Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/kEd3iMXVdNwPwoM2hwxPr8-vGHc.roa
File:                     kEd3iMXVdNwPwoM2hwxPr8-vGHc.roa (raw, json)
Hash identifier:          boL8NeuYhjFTRyKAcpbo49UmKPDeEBiRyohYNl9ufKk=
Subject key identifier:   90:47:77:88:C5:D5:74:DC:0F:C2:83:36:87:0C:4F:AF:CF:AF:18:77
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188988DD561A0EA866ADB76A6DC4CE3E45C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/kEd3iMXVdNwPwoM2hwxPr8-vGHc.roa
Signing time:             Thu 08 Jun 2023 01:10:12 +0000
ROA not before:           Thu 08 Jun 2023 01:10:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:98:8d:d5:61:a0:ea:86:6a:db:76:a6:dc:4c:e3:e4:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  8 01:10:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=90477788c5d574dc0fc28336870c4fafcfaf1877
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:e3:c2:0b:0a:ba:ea:3c:5e:f7:80:dc:89:77:
                    c3:2f:f9:bd:34:7d:43:b4:09:2f:ec:27:24:2e:d3:
                    47:15:bd:a2:2a:72:56:53:71:c2:90:fc:e6:87:bc:
                    05:8a:fe:b1:dd:9a:cc:e9:71:7c:44:cc:e6:85:fe:
                    d0:fd:14:2e:51:3b:41:3e:ca:a7:0c:8a:b0:c1:59:
                    f2:e4:19:4a:68:c8:38:da:81:a9:63:89:87:f5:1c:
                    6b:40:95:1b:46:3b:c4:ad:d9:4c:6b:b4:0d:e7:63:
                    b2:1e:c2:e0:63:26:9f:d1:96:f9:55:23:ff:2a:ea:
                    b0:7f:8f:ec:28:ba:a4:70:61:b6:34:dc:84:7e:43:
                    30:ba:15:ef:e5:cb:92:db:fd:f1:60:73:c9:17:06:
                    2b:6f:95:53:d8:8c:50:6a:43:2e:41:f4:2a:74:b0:
                    67:df:3a:3e:78:6b:f6:9e:80:3f:9b:4d:ca:b5:19:
                    d9:dc:7d:a5:0b:ee:79:f1:c2:cd:9d:23:6e:d2:3e:
                    3d:47:83:29:3f:ef:53:23:79:16:8e:3d:83:de:cd:
                    55:09:b6:19:bc:96:b2:eb:4b:f9:1e:f7:c5:66:43:
                    74:c4:f6:35:c2:fe:a8:65:33:53:ae:a1:b8:53:91:
                    8d:ad:5e:b4:32:6d:13:2b:4c:36:03:35:c6:a0:b9:
                    fd:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:47:77:88:C5:D5:74:DC:0F:C2:83:36:87:0C:4F:AF:CF:AF:18:77
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/kEd3iMXVdNwPwoM2hwxPr8-vGHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         97:58:7d:07:de:b7:02:2e:dd:23:b1:6d:7f:60:44:5d:0b:c8:
         e6:d6:27:3d:bc:11:0d:20:ba:9f:49:72:3f:48:f1:42:ae:ce:
         ee:cb:a0:b4:5b:73:5d:06:06:49:bb:d9:3b:a6:60:00:94:91:
         8d:ed:88:d6:e2:3f:9f:44:71:67:73:f0:f6:ba:42:dc:a0:f1:
         a1:f6:80:74:cc:51:02:a0:de:0c:68:60:54:93:0d:43:c9:ea:
         f9:a4:f4:a0:fe:3e:5a:f8:69:e6:65:f9:18:c1:8e:76:70:3f:
         91:0d:eb:ac:ae:ff:66:6e:37:6b:f3:e5:a9:2f:fa:28:f9:9b:
         ad:e2:26:4b:85:b5:b2:85:1d:c2:46:ce:ca:28:97:b0:8c:56:
         66:d2:f5:a7:ce:ba:9f:a6:5d:6d:e3:fb:9e:98:40:d1:9c:02:
         44:79:16:c3:a1:4a:a4:35:19:07:2b:37:62:2f:78:b6:57:4c:
         25:bf:6b:f5:2e:40:35:0c:bb:1d:68:c9:83:84:cc:60:6d:4f:
         1b:db:62:3f:f5:9d:be:e2:e4:59:33:cb:e5:87:b5:34:38:0b:
         bc:07:7f:8c:f0:68:29:97:b3:ae:2e:46:e3:d3:e6:a0:0f:fc:
         dc:9b:33:e9:d8:ff:ff:a4:6c:aa:8e:43:c5:20:81:4b:4c:74:
         01:0a:dc:e9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiYjdVhoOqGatt2ptxM4+RcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA4MDExMDEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDQ3Nzc4OGM1ZDU3NGRjMGZjMjgzMzY4NzBjNGZhZmNmYWYxODc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh+PCCwq66jxe94DciXfDL/m9NH1D
tAkv7CckLtNHFb2iKnJWU3HCkPzmh7wFiv6x3ZrM6XF8RMzmhf7Q/RQuUTtBPsqn
DIqwwVny5BlKaMg42oGpY4mH9RxrQJUbRjvErdlMa7QN52OyHsLgYyaf0Zb5VSP/
Kuqwf4/sKLqkcGG2NNyEfkMwuhXv5cuS2/3xYHPJFwYrb5VT2IxQakMuQfQqdLBn
3zo+eGv2noA/m03KtRnZ3H2lC+558cLNnSNu0j49R4MpP+9TI3kWjj2D3s1VCbYZ
vJay60v5HvfFZkN0xPY1wv6oZTNTrqG4U5GNrV60Mm0TK0w2AzXGoLn9iQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJBHd4jF1XTcD8KDNocMT6/Prxh3MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEva0VkM2lNWFZkTndQd29NMmh3eFByOC12R0hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJdYfQfetwIu3SOxbX9g
RF0LyObWJz28EQ0gup9Jcj9I8UKuzu7LoLRbc10GBkm72TumYACUkY3tiNbiP59E
cWdz8Pa6Qtyg8aH2gHTMUQKg3gxoYFSTDUPJ6vmk9KD+Plr4aeZl+RjBjnZwP5EN
66yu/2ZuN2vz5akv+ij5m63iJkuFtbKFHcJGzsool7CMVmbS9afOup+mXW3j+56Y
QNGcAkR5FsOhSqQ1GQcrN2IveLZXTCW/a/UuQDUMux1oyYOEzGBtTxvbYj/1nb7i
5Fkzy+WHtTQ4C7wHf4zwaCmXs64uRuPT5qAP/NybM+nY//+kbKqOQ8UggUtMdAEK
3Ok=
-----END CERTIFICATE-----