Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/mfknhgnao40x6OzTp79Wx0c4tNM.roa
File:                     mfknhgnao40x6OzTp79Wx0c4tNM.roa (raw, json)
Hash identifier:          tELKcnWJMkG75B/W+CCWpPnvThiBDuLeyJfhwEHp9Tw=
Subject key identifier:   99:F9:27:86:09:DA:A3:8D:31:E8:EC:D3:A7:BF:56:C7:47:38:B4:D3
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187717D96CBA40F0F29B7B5D8360939D9FA
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/mfknhgnao40x6OzTp79Wx0c4tNM.roa
Signing time:             Tue 11 Apr 2023 18:04:28 +0000
ROA not before:           Tue 11 Apr 2023 18:04:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:187:717d:4e38/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:71:7d:96:cb:a4:0f:0f:29:b7:b5:d8:36:09:39:d9:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 11 18:04:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=99f9278609daa38d31e8ecd3a7bf56c74738b4d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:6e:46:1f:e4:6c:e8:4e:e2:b9:b6:bc:66:03:
                    9b:37:cb:d0:b2:37:46:b3:51:53:aa:e2:67:eb:a0:
                    79:cf:70:32:c1:e2:08:f8:1c:96:ee:8f:8c:9a:b8:
                    76:f7:99:ae:42:16:e6:ad:b7:ae:da:b4:9e:14:cc:
                    52:74:8c:61:c8:c5:0c:bd:ad:4b:8e:1c:30:2d:c7:
                    b2:28:cf:50:dc:2d:2c:fd:ef:b6:f3:92:00:e0:b4:
                    7f:85:0f:b3:12:c8:06:06:29:a6:01:11:d9:aa:d3:
                    21:12:76:02:7c:ff:a4:38:0e:28:d1:28:13:6f:5d:
                    cb:e0:84:3c:b4:69:bf:8a:d8:ff:60:1c:9b:ad:f5:
                    be:e4:c6:0d:1d:e8:2b:46:a2:0f:3b:a9:0f:1a:b6:
                    01:cd:57:3d:cf:3f:66:70:31:3a:13:80:95:06:12:
                    51:85:4c:de:ea:b2:58:a0:3f:a0:c1:03:20:5e:87:
                    ab:c4:a9:72:4b:9a:e3:02:28:da:91:58:b0:c9:07:
                    3f:c6:69:6b:3e:86:c3:4a:0c:aa:7b:57:67:c7:af:
                    59:cf:36:41:d1:8f:e1:ce:40:36:2e:47:fe:49:e6:
                    aa:72:cf:1d:60:13:e6:0e:05:76:c5:78:f9:ee:46:
                    de:88:94:cc:63:b7:a5:3c:09:69:0f:65:34:3a:88:
                    1e:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:F9:27:86:09:DA:A3:8D:31:E8:EC:D3:A7:BF:56:C7:47:38:B4:D3
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/mfknhgnao40x6OzTp79Wx0c4tNM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         0b:46:1b:68:35:94:a5:48:19:a9:8f:67:34:ff:ec:d3:c1:1f:
         dd:03:40:19:48:78:0c:fd:b7:29:5b:e0:73:3b:d4:aa:ad:56:
         3a:92:44:a2:80:5d:af:93:2b:3c:e4:a0:2c:80:4c:25:47:c2:
         b9:20:48:4a:bb:82:fa:76:bb:95:9e:fa:5d:1f:60:b6:dc:8b:
         01:92:4e:5b:2b:d7:39:38:e4:cc:13:1c:58:a7:d3:bd:a5:1c:
         e5:c6:28:84:8d:89:d9:b6:b7:87:97:f2:7e:82:30:da:11:f2:
         97:ab:02:22:80:7e:64:43:69:d2:1a:09:2c:0e:b4:37:cd:ba:
         a6:d5:ca:2a:f9:77:78:a3:d3:32:d0:21:1d:a8:63:6f:ff:d7:
         d2:5e:cb:8f:d9:ac:9d:7e:06:30:c8:e3:b1:3d:0f:6d:eb:29:
         52:d1:52:15:99:4a:0f:df:b1:1e:01:fc:15:67:c2:b0:1d:8c:
         8b:5a:22:f4:6e:c0:86:93:01:0a:10:74:8d:af:3c:d6:84:3c:
         2a:99:97:ca:9b:0c:8f:11:f8:5a:99:9f:be:1b:36:5e:82:60:
         d5:fe:d5:15:88:34:d7:16:00:29:95:66:af:9e:7b:48:4a:b7:
         89:87:19:f7:7a:c8:84:f3:24:a7:8f:81:c1:b5:3a:b0:78:2b:
         59:c3:6c:f6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdxfZbLpA8PKbe12DYJOdn6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDExMTgwNDI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWY5Mjc4NjA5ZGFhMzhkMzFlOGVjZDNhN2JmNTZjNzQ3MzhiNGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsm5GH+Rs6E7iuba8ZgObN8vQsjdG
s1FTquJn66B5z3AyweII+ByW7o+Mmrh295muQhbmrbeu2rSeFMxSdIxhyMUMva1L
jhwwLceyKM9Q3C0s/e+285IA4LR/hQ+zEsgGBimmARHZqtMhEnYCfP+kOA4o0SgT
b13L4IQ8tGm/itj/YBybrfW+5MYNHegrRqIPO6kPGrYBzVc9zz9mcDE6E4CVBhJR
hUze6rJYoD+gwQMgXoerxKlyS5rjAijakViwyQc/xmlrPobDSgyqe1dnx69ZzzZB
0Y/hzkA2Lkf+Seaqcs8dYBPmDgV2xXj57kbeiJTMY7elPAlpD2U0OogeYQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJn5J4YJ2qONMejs06e/VsdHOLTTMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbWZrbmhnbmFvNDB4Nk96VHA3OVd4MGM0dE5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAtGG2g1lKVIGamPZzT/
7NPBH90DQBlIeAz9tylb4HM71KqtVjqSRKKAXa+TKzzkoCyATCVHwrkgSEq7gvp2
u5We+l0fYLbciwGSTlsr1zk45MwTHFin072lHOXGKISNidm2t4eX8n6CMNoR8per
AiKAfmRDadIaCSwOtDfNuqbVyir5d3ij0zLQIR2oY2//19Jey4/ZrJ1+BjDI47E9
D23rKVLRUhWZSg/fsR4B/BVnwrAdjItaIvRuwIaTAQoQdI2vPNaEPCqZl8qbDI8R
+FqZn74bNl6CYNX+1RWINNcWACmVZq+ee0hKt4mHGfd6yITzJKePgcG1OrB4K1nD
bPY=
-----END CERTIFICATE-----