Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/mLEZ04fxi2MO-3FtH3jUBO-0-To.roa
File:                     mLEZ04fxi2MO-3FtH3jUBO-0-To.roa (raw, json)
Hash identifier:          r+ALbcq2Nw6iy/t4kGTkfgX4UzndsvuSkSx9DWNVwAg=
Subject key identifier:   98:B1:19:D3:87:F1:8B:63:0E:FB:71:6D:1F:78:D4:04:EF:B4:F9:3A
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0189473D60448BB4868788F4068D20F08D08
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/mLEZ04fxi2MO-3FtH3jUBO-0-To.roa
Signing time:             Tue 11 Jul 2023 23:15:51 +0000
ROA not before:           Tue 11 Jul 2023 23:15:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:47:3d:60:44:8b:b4:86:87:88:f4:06:8d:20:f0:8d:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 11 23:15:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=98b119d387f18b630efb716d1f78d404efb4f93a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:3b:09:d4:c8:26:45:5c:49:ad:bf:e3:c3:9a:
                    a6:ad:17:07:d8:e6:2d:c9:3b:1d:38:16:6c:61:09:
                    fa:31:c0:85:ef:b1:1a:7c:d0:95:4a:7a:95:45:2b:
                    af:6f:fb:67:f5:5c:78:17:97:ee:d2:6d:70:1a:55:
                    1f:67:e8:55:51:63:c3:f5:d0:ee:ca:66:c5:f7:44:
                    c9:f5:24:c0:fc:9b:68:56:b3:83:e6:27:68:1a:3f:
                    79:06:37:d9:81:fb:e9:0f:50:bd:53:ca:1d:57:c4:
                    b8:eb:2d:7a:79:bd:e8:e1:a1:89:76:a7:b1:79:a4:
                    6c:f8:62:dc:28:6d:df:e2:83:b2:10:7d:0e:a3:81:
                    23:c9:bd:da:59:6d:6b:ab:32:80:12:3b:0f:16:1f:
                    91:d7:e8:d0:9f:c9:95:63:bb:70:16:f6:a1:a4:1c:
                    5f:e7:75:9a:b1:36:38:20:89:00:53:44:b5:9d:9a:
                    fc:4d:c2:15:49:15:41:46:b7:ce:1c:f3:d4:a9:92:
                    49:9e:ac:28:f9:6a:af:82:fc:a3:02:65:23:62:f9:
                    b9:11:c2:95:22:43:a1:99:56:f8:e2:d5:f3:ce:36:
                    72:7a:56:18:14:68:97:53:c6:52:d1:7c:d0:3b:d4:
                    60:13:1e:a3:61:c5:4c:e7:5d:5e:08:a7:1d:28:e3:
                    ce:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:B1:19:D3:87:F1:8B:63:0E:FB:71:6D:1F:78:D4:04:EF:B4:F9:3A
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/mLEZ04fxi2MO-3FtH3jUBO-0-To.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:71:ed:bd:a8:91:87:06:66:e3:6d:7d:b4:10:9a:d1:01:ae:
         29:4b:38:b6:e4:1e:99:c8:02:ec:d2:75:a1:c1:d3:34:43:aa:
         67:88:2c:dc:7b:aa:47:ef:1b:e8:c2:f1:be:92:39:e1:e5:a7:
         29:cf:ed:29:65:55:da:5a:93:0a:57:99:a4:d7:16:95:f8:65:
         e6:91:28:40:b8:ae:0c:68:90:6c:25:c0:ae:20:7b:06:95:f5:
         50:36:fb:22:35:3c:7f:9d:8f:9f:9d:35:5e:df:8c:da:18:3b:
         3b:df:f0:f2:41:f7:77:72:6a:3f:9d:45:64:ec:6a:9f:fb:ea:
         ad:c2:ba:95:dd:5c:d6:64:c1:fd:36:19:5c:11:f4:86:aa:61:
         36:3a:a4:7c:48:4c:e2:39:c9:fe:7a:6f:aa:de:5b:77:5b:aa:
         cb:b1:24:4c:22:8a:46:57:08:b8:c5:81:5c:a5:9b:f5:79:51:
         d1:69:ac:57:a6:ee:b4:54:fd:ab:dc:c2:e4:dc:3b:1e:27:b8:
         60:0f:62:54:01:bf:95:4a:42:16:49:3f:27:3c:c3:4b:ba:74:
         b4:71:31:09:28:17:46:b0:e3:94:64:63:4e:a2:d4:37:1f:db:
         84:07:30:4d:92:88:93:de:7e:eb:77:b3:fd:0a:d6:21:93:15:
         d0:6d:0d:2e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlHPWBEi7SGh4j0Bo0g8I0IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzExMjMxNTUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGIxMTlkMzg3ZjE4YjYzMGVmYjcxNmQxZjc4ZDQwNGVmYjRmOTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkzsJ1MgmRVxJrb/jw5qmrRcH2OYt
yTsdOBZsYQn6McCF77EafNCVSnqVRSuvb/tn9Vx4F5fu0m1wGlUfZ+hVUWPD9dDu
ymbF90TJ9STA/JtoVrOD5idoGj95BjfZgfvpD1C9U8odV8S46y16eb3o4aGJdqex
eaRs+GLcKG3f4oOyEH0Oo4Ejyb3aWW1rqzKAEjsPFh+R1+jQn8mVY7twFvahpBxf
53WasTY4IIkAU0S1nZr8TcIVSRVBRrfOHPPUqZJJnqwo+WqvgvyjAmUjYvm5EcKV
IkOhmVb44tXzzjZyelYYFGiXU8ZS0XzQO9RgEx6jYcVM511eCKcdKOPOEwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJixGdOH8YtjDvtxbR941ATvtPk6MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbUxFWjA0ZnhpMk1PLTNGdEgzalVCTy0wLVRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEtx7b2okYcGZuNtfbQQ
mtEBrilLOLbkHpnIAuzSdaHB0zRDqmeILNx7qkfvG+jC8b6SOeHlpynP7SllVdpa
kwpXmaTXFpX4ZeaRKEC4rgxokGwlwK4gewaV9VA2+yI1PH+dj5+dNV7fjNoYOzvf
8PJB93dyaj+dRWTsap/76q3CupXdXNZkwf02GVwR9IaqYTY6pHxITOI5yf56b6re
W3dbqsuxJEwiikZXCLjFgVylm/V5UdFprFem7rRU/avcwuTcOx4nuGAPYlQBv5VK
QhZJPyc8w0u6dLRxMQkoF0aw45RkY06i1Dcf24QHME2SiJPefut3s/0K1iGTFdBt
DS4=
-----END CERTIFICATE-----