMZi4N1sIg/ORUFT/+vG9Tf4iHTNxa4oNnCCZeOCQ2z3JVdNFZoFYiTHHCW4
h7V/TxX0y+EQwPt9kZrjad9UrBdCZKwLeq40m/0doENGsORh2Nb9tNBjqQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJOEIEJLxmKvcBEYo+QYh1KpTqvgMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvazRRZ1FrdkdZcTl3RVJpajVCaUhVcWxPcS1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABKJUCR66czK9r1o4/78
3RX71RxTIrTABfgBaYNULGjcV2pmCfMLWBKe7Q4cGL2cs2ZFjH4E7oNr9p6EQ+a9
GzM0VGApvVFpr3CrZLOI0FhSXbGT7Tkt8Lo0KC2vWbcVsAq8Lw7Nz7NckpzI3nCj
AytQl2tCOBiH0caHLSZQJl2HGKdCLMUDeYB5CPvk6mMnSidnjwor1EmKXkrLZQGv
k9ZQ0l3wRhwYd7/Yyey+fvAaMAMp2Hsd1cY3Ymhb/Y3PG9uKr6dH5xGonZQo3+/V
CmmeUZtowpRSGw67SMsbnY1xqjY8GMcRHRjE/Y/5EKE5+aSwNBy1qK+CU7RfpRxl
wAk=
-----END CERTIFICATE-----