Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/m6J-ChQX6JmCvDhtkR_JnF055bg.roa
File:                     m6J-ChQX6JmCvDhtkR_JnF055bg.roa (raw, json)
Hash identifier:          ynoKeKV340TY+Jf/yWoDG1Ex/X5EVamlEqc1HtMdAok=
Subject key identifier:   9B:A2:7E:0A:14:17:E8:99:82:BC:38:6D:91:1F:C9:9C:5D:39:E5:B8
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018974B6D8ED4AF8397D2746A794E79E275E
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/m6J-ChQX6JmCvDhtkR_JnF055bg.roa
Signing time:             Thu 20 Jul 2023 19:11:27 +0000
ROA not before:           Thu 20 Jul 2023 19:11:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:74:b6:d8:ed:4a:f8:39:7d:27:46:a7:94:e7:9e:27:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 20 19:11:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9ba27e0a1417e89982bc386d911fc99c5d39e5b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:42:7d:d9:be:43:79:4a:93:a4:20:8c:7b:bf:
                    00:3f:ec:eb:11:92:ec:2a:53:42:e3:84:74:f3:ab:
                    df:14:cc:a3:13:12:4c:ae:58:d3:80:38:82:56:cf:
                    70:ce:be:e1:3f:f6:a6:60:e1:8f:ce:11:8c:ce:ee:
                    0a:b1:f3:b1:1b:b1:f4:e4:e4:2f:13:2a:ef:32:2a:
                    80:a7:44:84:1e:6d:cf:5b:3f:76:b3:47:f1:42:01:
                    a0:09:c7:29:39:de:24:9b:a1:aa:62:73:eb:d9:12:
                    f6:61:fe:f7:88:d9:ec:af:78:8d:22:d0:1c:e9:00:
                    37:75:77:54:80:58:b6:b9:90:bd:50:e4:06:af:8b:
                    64:e9:8b:33:d2:5e:59:49:de:83:44:9b:cf:5f:14:
                    e7:16:f0:ed:ce:db:2c:73:5e:ef:2d:1a:aa:2e:c7:
                    88:2e:7f:b3:2f:0f:41:78:b2:02:e3:d6:5e:34:c8:
                    d9:de:60:e6:9a:34:98:46:85:8d:fa:1f:c1:25:07:
                    f1:17:b2:58:57:e5:42:b6:2a:6c:0c:36:4a:82:52:
                    cf:04:b1:4e:cb:e6:73:ad:16:fa:0e:18:d7:ac:77:
                    b8:3b:5b:02:6e:a3:85:87:ac:a3:bc:4d:4e:9a:00:
                    59:6d:f8:0c:c9:85:f7:21:6a:5c:4c:44:21:c0:fb:
                    c0:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:A2:7E:0A:14:17:E8:99:82:BC:38:6D:91:1F:C9:9C:5D:39:E5:B8
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/m6J-ChQX6JmCvDhtkR_JnF055bg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         43:4b:9c:c9:fd:47:c6:7c:cc:88:4c:7e:bc:74:a2:46:bb:a1:
         2d:d0:00:a7:24:73:55:cd:eb:d2:49:9a:e7:30:9c:ac:f9:5f:
         69:cc:cb:33:8d:56:a5:ba:d7:c1:83:bf:52:96:c6:ca:d1:f0:
         ff:dd:58:4a:52:b6:8e:18:7d:b3:4b:49:42:42:01:04:78:31:
         a3:5f:dc:a2:32:12:cb:84:b2:24:15:45:4d:20:c6:f5:02:31:
         ce:47:36:db:9c:a7:94:83:9a:24:73:3c:58:74:b2:b5:c7:b8:
         c2:06:f2:bb:dd:1a:73:5b:f8:3e:33:a8:c8:7b:40:d0:e1:69:
         31:c6:35:1a:e1:a1:78:64:6b:75:33:b5:c5:d9:fe:08:c4:69:
         ec:11:03:69:b1:57:35:5b:bd:91:eb:b7:73:b7:af:3e:f5:14:
         6a:8f:51:0f:b3:be:4c:39:c2:1e:3b:11:29:e5:44:3d:2b:e8:
         24:1d:c2:a3:46:60:cc:71:36:37:3e:1e:3a:fd:16:e4:20:37:
         f3:46:1e:94:56:53:82:83:a7:76:ed:70:87:37:11:bc:61:4b:
         fe:66:1d:f5:60:ba:0b:ae:ea:99:1e:b5:aa:da:14:75:62:33:
         04:1b:8e:a5:7e:30:b8:18:70:a4:99:23:c7:bc:31:e6:ab:3d:
         62:87:7c:4f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYl0ttjtSvg5fSdGp5TnnideMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzIwMTkxMTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmEyN2UwYTE0MTdlODk5ODJiYzM4NmQ5MTFmYzk5YzVkMzllNWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqUJ92b5DeUqTpCCMe78AP+zrEZLs
KlNC44R086vfFMyjExJMrljTgDiCVs9wzr7hP/amYOGPzhGMzu4KsfOxG7H05OQv
EyrvMiqAp0SEHm3PWz92s0fxQgGgCccpOd4km6GqYnPr2RL2Yf73iNnsr3iNItAc
6QA3dXdUgFi2uZC9UOQGr4tk6Ysz0l5ZSd6DRJvPXxTnFvDtztssc17vLRqqLseI
Ln+zLw9BeLIC49ZeNMjZ3mDmmjSYRoWN+h/BJQfxF7JYV+VCtipsDDZKglLPBLFO
y+ZzrRb6DhjXrHe4O1sCbqOFh6yjvE1OmgBZbfgMyYX3IWpcTEQhwPvAPwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJuifgoUF+iZgrw4bZEfyZxdOeW4MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbTZKLUNoUVg2Sm1DdkRodGtSX0puRjA1NWJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAENLnMn9R8Z8zIhMfrx0
oka7oS3QAKckc1XN69JJmucwnKz5X2nMyzONVqW618GDv1KWxsrR8P/dWEpSto4Y
fbNLSUJCAQR4MaNf3KIyEsuEsiQVRU0gxvUCMc5HNtucp5SDmiRzPFh0srXHuMIG
8rvdGnNb+D4zqMh7QNDhaTHGNRrhoXhka3UztcXZ/gjEaewRA2mxVzVbvZHrt3O3
rz71FGqPUQ+zvkw5wh47ESnlRD0r6CQdwqNGYMxxNjc+Hjr9FuQgN/NGHpRWU4KD
p3btcIc3EbxhS/5mHfVguguu6pketaraFHViMwQbjqV+MLgYcKSZI8e8MearPWKH
fE8=
-----END CERTIFICATE-----