Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/mwdkfWOSlm9ECXwnD6-iQsKmO9A.roa
File:                     mwdkfWOSlm9ECXwnD6-iQsKmO9A.roa (raw, json)
Hash identifier:          XZu4tRvWmj7OflKTtlGqvhdAvlVAYiMaAk1m+9OkBhE=
Subject key identifier:   9B:07:64:7D:63:92:96:6F:44:09:7C:27:0F:AF:A2:42:C2:A6:3B:D0
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01888B3F2794924EFB347482D0AD8F1A928A
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/mwdkfWOSlm9ECXwnD6-iQsKmO9A.roa
Signing time:             Mon 05 Jun 2023 11:09:11 +0000
ROA not before:           Mon 05 Jun 2023 11:09:11 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:8b:3f:27:94:92:4e:fb:34:74:82:d0:ad:8f:1a:92:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  5 11:09:11 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9b07647d6392966f44097c270fafa242c2a63bd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:59:97:d4:11:6e:32:39:99:fa:27:49:78:e2:
                    ec:7f:e9:53:0f:fd:e0:e3:65:d9:b0:05:7e:af:2b:
                    21:de:c1:42:9a:f5:e4:78:a7:79:f4:32:be:db:32:
                    b9:42:a1:04:e5:1b:b8:28:3a:e7:39:b9:08:08:d8:
                    65:13:5c:e8:b5:d6:fb:44:70:b7:f1:af:13:f9:97:
                    27:30:7d:72:b7:f1:98:80:f4:dd:35:e0:8f:5b:86:
                    60:d5:c2:9d:ec:f2:08:c6:fd:d7:65:7d:af:b3:dc:
                    0e:91:b7:32:d1:3a:38:fe:90:6b:5a:49:32:fd:1e:
                    b2:20:61:b1:86:91:4b:f6:09:be:24:26:08:8d:f7:
                    53:f7:e0:81:bf:9d:de:1f:18:c9:53:c3:42:79:25:
                    57:34:fe:f9:0c:be:d3:98:0a:a6:f9:6f:57:1e:42:
                    a7:60:e8:c2:0d:ff:46:01:ac:32:7f:38:de:5a:8c:
                    e9:1b:d8:ec:f9:12:ed:99:91:b1:28:2a:a0:46:2e:
                    b7:ab:65:08:bf:5f:a5:f7:1a:45:c0:60:52:3c:92:
                    f3:1d:bd:11:aa:eb:22:98:c8:5e:d6:df:1d:81:2d:
                    79:f6:93:81:c9:d7:44:46:1d:42:5f:7c:f9:58:57:
                    b2:b6:3a:ba:a5:ba:8a:b3:87:a3:cd:e9:c1:bd:b4:
                    38:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:07:64:7D:63:92:96:6F:44:09:7C:27:0F:AF:A2:42:C2:A6:3B:D0
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/mwdkfWOSlm9ECXwnD6-iQsKmO9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         84:a9:7b:69:93:52:70:1e:b0:1f:10:d1:85:fb:0c:2f:aa:4a:
         d9:b9:3c:e7:cf:7e:a5:c5:da:05:22:b0:87:3a:a0:24:7f:7c:
         cd:96:33:9a:a4:74:d1:15:8c:ba:4e:ea:14:8a:a6:a8:af:8e:
         fe:c8:4d:a8:82:e4:8e:86:80:5a:71:7e:83:f9:68:6e:96:04:
         74:06:c4:2d:5e:05:56:f7:61:9a:c0:15:98:a4:d3:d5:6d:4d:
         98:a2:25:27:1b:11:fe:be:36:d2:57:3a:8a:d6:43:b3:74:22:
         98:1d:76:3d:90:26:7d:8b:f4:43:cc:58:b0:e6:30:45:44:de:
         a2:d0:97:6c:b5:f4:7b:36:5a:c5:af:0c:ed:b8:e3:d8:e2:1b:
         17:14:d6:d0:55:e9:79:71:0b:64:ef:54:f7:89:54:c2:6c:47:
         fb:92:da:1a:9d:17:ec:ab:bf:f5:b0:95:88:7d:f2:bf:24:69:
         44:49:03:99:1a:4c:f3:04:53:65:ef:54:b1:12:84:99:02:92:
         e1:4c:2a:27:6f:80:20:5b:e3:07:1c:c3:4d:a2:76:20:12:f5:
         36:ca:cc:5d:05:9e:a6:75:dc:48:08:a3:5a:a4:cd:82:74:49:
         30:83:6e:d1:81:d5:dd:88:8a:24:88:03:3a:a4:56:6b:0c:0d:
         8f:4e:ff:ff
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiLPyeUkk77NHSC0K2PGpKKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA1MTEwOTExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjA3NjQ3ZDYzOTI5NjZmNDQwOTdjMjcwZmFmYTI0MmMyYTYzYmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnVmX1BFuMjmZ+idJeOLsf+lTD/3g
42XZsAV+rysh3sFCmvXkeKd59DK+2zK5QqEE5Ru4KDrnObkICNhlE1zotdb7RHC3
8a8T+ZcnMH1yt/GYgPTdNeCPW4Zg1cKd7PIIxv3XZX2vs9wOkbcy0To4/pBrWkky
/R6yIGGxhpFL9gm+JCYIjfdT9+CBv53eHxjJU8NCeSVXNP75DL7TmAqm+W9XHkKn
YOjCDf9GAawyfzjeWozpG9js+RLtmZGxKCqgRi63q2UIv1+l9xpFwGBSPJLzHb0R
qusimMhe1t8dgS159pOByddERh1CX3z5WFeytjq6pbqKs4ejzenBvbQ4EQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJsHZH1jkpZvRAl8Jw+vokLCpjvQMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbXdka2ZXT1NsbTlFQ1h3bkQ2LWlRc0ttTzlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAISpe2mTUnAesB8Q0YX7
DC+qStm5POfPfqXF2gUisIc6oCR/fM2WM5qkdNEVjLpO6hSKpqivjv7ITaiC5I6G
gFpxfoP5aG6WBHQGxC1eBVb3YZrAFZik09VtTZiiJScbEf6+NtJXOorWQ7N0Ipgd
dj2QJn2L9EPMWLDmMEVE3qLQl2y19Hs2WsWvDO2449jiGxcU1tBV6XlxC2TvVPeJ
VMJsR/uS2hqdF+yrv/WwlYh98r8kaURJA5kaTPMEU2XvVLEShJkCkuFMKidvgCBb
4wccw02idiAS9TbKzF0FnqZ13EgIo1qkzYJ0STCDbtGB1d2IiiSIAzqkVmsMDY9O
//8=
-----END CERTIFICATE-----