Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/kCV9DxvX_b-7R_AJ_8Gn2Wz1DVQ.roa
File:                     kCV9DxvX_b-7R_AJ_8Gn2Wz1DVQ.roa (raw, json)
Hash identifier:          0CkHh+M4onUw5yfv/9WZl7BA/QFmxKrEc+qOaFOh1XQ=
Subject key identifier:   90:25:7D:0F:1B:D7:FD:BF:BB:47:F0:09:FF:C1:A7:D9:6C:F5:0D:54
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0189416E8D6074B829AD3A267D569BC40D89
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/kCV9DxvX_b-7R_AJ_8Gn2Wz1DVQ.roa
Signing time:             Mon 10 Jul 2023 20:11:51 +0000
ROA not before:           Mon 10 Jul 2023 20:11:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:41:6e:8d:60:74:b8:29:ad:3a:26:7d:56:9b:c4:0d:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 10 20:11:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=90257d0f1bd7fdbfbb47f009ffc1a7d96cf50d54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:75:07:ad:bd:a5:d5:7f:fd:1d:a9:cf:05:d6:
                    cb:d6:7c:35:79:13:8d:3e:b1:13:90:28:2f:9c:99:
                    fb:18:43:77:98:4a:d5:b9:ff:68:73:9c:f1:2d:10:
                    89:61:ab:00:41:a1:b1:2c:88:b3:31:ad:26:39:23:
                    56:48:e8:7e:63:8d:e5:e4:63:c1:81:5c:73:2c:8f:
                    b9:a3:47:e8:e8:3d:2d:fc:3c:91:3a:88:83:5c:df:
                    cd:e9:62:63:45:91:46:3d:14:88:c9:af:a1:bc:fb:
                    52:5b:c8:d7:70:bf:21:93:4c:c0:fe:b3:f2:2a:47:
                    c4:fd:51:90:de:1f:68:bd:9a:64:6b:8f:ba:0b:20:
                    50:87:30:36:1f:16:c1:ef:4a:c0:75:4e:bf:17:8a:
                    67:5a:40:74:97:95:c6:0a:7b:7a:fc:78:6d:72:1d:
                    92:39:4b:3e:dc:02:5f:a3:2a:03:75:1f:77:05:bb:
                    6a:1c:a6:93:ba:a2:18:8d:db:8a:25:8e:6d:fd:f6:
                    84:6a:16:cb:6e:46:77:57:ce:0a:53:87:c9:ce:2f:
                    9a:e4:32:32:7b:45:30:cf:ed:b8:4c:eb:35:32:29:
                    eb:e4:81:c6:41:d3:a6:a6:8b:8d:11:14:97:6f:52:
                    90:42:73:97:6f:58:9c:e5:f2:c7:89:93:e0:9d:44:
                    b5:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:25:7D:0F:1B:D7:FD:BF:BB:47:F0:09:FF:C1:A7:D9:6C:F5:0D:54
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/kCV9DxvX_b-7R_AJ_8Gn2Wz1DVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         91:a6:bb:3d:2b:9e:20:b7:ad:36:8c:4d:b5:26:7d:e2:12:1a:
         d2:d5:e3:d3:1d:4c:9c:7d:f2:a1:0c:65:ab:78:bd:b8:51:7d:
         31:dd:17:b2:73:24:99:c4:86:81:3b:b1:08:e5:5a:a8:a9:da:
         e5:d8:41:6c:cf:71:1e:b6:2d:80:ce:5e:5a:af:b1:1b:7f:d5:
         d8:97:99:01:1b:57:a2:8e:a8:52:a9:f3:f2:55:1e:90:22:99:
         d8:01:df:a0:f7:58:75:37:de:c0:73:13:4b:ab:95:1a:f0:16:
         85:a5:2b:13:86:64:84:eb:66:9c:57:9e:83:24:cd:89:1e:e4:
         cd:81:58:c4:70:6f:13:86:61:db:fe:f9:62:0c:15:f4:f3:40:
         fc:c3:0e:c1:5f:f3:e8:db:1e:af:cc:e4:ca:b6:40:af:37:6d:
         00:5d:a6:74:9c:d5:12:53:df:12:25:53:a2:93:ef:60:e6:d9:
         31:77:37:4c:3f:c0:0b:c6:63:07:7e:80:92:00:8f:ad:d4:bb:
         fc:6d:e0:85:a9:f3:df:99:65:fd:32:aa:e4:1d:54:b2:ba:c5:
         6a:2c:88:c0:ee:3e:c5:5a:1e:83:51:12:56:b5:32:70:58:f9:
         5a:ce:9c:dc:fb:c9:81:8a:c5:c8:88:29:d0:16:1a:6c:35:47:
         0d:b4:11:94
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlBbo1gdLgprTomfVabxA2JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzEwMjAxMTUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDI1N2QwZjFiZDdmZGJmYmI0N2YwMDlmZmMxYTdkOTZjZjUwZDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoHUHrb2l1X/9HanPBdbL1nw1eRON
PrETkCgvnJn7GEN3mErVuf9oc5zxLRCJYasAQaGxLIizMa0mOSNWSOh+Y43l5GPB
gVxzLI+5o0fo6D0t/DyROoiDXN/N6WJjRZFGPRSIya+hvPtSW8jXcL8hk0zA/rPy
KkfE/VGQ3h9ovZpka4+6CyBQhzA2HxbB70rAdU6/F4pnWkB0l5XGCnt6/Hhtch2S
OUs+3AJfoyoDdR93BbtqHKaTuqIYjduKJY5t/faEahbLbkZ3V84KU4fJzi+a5DIy
e0Uwz+24TOs1Minr5IHGQdOmpouNERSXb1KQQnOXb1ic5fLHiZPgnUS1BQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJAlfQ8b1/2/u0fwCf/Bp9ls9Q1UMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEva0NWOUR4dlhfYi03Ul9BSl84R24yV3oxRFZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJGmuz0rniC3rTaMTbUm
feISGtLV49MdTJx98qEMZat4vbhRfTHdF7JzJJnEhoE7sQjlWqip2uXYQWzPcR62
LYDOXlqvsRt/1diXmQEbV6KOqFKp8/JVHpAimdgB36D3WHU33sBzE0urlRrwFoWl
KxOGZITrZpxXnoMkzYke5M2BWMRwbxOGYdv++WIMFfTzQPzDDsFf8+jbHq/M5Mq2
QK83bQBdpnSc1RJT3xIlU6KT72Dm2TF3N0w/wAvGYwd+gJIAj63Uu/xt4IWp89+Z
Zf0yquQdVLK6xWosiMDuPsVaHoNREla1MnBY+VrOnNz7yYGKxciIKdAWGmw1Rw20
EZQ=
-----END CERTIFICATE-----