Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/mKGfdUku9dtp9WNaOLTiUuo9fNU.roa
File:                     mKGfdUku9dtp9WNaOLTiUuo9fNU.roa (raw, json)
Hash identifier:          L00zC4bX92JXja55ivORrunGzaES/tUqeOOsmJixamI=
Subject key identifier:   98:A1:9F:75:49:2E:F5:DB:69:F5:63:5A:38:B4:E2:52:EA:3D:7C:D5
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018888076BEB82B69360368944060B25AECA
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/mKGfdUku9dtp9WNaOLTiUuo9fNU.roa
Signing time:             Sun 04 Jun 2023 20:09:27 +0000
ROA not before:           Sun 04 Jun 2023 20:09:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:88:07:6b:eb:82:b6:93:60:36:89:44:06:0b:25:ae:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  4 20:09:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=98a19f75492ef5db69f5635a38b4e252ea3d7cd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:9a:ee:8c:08:c5:05:ee:fc:68:f7:92:e5:ba:
                    d9:22:1b:bb:af:38:ac:7d:a0:93:81:0c:f6:ba:bb:
                    cc:0f:d7:ae:c1:16:19:2d:ec:f8:3b:c6:b4:8a:00:
                    3c:77:3a:be:a2:00:28:fb:d2:11:7a:13:d7:38:f1:
                    4b:ba:0a:96:70:99:8b:49:bd:12:5a:b1:3b:f1:bc:
                    e6:0f:86:c7:f7:2e:99:ed:4b:3d:d1:d8:c5:d9:e0:
                    0d:e4:ae:42:21:26:61:a7:6f:3b:63:5b:13:e5:f1:
                    11:be:fd:f1:0b:c7:a7:17:e5:b2:a6:c4:a9:02:98:
                    74:70:c1:70:2a:c5:82:b3:81:b4:95:c6:96:68:b8:
                    35:7c:f8:a2:2d:45:ad:30:41:43:d5:54:64:da:19:
                    51:8a:12:35:65:c4:fa:d2:9a:ff:a8:04:5b:54:78:
                    16:93:f9:84:d7:06:db:eb:13:02:c9:7f:c0:fc:7c:
                    8a:f8:4a:d9:19:38:3f:92:22:91:8c:5f:e5:d0:6f:
                    c1:30:a3:55:21:42:e6:d8:d2:d3:2f:15:d5:05:75:
                    47:19:87:89:d4:f4:8c:57:02:26:22:e1:2d:d1:b8:
                    4d:7a:36:a0:73:db:cd:c1:d8:82:2d:49:25:10:37:
                    ce:d8:f1:5f:42:01:30:9e:76:6e:ef:84:4d:99:00:
                    4e:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:A1:9F:75:49:2E:F5:DB:69:F5:63:5A:38:B4:E2:52:EA:3D:7C:D5
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/mKGfdUku9dtp9WNaOLTiUuo9fNU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         27:9e:b1:9e:67:60:b0:34:30:cf:56:a5:6f:25:7a:23:1d:d3:
         9c:26:1b:ac:de:44:5c:42:e4:98:81:b3:6c:0f:56:0f:45:b3:
         77:03:9d:d0:11:02:49:1d:2b:a2:10:16:6e:07:7f:ff:7a:8b:
         c2:b6:95:3f:b6:82:9e:33:c0:ac:24:27:d4:a5:7d:19:9d:e5:
         5e:45:0b:1a:fc:be:58:47:b5:88:0c:3c:0e:f5:ee:14:3f:65:
         08:d5:7c:70:3e:23:11:04:64:35:09:52:54:c0:83:be:0a:70:
         32:1a:b9:d1:ff:78:45:b7:d2:4b:91:79:da:d4:9e:cb:c7:bb:
         fe:83:1a:f9:5d:fa:86:a1:6d:74:8f:5b:51:74:38:0a:48:35:
         9e:14:9e:40:c3:60:00:c9:0a:8c:b7:25:f5:be:e0:a6:8a:3b:
         52:b3:a6:ab:ca:69:70:2b:7f:ea:a8:c3:55:80:5e:17:3b:fd:
         e0:fa:73:de:2f:94:b4:ab:19:cc:07:5d:89:10:88:f9:77:5e:
         da:f9:6e:ed:16:4e:81:47:97:dc:76:8d:ea:47:5e:20:3a:36:
         a7:21:8b:b4:64:62:10:6c:4e:b0:fb:59:ee:d6:07:08:53:43:
         0a:ad:03:cc:a6:a9:07:5b:d7:6a:b7:2e:c2:5f:32:66:72:6d:
         15:4e:72:35
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiIB2vrgraTYDaJRAYLJa7KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA0MjAwOTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGExOWY3NTQ5MmVmNWRiNjlmNTYzNWEzOGI0ZTI1MmVhM2Q3Y2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj5rujAjFBe78aPeS5brZIhu7rzis
faCTgQz2urvMD9euwRYZLez4O8a0igA8dzq+ogAo+9IRehPXOPFLugqWcJmLSb0S
WrE78bzmD4bH9y6Z7Us90djF2eAN5K5CISZhp287Y1sT5fERvv3xC8enF+WypsSp
Aph0cMFwKsWCs4G0lcaWaLg1fPiiLUWtMEFD1VRk2hlRihI1ZcT60pr/qARbVHgW
k/mE1wbb6xMCyX/A/HyK+ErZGTg/kiKRjF/l0G/BMKNVIULm2NLTLxXVBXVHGYeJ
1PSMVwImIuEt0bhNejagc9vNwdiCLUklEDfO2PFfQgEwnnZu74RNmQBOBQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJihn3VJLvXbafVjWji04lLqPXzVMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbUtHZmRVa3U5ZHRwOVdOYU9MVGlVdW85Zk5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACeesZ5nYLA0MM9WpW8l
eiMd05wmG6zeRFxC5JiBs2wPVg9Fs3cDndARAkkdK6IQFm4Hf/96i8K2lT+2gp4z
wKwkJ9SlfRmd5V5FCxr8vlhHtYgMPA717hQ/ZQjVfHA+IxEEZDUJUlTAg74KcDIa
udH/eEW30kuRedrUnsvHu/6DGvld+oahbXSPW1F0OApINZ4UnkDDYADJCoy3JfW+
4KaKO1KzpqvKaXArf+qow1WAXhc7/eD6c94vlLSrGcwHXYkQiPl3Xtr5bu0WToFH
l9x2jepHXiA6Nqchi7RkYhBsTrD7We7WBwhTQwqtA8ymqQdb12q3LsJfMmZybRVO
cjU=
-----END CERTIFICATE-----