Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/kuRx6cxTR3DE3ofSHPjk0SloIl0.roa
File:                     kuRx6cxTR3DE3ofSHPjk0SloIl0.roa (raw, json)
Hash identifier:          oQoN0xNC149ULpH04s/GnBlCoGMv9ibZ0/NM6GEkCNM=
Subject key identifier:   92:E4:71:E9:CC:53:47:70:C4:DE:87:D2:1C:F8:E4:D1:29:68:22:5D
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018868B35B3A29270B1FC9FCB3D860AC5ABD
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/kuRx6cxTR3DE3ofSHPjk0SloIl0.roa
Signing time:             Mon 29 May 2023 18:09:24 +0000
ROA not before:           Mon 29 May 2023 18:09:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:68:b3:5b:3a:29:27:0b:1f:c9:fc:b3:d8:60:ac:5a:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 29 18:09:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=92e471e9cc534770c4de87d21cf8e4d12968225d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:e3:90:8c:71:15:cd:c4:a7:38:cc:f0:a1:cf:
                    b0:da:ac:c2:da:ee:90:85:d6:89:1f:6a:fd:04:22:
                    67:02:18:f0:6a:ff:23:81:98:5b:1c:59:e7:00:c8:
                    58:e2:47:a8:8c:5c:4b:29:f7:0a:78:66:6d:d0:3b:
                    da:64:7c:c7:dd:bd:ef:72:32:c9:ec:31:50:21:d9:
                    e5:4a:5d:22:b0:41:ee:fe:42:2f:8e:07:db:e8:c9:
                    8a:14:88:3e:c7:08:c6:45:03:8e:7e:b9:8d:e6:cc:
                    10:47:eb:86:bb:a7:db:12:98:c9:85:03:d4:af:84:
                    db:63:ad:c2:30:48:cb:cc:2b:24:cf:05:b0:3d:13:
                    44:bf:75:d8:a5:dd:e4:57:f0:bf:9f:eb:9c:51:5b:
                    21:f2:21:fb:a4:87:ff:5a:23:5e:d7:96:07:05:e5:
                    08:6a:fb:89:25:12:60:86:dc:db:18:4f:58:8a:8d:
                    4d:3b:43:1f:c0:97:cf:a3:09:81:89:d6:38:d8:20:
                    15:91:66:c0:93:84:3e:fa:24:1a:7d:2a:bb:ba:c6:
                    b5:17:c7:76:c2:d1:40:df:4d:64:f2:d8:75:f0:48:
                    59:ef:5e:6f:b4:45:7e:c4:6d:d3:97:22:57:80:d5:
                    49:67:2b:c2:a2:ec:0b:db:63:6e:8e:17:bb:78:06:
                    2d:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:E4:71:E9:CC:53:47:70:C4:DE:87:D2:1C:F8:E4:D1:29:68:22:5D
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/kuRx6cxTR3DE3ofSHPjk0SloIl0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:eb:53:e3:70:0e:27:34:51:b9:d6:7e:5e:d5:2c:81:c5:56:
         9e:a4:89:76:84:52:2b:5e:a9:6d:15:2e:3a:fe:ff:d4:05:24:
         82:e8:54:4f:de:81:b7:71:48:f2:6c:f1:c0:c2:35:ab:3c:16:
         35:2a:fe:e2:08:dd:1d:23:2a:b0:a4:d2:e9:57:43:d5:26:2c:
         4d:12:7b:66:7b:01:97:ff:73:c9:e3:3d:d9:f8:75:1e:f2:d7:
         f0:a2:32:dc:d2:32:39:01:e2:6e:4f:53:84:e3:19:91:c6:b8:
         a9:eb:f0:02:4e:77:61:a9:c7:0a:23:12:b5:ab:6b:35:bf:5a:
         58:8d:8e:02:57:0b:d9:07:38:cf:91:c5:d5:eb:93:39:ec:fd:
         14:37:bb:07:22:e5:92:0a:03:7b:38:4e:f5:cd:b6:0d:c6:39:
         02:90:53:e7:33:ad:ea:85:c6:8f:c0:b7:a8:e4:d9:1f:94:d4:
         7f:6d:ea:0d:65:1e:b8:a5:31:1a:4b:42:a1:c1:84:78:88:b8:
         26:6f:9c:e7:26:7e:1c:18:42:bd:a0:ac:d5:a0:1c:66:ec:d5:
         30:7d:e4:ec:1a:4a:76:b2:dc:50:a3:92:fa:0a:1e:0b:95:53:
         7b:42:f5:94:81:4a:96:64:bc:eb:45:fa:a5:cb:34:71:94:88:
         ca:e0:05:41
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhos1s6KScLH8n8s9hgrFq9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTI5MTgwOTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmU0NzFlOWNjNTM0NzcwYzRkZTg3ZDIxY2Y4ZTRkMTI5NjgyMjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvuOQjHEVzcSnOMzwoc+w2qzC2u6Q
hdaJH2r9BCJnAhjwav8jgZhbHFnnAMhY4keojFxLKfcKeGZt0DvaZHzH3b3vcjLJ
7DFQIdnlSl0isEHu/kIvjgfb6MmKFIg+xwjGRQOOfrmN5swQR+uGu6fbEpjJhQPU
r4TbY63CMEjLzCskzwWwPRNEv3XYpd3kV/C/n+ucUVsh8iH7pIf/WiNe15YHBeUI
avuJJRJghtzbGE9Yio1NO0MfwJfPowmBidY42CAVkWbAk4Q++iQafSq7usa1F8d2
wtFA301k8th18EhZ715vtEV+xG3TlyJXgNVJZyvCouwL22Nujhe7eAYtBwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJLkcenMU0dwxN6H0hz45NEpaCJdMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEva3VSeDZjeFRSM0RFM29mU0hQamswU2xvSWwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFDrU+NwDic0UbnWfl7V
LIHFVp6kiXaEUiteqW0VLjr+/9QFJILoVE/egbdxSPJs8cDCNas8FjUq/uII3R0j
KrCk0ulXQ9UmLE0Se2Z7AZf/c8njPdn4dR7y1/CiMtzSMjkB4m5PU4TjGZHGuKnr
8AJOd2GpxwojErWrazW/WliNjgJXC9kHOM+RxdXrkzns/RQ3uwci5ZIKA3s4TvXN
tg3GOQKQU+czreqFxo/At6jk2R+U1H9t6g1lHrilMRpLQqHBhHiIuCZvnOcmfhwY
Qr2grNWgHGbs1TB95OwaSnay3FCjkvoKHguVU3tC9ZSBSpZkvOtF+qXLNHGUiMrg
BUE=
-----END CERTIFICATE-----