Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/m_S5i4tUjQYe-bW6uFXgx3biINE.roa
File:                     m_S5i4tUjQYe-bW6uFXgx3biINE.roa (raw, json)
Hash identifier:          O5tfvl+51sdbvPwwe7GELKpe2qawYRfAxcSXskLlvjs=
Subject key identifier:   9B:F4:B9:8B:8B:54:8D:06:1E:F9:B5:BA:B8:55:E0:C7:76:E2:20:D1
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01887602C0A91E5E96805BFDE19B04446CB8
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/m_S5i4tUjQYe-bW6uFXgx3biINE.roa
Signing time:             Thu 01 Jun 2023 08:11:11 +0000
ROA not before:           Thu 01 Jun 2023 08:11:11 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:76:02:c0:a9:1e:5e:96:80:5b:fd:e1:9b:04:44:6c:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  1 08:11:11 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9bf4b98b8b548d061ef9b5bab855e0c776e220d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:b0:65:b9:56:03:6a:5c:07:54:b8:37:a8:dd:
                    3d:12:34:98:cd:bb:28:4b:46:37:17:f5:65:e3:2b:
                    ac:52:fe:c6:a8:20:8d:d9:5d:de:5b:77:d0:98:a4:
                    22:a0:24:ba:51:9c:ab:0e:e1:7e:f5:85:8e:b8:f9:
                    85:0f:91:1d:59:0d:b6:f5:2d:40:f6:27:8a:fc:2c:
                    01:b9:3f:0e:42:f0:af:40:18:1e:45:f3:b8:20:79:
                    b4:02:43:17:70:04:b7:89:54:cf:b8:4f:ae:14:5e:
                    41:c4:14:4a:a5:6e:20:95:3c:b5:77:79:a2:d2:48:
                    4e:ea:4a:cb:38:98:7f:22:51:aa:1b:85:12:22:db:
                    4f:6d:49:97:04:8d:c1:7f:a0:6b:92:70:f8:21:df:
                    16:4d:55:8a:c1:df:0d:ab:93:dc:4d:07:22:1e:a8:
                    a5:bc:2c:d5:6c:cc:1a:00:ab:87:67:f2:e5:f6:11:
                    01:88:98:b1:76:18:1d:46:0d:99:e6:3f:16:0c:f0:
                    4b:03:30:e2:a1:c2:cc:ee:50:8e:83:ab:74:a7:09:
                    f2:41:5c:01:9a:ac:89:cf:14:3d:d5:50:bf:6a:73:
                    4b:95:f3:17:26:9c:0b:b3:34:25:77:99:3d:c7:32:
                    61:98:fa:f4:c6:c3:6a:71:4f:ff:4b:58:dd:da:7d:
                    04:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:F4:B9:8B:8B:54:8D:06:1E:F9:B5:BA:B8:55:E0:C7:76:E2:20:D1
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/m_S5i4tUjQYe-bW6uFXgx3biINE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         9f:a1:b9:6c:3b:d0:c7:34:d5:00:39:34:f3:62:92:ed:47:ec:
         b5:b3:37:07:d2:6f:b3:90:6b:f8:80:c6:b3:3b:5d:63:c4:9c:
         7f:95:40:30:f5:d8:bf:97:13:83:54:b3:86:02:28:f7:d6:8c:
         84:a9:7f:35:02:81:51:0e:a8:fb:ca:5a:26:21:d8:09:79:be:
         b7:5e:7f:66:44:9b:8b:a4:b5:0b:f5:30:a1:43:89:ce:c0:cf:
         29:30:d9:37:8d:f9:1c:b0:b0:fd:78:56:7d:65:b1:76:f9:db:
         94:7c:8f:5c:e5:ee:6c:12:9b:e3:16:43:9d:17:5f:28:f5:e2:
         ae:2e:3f:42:99:10:ce:32:37:0c:76:65:ac:bb:af:18:c0:cf:
         4e:26:0f:41:49:af:ea:7c:cb:54:73:93:59:09:1d:7c:b1:cc:
         e1:71:dc:ba:5a:4a:23:13:bd:2e:8a:83:ae:c2:b8:56:ff:7d:
         49:66:47:f3:72:5a:bb:e9:a3:97:36:66:6c:39:4d:1b:7a:cb:
         19:d9:09:a9:4c:b4:6f:69:f5:63:10:f8:66:1b:86:40:b9:97:
         7a:ec:2b:80:ef:9b:f5:33:72:63:78:b9:87:48:9f:ae:23:4c:
         20:17:12:33:d0:4f:c1:0d:13:af:b2:9f:66:bc:eb:44:7f:52:
         75:9a:0d:0a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYh2AsCpHl6WgFv94ZsERGy4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjAxMDgxMTExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmY0Yjk4YjhiNTQ4ZDA2MWVmOWI1YmFiODU1ZTBjNzc2ZTIyMGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8rBluVYDalwHVLg3qN09EjSYzbso
S0Y3F/Vl4yusUv7GqCCN2V3eW3fQmKQioCS6UZyrDuF+9YWOuPmFD5EdWQ229S1A
9ieK/CwBuT8OQvCvQBgeRfO4IHm0AkMXcAS3iVTPuE+uFF5BxBRKpW4glTy1d3mi
0khO6krLOJh/IlGqG4USIttPbUmXBI3Bf6BrknD4Id8WTVWKwd8Nq5PcTQciHqil
vCzVbMwaAKuHZ/Ll9hEBiJixdhgdRg2Z5j8WDPBLAzDiocLM7lCOg6t0pwnyQVwB
mqyJzxQ91VC/anNLlfMXJpwLszQld5k9xzJhmPr0xsNqcU//S1jd2n0ENQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJv0uYuLVI0GHvm1urhV4Md24iDRMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbV9TNWk0dFVqUVllLWJXNnVGWGd4M2JpSU5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJ+huWw70Mc01QA5NPNi
ku1H7LWzNwfSb7OQa/iAxrM7XWPEnH+VQDD12L+XE4NUs4YCKPfWjISpfzUCgVEO
qPvKWiYh2Al5vrdef2ZEm4uktQv1MKFDic7Azykw2TeN+RywsP14Vn1lsXb525R8
j1zl7mwSm+MWQ50XXyj14q4uP0KZEM4yNwx2Zay7rxjAz04mD0FJr+p8y1Rzk1kJ
HXyxzOFx3LpaSiMTvS6Kg67CuFb/fUlmR/NyWrvpo5c2Zmw5TRt6yxnZCalMtG9p
9WMQ+GYbhkC5l3rsK4Dvm/UzcmN4uYdIn64jTCAXEjPQT8ENE6+yn2a860R/UnWa
DQo=
-----END CERTIFICATE-----