Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/lLIpq_3JKL0ubFrFUDslLJsMUOU.roa
File:                     lLIpq_3JKL0ubFrFUDslLJsMUOU.roa (raw, json)
Hash identifier:          1CKQoYxZY7Hp6IV7CyU36qkVU6khkV4SZShIgaGisuA=
Subject key identifier:   94:B2:29:AB:FD:C9:28:BD:2E:6C:5A:C5:50:3B:25:2C:9B:0C:50:E5
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01886166C4A3A1002CFE05AAF60BBFD10C74
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/lLIpq_3JKL0ubFrFUDslLJsMUOU.roa
Signing time:             Sun 28 May 2023 08:08:24 +0000
ROA not before:           Sun 28 May 2023 08:08:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:61:66:c4:a3:a1:00:2c:fe:05:aa:f6:0b:bf:d1:0c:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 28 08:08:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=94b229abfdc928bd2e6c5ac5503b252c9b0c50e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:b6:c5:82:11:4b:b8:de:af:e3:d0:9d:eb:ba:
                    f1:c7:4a:52:c6:c7:fd:94:3e:fa:cf:08:02:b7:93:
                    5e:4c:a9:1b:2f:f2:2b:e3:da:cb:5e:af:72:63:94:
                    8d:05:1a:3a:4f:ad:25:59:c2:5b:41:87:ab:d3:7e:
                    75:4e:73:8a:91:b8:8d:37:9b:c9:6b:d6:40:55:02:
                    e9:f6:c2:58:bd:00:97:01:5c:b9:5c:ab:d3:b5:e7:
                    32:6a:ef:35:22:76:1d:3d:b7:56:1b:94:ef:95:a3:
                    67:a6:24:19:5b:61:dd:2f:ac:d4:1b:07:09:f9:d1:
                    15:86:fd:d7:0b:1e:ee:bc:77:b7:92:a0:22:a8:bd:
                    2d:bc:ce:99:86:6a:4a:25:f6:19:09:c8:71:a9:9f:
                    96:4c:80:c6:79:b2:56:83:0a:41:cb:cc:dd:b5:50:
                    a9:44:d4:85:b0:90:ec:64:e7:d5:16:fe:de:16:3e:
                    a7:5a:c4:2f:17:07:f2:ff:11:e7:92:dc:50:5e:48:
                    37:cf:72:6a:9c:39:a1:f4:26:58:cc:c7:a9:1c:26:
                    34:0b:40:31:6e:95:d0:ec:69:0a:91:b2:2c:bd:5c:
                    9b:2b:a6:c4:83:2a:10:43:51:b6:d2:65:d5:a1:fe:
                    8b:7c:dc:24:9e:f6:5c:9d:1d:0d:35:e5:9d:4d:84:
                    83:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:B2:29:AB:FD:C9:28:BD:2E:6C:5A:C5:50:3B:25:2C:9B:0C:50:E5
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/lLIpq_3JKL0ubFrFUDslLJsMUOU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:0d:cb:06:08:23:f6:3c:5d:d0:3e:8d:76:e4:29:95:cf:e6:
         34:99:d3:a1:05:a5:91:74:e7:17:55:68:2b:2e:28:5d:a8:75:
         9e:e2:34:41:43:c0:7b:10:86:da:15:81:c9:87:19:c2:07:08:
         24:58:df:8d:bb:8b:2c:80:a9:d3:dc:f8:b1:aa:1e:37:14:f7:
         a9:26:36:d6:15:79:c2:5e:b4:b1:74:4b:3c:ba:52:ef:29:3a:
         35:54:29:ae:37:82:3a:e2:64:83:10:16:b1:85:de:34:d7:13:
         11:3b:88:68:8f:bb:8f:ea:a6:e3:76:68:0a:63:f0:ae:f7:80:
         8f:2f:97:cc:af:46:a6:c3:95:3f:4b:16:65:f4:05:87:1a:cb:
         a2:9a:65:d7:71:15:90:37:94:f0:e2:3e:e6:1d:42:dd:0d:98:
         a4:fc:6c:09:e4:3c:73:c8:fa:37:aa:33:c2:55:74:74:aa:f1:
         95:88:64:70:f2:b7:2f:21:24:08:56:93:1e:c5:bb:11:78:76:
         e6:94:e3:a3:14:54:83:fb:7d:e5:8c:90:0e:81:33:22:e9:f5:
         46:18:6c:63:8a:2b:3e:3e:f4:fc:7f:25:93:12:61:49:f9:9c:
         e1:7e:dd:6c:44:9d:14:f9:cd:26:23:97:8d:af:cc:49:ac:8b:
         14:15:1a:96
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhhZsSjoQAs/gWq9gu/0Qx0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTI4MDgwODI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGIyMjlhYmZkYzkyOGJkMmU2YzVhYzU1MDNiMjUyYzliMGM1MGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0bbFghFLuN6v49Cd67rxx0pSxsf9
lD76zwgCt5NeTKkbL/Ir49rLXq9yY5SNBRo6T60lWcJbQYer0351TnOKkbiNN5vJ
a9ZAVQLp9sJYvQCXAVy5XKvTtecyau81InYdPbdWG5TvlaNnpiQZW2HdL6zUGwcJ
+dEVhv3XCx7uvHe3kqAiqL0tvM6ZhmpKJfYZCchxqZ+WTIDGebJWgwpBy8zdtVCp
RNSFsJDsZOfVFv7eFj6nWsQvFwfy/xHnktxQXkg3z3JqnDmh9CZYzMepHCY0C0Ax
bpXQ7GkKkbIsvVybK6bEgyoQQ1G20mXVof6LfNwknvZcnR0NNeWdTYSD3wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJSyKav9ySi9LmxaxVA7JSybDFDlMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbExJcHFfM0pLTDB1YkZyRlVEc2xMSnNNVU9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHoNywYII/Y8XdA+jXbk
KZXP5jSZ06EFpZF05xdVaCsuKF2odZ7iNEFDwHsQhtoVgcmHGcIHCCRY3427iyyA
qdPc+LGqHjcU96kmNtYVecJetLF0Szy6Uu8pOjVUKa43gjriZIMQFrGF3jTXExE7
iGiPu4/qpuN2aApj8K73gI8vl8yvRqbDlT9LFmX0BYcay6KaZddxFZA3lPDiPuYd
Qt0NmKT8bAnkPHPI+jeqM8JVdHSq8ZWIZHDyty8hJAhWkx7FuxF4duaU46MUVIP7
feWMkA6BMyLp9UYYbGOKKz4+9Px/JZMSYUn5nOF+3WxEnRT5zSYjl42vzEmsixQV
GpY=
-----END CERTIFICATE-----