Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/kVYM6KOB77rnJjspyi6m0nMipag.roa
File:                     kVYM6KOB77rnJjspyi6m0nMipag.roa (raw, json)
Hash identifier:          syi8vlm8sd3klDqOa8gr5Dc7HLrPai7nFY/BbaA5fIk=
Subject key identifier:   91:56:0C:E8:A3:81:EF:BA:E7:26:3B:29:CA:2E:A6:D2:73:22:A5:A8
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01894F2C04B44AB89B64BCA5373B3A7F6B6C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/kVYM6KOB77rnJjspyi6m0nMipag.roa
Signing time:             Thu 13 Jul 2023 12:13:52 +0000
ROA not before:           Thu 13 Jul 2023 12:13:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:4f:2c:04:b4:4a:b8:9b:64:bc:a5:37:3b:3a:7f:6b:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 13 12:13:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=91560ce8a381efbae7263b29ca2ea6d27322a5a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:3f:30:72:3e:3b:46:5a:0a:e6:72:7a:ac:3b:
                    7f:eb:2e:2b:8d:95:c6:2e:83:0a:41:b5:e0:91:18:
                    79:e0:34:8e:f7:8d:b0:63:ae:68:e7:3e:ff:0b:79:
                    ff:6e:4a:15:c1:10:11:5c:03:c9:cb:f5:f6:4c:0b:
                    1f:72:e4:e4:08:7f:40:8e:3c:43:53:ec:3f:df:c3:
                    1c:5c:1f:c0:6f:12:3f:ae:85:9a:9f:d8:d6:99:7d:
                    e7:74:30:cc:25:73:00:52:4b:3f:06:1a:5e:8a:67:
                    11:64:51:f0:f1:e7:21:70:bb:55:0e:12:bc:79:2f:
                    e8:6a:50:bb:3c:75:39:34:99:48:48:a1:ac:4f:4e:
                    a9:c7:03:11:36:92:a8:a7:9e:c0:31:d4:1b:00:d1:
                    df:17:ec:6d:56:ee:d7:07:9c:11:3b:1c:ba:46:66:
                    48:d3:6f:6e:11:32:c8:73:ca:ba:3e:5d:83:72:00:
                    9c:cf:90:9b:fe:cd:35:f7:79:44:f7:77:7b:4c:73:
                    49:10:b6:cc:58:13:54:51:09:68:0f:f4:83:38:c4:
                    a2:77:3f:22:c5:12:56:17:8d:26:55:da:70:4d:7f:
                    d1:1c:fd:b2:97:f4:ee:95:ff:1a:27:d0:3b:15:80:
                    7e:2e:29:1e:cb:98:70:88:4e:c3:a1:ce:ce:c2:a9:
                    5f:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:56:0C:E8:A3:81:EF:BA:E7:26:3B:29:CA:2E:A6:D2:73:22:A5:A8
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/kVYM6KOB77rnJjspyi6m0nMipag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         3d:7a:39:1d:70:af:36:1d:68:f3:56:79:ba:2a:73:5e:18:d4:
         5c:7b:c3:2a:85:e5:72:cf:e0:17:10:62:85:e4:d1:63:04:2d:
         a6:e2:ad:55:39:6c:9c:c6:1c:00:4a:85:7d:c4:92:61:54:94:
         ac:41:b3:2b:21:a8:c9:d1:1c:8c:d5:9c:7d:87:1a:7f:7b:82:
         52:c3:00:53:a7:9e:e8:7c:6f:ee:dc:4d:67:b1:99:55:9c:de:
         f5:cd:35:94:60:e7:b3:aa:75:14:5d:22:39:07:bc:01:d3:e0:
         21:74:79:35:1e:e7:c1:d3:d2:30:4f:fc:c2:0f:d5:bf:e3:3a:
         42:61:af:04:92:7b:bc:89:21:6f:a5:41:1d:f8:87:44:8a:cc:
         82:89:af:3d:ac:bc:e9:f7:da:16:d5:e4:a8:7a:54:de:90:f8:
         3b:ba:9b:22:c0:f3:0c:c5:01:80:39:7e:1e:c7:7d:5a:c2:1d:
         45:a1:4b:41:d8:b5:2e:f7:7d:b3:43:d5:05:54:4c:eb:55:78:
         f4:13:4d:30:2b:6e:09:3b:ce:31:54:9c:77:34:fc:c2:15:59:
         57:c9:9d:4f:f8:46:21:9d:e4:d6:cc:ee:11:a5:2f:52:d7:db:
         47:55:66:6a:a8:93:01:78:94:c1:71:7c:2b:ba:ee:6f:ec:25:
         c2:80:07:3c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlPLAS0SribZLylNzs6f2tsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzEzMTIxMzUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTU2MGNlOGEzODFlZmJhZTcyNjNiMjljYTJlYTZkMjczMjJhNWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhT8wcj47RloK5nJ6rDt/6y4rjZXG
LoMKQbXgkRh54DSO942wY65o5z7/C3n/bkoVwRARXAPJy/X2TAsfcuTkCH9AjjxD
U+w/38McXB/AbxI/roWan9jWmX3ndDDMJXMAUks/BhpeimcRZFHw8echcLtVDhK8
eS/oalC7PHU5NJlISKGsT06pxwMRNpKop57AMdQbANHfF+xtVu7XB5wROxy6RmZI
029uETLIc8q6Pl2DcgCcz5Cb/s0193lE93d7THNJELbMWBNUUQloD/SDOMSidz8i
xRJWF40mVdpwTX/RHP2yl/Tulf8aJ9A7FYB+Likey5hwiE7Doc7OwqlfQwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJFWDOijge+65yY7KcouptJzIqWoMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEva1ZZTTZLT0I3N3JuSmpzcHlpNm0wbk1pcGFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAD16OR1wrzYdaPNWeboq
c14Y1Fx7wyqF5XLP4BcQYoXk0WMELabirVU5bJzGHABKhX3EkmFUlKxBsyshqMnR
HIzVnH2HGn97glLDAFOnnuh8b+7cTWexmVWc3vXNNZRg57OqdRRdIjkHvAHT4CF0
eTUe58HT0jBP/MIP1b/jOkJhrwSSe7yJIW+lQR34h0SKzIKJrz2svOn32hbV5Kh6
VN6Q+Du6myLA8wzFAYA5fh7HfVrCHUWhS0HYtS73fbND1QVUTOtVePQTTTArbgk7
zjFUnHc0/MIVWVfJnU/4RiGd5NbM7hGlL1LX20dVZmqokwF4lMFxfCu67m/sJcKA
Bzw=
-----END CERTIFICATE-----