Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/l0B7ykQybGT_8jNldYakec1aS-g.roa
File:                     l0B7ykQybGT_8jNldYakec1aS-g.roa (raw, json)
Hash identifier:          NBdfd1caZax6g0UElj1CnqkKaYOaLAYkqsWRqjjCYao=
Subject key identifier:   97:40:7B:CA:44:32:6C:64:FF:F2:33:65:75:86:A4:79:CD:5A:4B:E8
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018892F8EF93C414196F95750449B0C5AA65
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/l0B7ykQybGT_8jNldYakec1aS-g.roa
Signing time:             Tue 06 Jun 2023 23:09:27 +0000
ROA not before:           Tue 06 Jun 2023 23:09:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:92:f8:ef:93:c4:14:19:6f:95:75:04:49:b0:c5:aa:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  6 23:09:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=97407bca44326c64fff233657586a479cd5a4be8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:bd:3d:43:15:ff:f7:87:d7:fc:3b:ec:68:a2:
                    60:5a:5d:53:7d:52:db:05:a1:23:1a:a8:06:48:f6:
                    23:78:49:a1:be:94:4f:fd:d3:15:ca:98:be:43:23:
                    0d:04:55:1f:a9:0b:85:70:68:9c:ca:d6:32:dd:ba:
                    5d:4a:2d:db:43:54:fc:a3:2d:ae:c7:b8:2e:f9:4d:
                    2d:72:41:1c:7c:04:79:d0:97:26:d6:23:a6:5b:6f:
                    e1:1d:04:d0:6d:b4:d0:83:29:a8:8c:66:22:37:52:
                    5d:45:09:8f:f8:f6:bc:18:b5:ae:6d:b2:a3:b5:d4:
                    dd:7d:c8:93:92:8c:88:f9:61:71:a5:7e:92:d2:81:
                    13:e6:9c:e0:76:54:04:ba:08:14:c5:82:7c:bc:96:
                    ff:fa:e7:ea:56:3f:9c:af:b3:2d:2f:67:c9:d7:30:
                    a8:70:f8:2d:54:50:cc:80:20:b5:05:84:61:6a:80:
                    0d:89:6f:33:cd:6e:18:cc:61:9a:67:01:02:50:67:
                    3b:aa:29:3c:52:c0:95:b1:9d:c4:16:af:92:8a:e5:
                    8b:15:c6:27:79:ff:72:b3:04:d2:40:ca:02:05:e3:
                    ea:dc:df:21:0b:2e:14:dd:a6:28:56:6b:e0:a7:2e:
                    bd:86:d4:64:f3:07:10:77:4e:6c:75:9b:73:49:bf:
                    41:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:40:7B:CA:44:32:6C:64:FF:F2:33:65:75:86:A4:79:CD:5A:4B:E8
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/l0B7ykQybGT_8jNldYakec1aS-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         26:54:37:ee:34:94:38:cf:8b:94:db:3a:04:c0:84:f8:6c:de:
         70:a3:b6:87:e2:68:8b:7e:07:77:0b:c7:25:1d:d5:3b:de:7f:
         5a:87:f8:5d:d1:94:ce:2f:4c:6f:f2:70:79:7a:32:2e:6a:5d:
         dc:d9:46:77:01:f4:77:9d:44:bf:a7:58:ac:79:e2:a6:e4:b8:
         d2:78:0b:3f:b7:b6:60:48:e4:d4:84:d0:f8:a2:ba:0f:ce:1b:
         95:90:28:2c:47:79:e6:b9:0d:e0:64:e2:76:b0:09:5c:2f:a6:
         09:24:9c:a1:32:cd:be:c2:be:0d:58:b8:ea:23:38:58:95:1a:
         ad:0d:8f:29:59:0e:f9:68:17:4d:ed:5a:ed:6f:60:dd:a1:b1:
         dd:1f:3a:dd:c3:7d:68:14:c3:dc:d9:13:53:3e:92:10:81:42:
         71:d3:48:6f:26:b7:5d:89:cb:77:44:3e:8e:b3:f4:9c:21:ad:
         fb:02:e4:11:9e:b1:12:54:10:08:5b:b1:1c:c9:97:f4:94:9b:
         31:b0:0a:e0:0d:c0:8b:26:3c:35:3e:59:4e:f9:fc:6b:f5:35:
         a8:a4:6c:3b:16:71:52:dc:0f:86:b9:19:1f:91:97:51:f8:1a:
         85:dc:03:bc:1e:6f:24:35:4e:3f:ca:cc:70:93:4a:26:78:fd:
         1c:7a:fb:9b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiS+O+TxBQZb5V1BEmwxaplMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA2MjMwOTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzQwN2JjYTQ0MzI2YzY0ZmZmMjMzNjU3NTg2YTQ3OWNkNWE0YmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjb09QxX/94fX/DvsaKJgWl1TfVLb
BaEjGqgGSPYjeEmhvpRP/dMVypi+QyMNBFUfqQuFcGicytYy3bpdSi3bQ1T8oy2u
x7gu+U0tckEcfAR50Jcm1iOmW2/hHQTQbbTQgymojGYiN1JdRQmP+Pa8GLWubbKj
tdTdfciTkoyI+WFxpX6S0oET5pzgdlQEuggUxYJ8vJb/+ufqVj+cr7MtL2fJ1zCo
cPgtVFDMgCC1BYRhaoANiW8zzW4YzGGaZwECUGc7qik8UsCVsZ3EFq+SiuWLFcYn
ef9yswTSQMoCBePq3N8hCy4U3aYoVmvgpy69htRk8wcQd05sdZtzSb9B4wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJdAe8pEMmxk//IzZXWGpHnNWkvoMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbDBCN3lrUXliR1RfOGpObGRZYWtlYzFhUy1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACZUN+40lDjPi5TbOgTA
hPhs3nCjtofiaIt+B3cLxyUd1Tvef1qH+F3RlM4vTG/ycHl6Mi5qXdzZRncB9Hed
RL+nWKx54qbkuNJ4Cz+3tmBI5NSE0Piiug/OG5WQKCxHeea5DeBk4nawCVwvpgkk
nKEyzb7Cvg1YuOojOFiVGq0NjylZDvloF03tWu1vYN2hsd0fOt3DfWgUw9zZE1M+
khCBQnHTSG8mt12Jy3dEPo6z9JwhrfsC5BGesRJUEAhbsRzJl/SUmzGwCuANwIsm
PDU+WU75/Gv1NaikbDsWcVLcD4a5GR+Rl1H4GoXcA7webyQ1Tj/KzHCTSiZ4/Rx6
+5s=
-----END CERTIFICATE-----