Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/nAjKjhRPss0ueR-g4RBmJB-bUTU.roa
File:                     nAjKjhRPss0ueR-g4RBmJB-bUTU.roa (raw, json)
Hash identifier:          fWbKpiLWCV2/KnGTeP2jnf1dr5GKKQat90LVAP/Ojl8=
Subject key identifier:   9C:08:CA:8E:14:4F:B2:CD:2E:79:1F:A0:E1:10:66:24:1F:9B:51:35
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188CEA167CBA70E7CEECC0F12E606C7C555
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/nAjKjhRPss0ueR-g4RBmJB-bUTU.roa
Signing time:             Sun 18 Jun 2023 13:11:04 +0000
ROA not before:           Sun 18 Jun 2023 13:11:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:ce:a1:67:cb:a7:0e:7c:ee:cc:0f:12:e6:06:c7:c5:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 18 13:11:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9c08ca8e144fb2cd2e791fa0e11066241f9b5135
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:69:fe:0b:3d:1a:29:58:cb:39:b9:90:2c:47:
                    18:ce:00:ab:11:5a:9b:c0:f7:0d:0f:af:b8:89:4c:
                    fd:63:c7:d5:41:c4:26:ab:33:dd:0b:38:12:43:55:
                    6a:51:8d:fd:4e:4e:35:fa:21:ad:65:34:9c:f7:2f:
                    bc:b1:6a:7d:3e:b0:e0:3c:a2:9d:57:7a:bb:ef:00:
                    8e:7b:c5:9f:b6:f8:a8:6e:54:6e:0a:13:25:c6:a2:
                    05:ee:26:c8:ce:13:13:5b:8c:66:af:a2:fd:28:d2:
                    e8:2e:61:25:62:1b:ba:e0:5d:d7:9a:ff:48:0c:0d:
                    1a:91:b3:4b:11:ba:ed:0f:32:39:21:55:d8:85:6f:
                    50:35:63:af:71:57:a1:22:c7:0f:89:51:dd:3e:d6:
                    24:cc:4c:1a:14:9d:66:7d:74:1d:95:08:f9:99:48:
                    5d:08:58:5a:40:28:30:4e:a0:42:95:72:06:cb:50:
                    c6:e6:66:6b:7f:f9:b4:74:c9:0f:56:c6:b2:ff:82:
                    7e:63:e8:51:98:36:cb:c6:94:72:12:3c:87:9c:82:
                    2b:bb:6f:5c:ee:67:2c:9a:1e:2e:8f:09:f6:10:0b:
                    fc:52:1c:e1:bb:9d:4d:a2:0f:96:9c:ed:67:ca:1a:
                    3f:50:75:10:42:2d:92:34:4d:79:b6:b5:74:7f:37:
                    45:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:08:CA:8E:14:4F:B2:CD:2E:79:1F:A0:E1:10:66:24:1F:9B:51:35
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/nAjKjhRPss0ueR-g4RBmJB-bUTU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         b1:6d:eb:a2:ef:29:b6:db:e1:f7:15:66:47:db:ab:85:33:c7:
         34:87:15:41:b1:f8:21:65:60:d8:7d:b7:c8:c6:0c:86:06:c0:
         f1:a5:37:42:1d:66:21:b8:3f:71:a2:f0:6f:9f:24:6b:14:54:
         e2:fc:32:37:e4:dd:4b:45:ed:dd:58:d4:21:da:fb:b4:64:f4:
         62:75:09:f0:6c:96:ba:01:b6:03:a7:0f:d0:48:18:c8:83:69:
         dc:55:55:98:7d:99:41:e1:f1:8c:06:bb:e0:6c:c4:5d:8d:9f:
         15:df:fe:75:23:2a:1e:f4:ef:b2:69:9f:f4:e7:4f:51:99:38:
         ce:8e:06:17:31:ad:c0:f0:8e:08:7f:ad:a7:b0:05:d5:95:70:
         3e:59:4e:5f:07:fc:4a:e5:0c:a0:ec:5b:e8:41:b3:60:b0:97:
         cb:dc:2a:2a:c0:2e:45:9d:23:69:ed:43:33:d3:b6:bf:47:13:
         f4:c7:bd:e4:5f:95:78:51:d2:63:2e:e6:dd:2d:d6:94:ef:19:
         0e:e7:07:01:57:6f:ac:18:08:d0:75:d3:18:7c:7e:78:77:be:
         f7:05:54:35:db:5d:48:05:40:26:ed:f8:2a:13:30:73:36:d4:
         5e:76:da:13:4b:dc:4e:2b:23:0f:4c:b8:1e:31:f3:bf:39:50:
         8c:bd:d1:83
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYjOoWfLpw587swPEuYGx8VVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjE4MTMxMTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzA4Y2E4ZTE0NGZiMmNkMmU3OTFmYTBlMTEwNjYyNDFmOWI1MTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg2n+Cz0aKVjLObmQLEcYzgCrEVqb
wPcND6+4iUz9Y8fVQcQmqzPdCzgSQ1VqUY39Tk41+iGtZTSc9y+8sWp9PrDgPKKd
V3q77wCOe8WftvioblRuChMlxqIF7ibIzhMTW4xmr6L9KNLoLmElYhu64F3Xmv9I
DA0akbNLEbrtDzI5IVXYhW9QNWOvcVehIscPiVHdPtYkzEwaFJ1mfXQdlQj5mUhd
CFhaQCgwTqBClXIGy1DG5mZrf/m0dMkPVsay/4J+Y+hRmDbLxpRyEjyHnIIru29c
7mcsmh4ujwn2EAv8Uhzhu51Nog+WnO1nyho/UHUQQi2SNE15trV0fzdFQQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJwIyo4UT7LNLnkfoOEQZiQfm1E1MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbkFqS2poUlBzczB1ZVItZzRSQm1KQi1iVVRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBALFt66LvKbbb4fcVZkfb
q4UzxzSHFUGx+CFlYNh9t8jGDIYGwPGlN0IdZiG4P3Gi8G+fJGsUVOL8Mjfk3UtF
7d1Y1CHa+7Rk9GJ1CfBslroBtgOnD9BIGMiDadxVVZh9mUHh8YwGu+BsxF2NnxXf
/nUjKh7077Jpn/TnT1GZOM6OBhcxrcDwjgh/raewBdWVcD5ZTl8H/ErlDKDsW+hB
s2Cwl8vcKirALkWdI2ntQzPTtr9HE/THveRflXhR0mMu5t0t1pTvGQ7nBwFXb6wY
CNB10xh8fnh3vvcFVDXbXUgFQCbt+CoTMHM21F522hNL3E4rIw9MuB4x8785UIy9
0YM=
-----END CERTIFICATE-----