Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/kIGistjToD_i9gbmVFIMzHqPQk0.roa
File:                     kIGistjToD_i9gbmVFIMzHqPQk0.roa (raw, json)
Hash identifier:          guoXTcGghdVLd4t2ZvxWPVhIwsTh37zsNfIqA9UWz2c=
Subject key identifier:   90:81:A2:B2:D8:D3:A0:3F:E2:F6:06:E6:54:52:0C:CC:7A:8F:42:4D
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187277C1A616F0777519325A0387167EA9B
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/kIGistjToD_i9gbmVFIMzHqPQk0.roa
Signing time:             Tue 28 Mar 2023 09:10:57 +0000
ROA not before:           Tue 28 Mar 2023 09:10:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:27:7c:1a:61:6f:07:77:51:93:25:a0:38:71:67:ea:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 28 09:10:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9081a2b2d8d3a03fe2f606e654520ccc7a8f424d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:b9:da:cd:78:9d:9d:a5:a8:d7:63:8b:1f:ae:
                    1b:16:ae:ee:35:59:ed:43:c2:4a:26:be:7a:ac:e3:
                    7b:27:13:cd:7f:ce:63:1c:d8:c8:d5:df:33:10:13:
                    64:f1:d3:ad:0d:00:9e:7c:36:84:a0:4b:7a:60:f0:
                    1e:64:37:7c:8d:77:62:e8:7a:67:4b:cb:cb:f4:5e:
                    97:70:f4:f5:eb:4b:0a:0a:69:d5:c9:64:5e:06:1d:
                    b0:99:9b:56:93:a9:3b:6c:99:32:17:95:84:bb:2e:
                    e0:7b:83:c6:98:3f:30:d0:25:53:f1:09:85:e6:39:
                    fa:14:62:aa:25:ad:8a:93:4f:80:91:df:12:34:dd:
                    f4:51:31:9b:d9:4c:a9:c9:d0:fa:80:b0:f8:72:21:
                    c5:41:ec:b2:1e:33:f1:5a:52:b4:c3:cd:38:0d:1d:
                    6c:d6:26:5f:3a:9e:c4:e4:50:05:e1:17:84:8e:f5:
                    df:6d:94:39:f4:51:cd:b0:32:60:1a:ae:ec:42:81:
                    5b:fe:cf:49:fc:14:92:6c:45:41:e3:2b:ac:44:5e:
                    7c:82:b8:46:46:50:f9:3f:e5:ea:71:5e:c0:98:90:
                    bc:0a:00:89:e1:db:3c:8d:93:04:b8:8b:3a:f6:32:
                    28:a6:c2:86:0f:b9:71:bc:54:26:e7:b8:71:31:54:
                    10:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:81:A2:B2:D8:D3:A0:3F:E2:F6:06:E6:54:52:0C:CC:7A:8F:42:4D
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/kIGistjToD_i9gbmVFIMzHqPQk0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         1f:50:0c:27:26:36:c8:34:18:27:36:16:8b:8f:3c:d4:ad:50:
         ce:1c:89:68:fb:59:ab:f6:0d:32:98:de:10:83:86:22:c8:c8:
         92:b7:46:73:f5:93:57:fb:f1:dc:9c:db:0c:40:9b:c3:ac:23:
         a4:fa:31:be:e8:55:12:91:4d:af:e5:71:45:da:cb:ea:47:32:
         58:1f:59:e0:85:5f:a4:b6:2b:a3:fa:57:93:7b:5c:fc:5b:eb:
         a2:75:dd:39:14:d3:f5:4b:18:15:d2:5d:00:76:bd:6e:4b:a5:
         ef:6d:7b:95:9d:da:a9:70:37:35:c5:96:e2:1f:98:ec:5f:38:
         06:93:cf:f7:eb:5a:eb:fe:df:bb:80:f5:7b:5d:51:74:6f:77:
         5a:0a:2a:43:89:f2:be:a5:99:7b:2d:4a:0d:c7:ca:ab:75:d8:
         6f:3e:f2:73:e5:c3:45:66:40:cc:db:3b:72:2e:11:a9:7c:b7:
         f1:3c:5f:cc:98:bd:97:66:c3:d0:95:a7:9a:70:5c:b7:13:d9:
         15:6d:36:34:54:8a:fd:d9:1d:77:47:8c:d8:21:9f:bb:f6:d0:
         df:19:34:61:fb:1d:a8:5a:52:82:f5:4f:9a:bc:30:23:e4:b6:
         ac:16:e3:c8:52:b5:f2:f7:55:1e:62:4d:2d:eb:64:63:4a:ee:
         69:ef:00:d0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcnfBphbwd3UZMloDhxZ+qbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI4MDkxMDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDgxYTJiMmQ4ZDNhMDNmZTJmNjA2ZTY1NDUyMGNjYzdhOGY0MjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj7nazXidnaWo12OLH64bFq7uNVnt
Q8JKJr56rON7JxPNf85jHNjI1d8zEBNk8dOtDQCefDaEoEt6YPAeZDd8jXdi6Hpn
S8vL9F6XcPT160sKCmnVyWReBh2wmZtWk6k7bJkyF5WEuy7ge4PGmD8w0CVT8QmF
5jn6FGKqJa2Kk0+Akd8SNN30UTGb2UypydD6gLD4ciHFQeyyHjPxWlK0w804DR1s
1iZfOp7E5FAF4ReEjvXfbZQ59FHNsDJgGq7sQoFb/s9J/BSSbEVB4yusRF58grhG
RlD5P+XqcV7AmJC8CgCJ4ds8jZMEuIs69jIopsKGD7lxvFQm57hxMVQQuQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJCBorLY06A/4vYG5lRSDMx6j0JNMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEva0lHaXN0alRvRF9pOWdibVZGSU16SHFQUWswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAB9QDCcmNsg0GCc2FouP
PNStUM4ciWj7Wav2DTKY3hCDhiLIyJK3RnP1k1f78dyc2wxAm8OsI6T6Mb7oVRKR
Ta/lcUXay+pHMlgfWeCFX6S2K6P6V5N7XPxb66J13TkU0/VLGBXSXQB2vW5Lpe9t
e5Wd2qlwNzXFluIfmOxfOAaTz/frWuv+37uA9XtdUXRvd1oKKkOJ8r6lmXstSg3H
yqt12G8+8nPlw0VmQMzbO3IuEal8t/E8X8yYvZdmw9CVp5pwXLcT2RVtNjRUiv3Z
HXdHjNghn7v20N8ZNGH7HahaUoL1T5q8MCPktqwW48hStfL3VR5iTS3rZGNK7mnv
ANA=
-----END CERTIFICATE-----