Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/nBmmUZCFh9aijwE0xpX_n7dcXfA.roa
File:                     nBmmUZCFh9aijwE0xpX_n7dcXfA.roa (raw, json)
Hash identifier:          H3TnCLFkbVzWsVpbW7sOVjUgqiOztO6oJ57XKRBmn48=
Subject key identifier:   9C:19:A6:51:90:85:87:D6:A2:8F:01:34:C6:95:FF:9F:B7:5C:5D:F0
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018875218911DABD2CB22605682A3B339E07
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/nBmmUZCFh9aijwE0xpX_n7dcXfA.roa
Signing time:             Thu 01 Jun 2023 04:05:12 +0000
ROA not before:           Thu 01 Jun 2023 04:05:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:188:7521:c9c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:75:21:89:11:da:bd:2c:b2:26:05:68:2a:3b:33:9e:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  1 04:05:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9c19a651908587d6a28f0134c695ff9fb75c5df0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:31:7e:61:0d:08:2a:7d:e8:67:12:22:6e:97:
                    a3:99:2a:9a:b7:e6:b1:a9:3a:cf:9e:c4:e1:57:80:
                    d2:c7:67:08:51:be:f4:05:58:85:d8:64:38:b7:fe:
                    b6:68:f0:6e:6f:91:9d:71:8e:3f:24:a6:84:36:e3:
                    7a:f9:bb:a3:50:cc:d7:a2:56:c6:68:26:fe:03:e5:
                    29:bf:f7:41:56:28:38:23:81:31:ea:c9:a7:61:83:
                    7d:8d:2e:5a:34:e3:60:e5:80:fd:ba:55:31:3f:0a:
                    bd:f0:57:77:7d:87:f3:9f:1f:b4:ef:fd:f0:5f:d4:
                    82:09:19:34:7c:1b:6e:c7:82:53:8a:c1:06:31:8e:
                    5e:eb:8c:f3:32:2e:bd:f8:82:10:63:2f:4e:46:13:
                    bf:73:22:94:33:6d:c1:f8:db:df:af:f4:d7:61:43:
                    e2:2c:15:12:8d:c4:59:49:d2:a9:ba:56:3b:9c:5a:
                    11:30:0b:a8:3e:ce:fc:56:5d:77:a9:38:95:ef:dd:
                    b9:77:47:95:6d:2f:4e:44:dc:d1:ca:84:e6:92:1c:
                    f2:b7:6f:af:76:bd:93:58:32:c3:17:de:be:e7:9e:
                    52:7e:b5:70:fe:f6:44:ee:54:0c:f5:64:03:c3:81:
                    01:c7:55:08:ba:60:3e:66:05:5f:44:ba:5b:46:78:
                    41:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:19:A6:51:90:85:87:D6:A2:8F:01:34:C6:95:FF:9F:B7:5C:5D:F0
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/nBmmUZCFh9aijwE0xpX_n7dcXfA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         87:64:f6:9b:42:84:a4:db:ea:2b:46:6e:e4:0c:db:6b:18:49:
         be:c8:87:ed:5b:61:57:c9:da:18:db:38:3a:b2:bc:62:16:72:
         e9:2a:e5:7c:71:ca:92:18:16:47:42:65:11:83:96:fa:fa:62:
         ca:30:b4:ac:38:b4:7d:48:4f:a1:ec:b4:18:b1:b5:b7:2d:8c:
         b7:d4:85:8f:63:25:5a:2b:01:0b:db:c5:63:54:7b:08:ed:61:
         c8:31:c5:d9:4f:bf:f2:31:a3:dc:b3:f3:cc:fb:67:60:2c:6f:
         3a:1e:f9:10:d3:68:99:4c:24:62:aa:a9:27:cb:4b:6b:b2:88:
         44:1b:15:36:71:0d:65:5b:ca:64:43:30:e2:40:7f:60:36:c9:
         9d:ed:48:75:90:16:2d:23:a2:72:e2:52:6b:e8:1e:b5:9f:c1:
         8d:a6:5e:ae:bf:21:30:4d:f5:59:23:de:6a:a3:e5:52:cc:40:
         73:0a:a8:83:24:c2:ff:0e:e7:92:41:7e:11:34:46:a2:0a:26:
         80:7d:38:f8:bf:a9:59:08:f8:26:8f:57:af:30:9f:7d:fa:eb:
         f9:b7:ae:a7:9f:e7:ef:52:98:6a:5c:f8:ba:c0:75:36:ed:fc:
         33:0d:b6:79:9b:6e:01:34:eb:fb:b1:d7:69:4d:4e:d3:ac:fc:
         b6:85:69:f6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYh1IYkR2r0ssiYFaCo7M54HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjAxMDQwNTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzE5YTY1MTkwODU4N2Q2YTI4ZjAxMzRjNjk1ZmY5ZmI3NWM1ZGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDF+YQ0IKn3oZxIibpejmSqat+ax
qTrPnsThV4DSx2cIUb70BViF2GQ4t/62aPBub5GdcY4/JKaENuN6+bujUMzXolbG
aCb+A+Upv/dBVig4I4Ex6smnYYN9jS5aNONg5YD9ulUxPwq98Fd3fYfznx+07/3w
X9SCCRk0fBtux4JTisEGMY5e64zzMi69+IIQYy9ORhO/cyKUM23B+Nvfr/TXYUPi
LBUSjcRZSdKpulY7nFoRMAuoPs78Vl13qTiV7925d0eVbS9ORNzRyoTmkhzyt2+v
dr2TWDLDF96+555SfrVw/vZE7lQM9WQDw4EBx1UIumA+ZgVfRLpbRnhB7QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJwZplGQhYfWoo8BNMaV/5+3XF3wMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbkJtbVVaQ0ZoOWFpandFMHhwWF9uN2RjWGZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIdk9ptChKTb6itGbuQM
22sYSb7Ih+1bYVfJ2hjbODqyvGIWcukq5XxxypIYFkdCZRGDlvr6YsowtKw4tH1I
T6HstBixtbctjLfUhY9jJVorAQvbxWNUewjtYcgxxdlPv/Ixo9yz88z7Z2Asbzoe
+RDTaJlMJGKqqSfLS2uyiEQbFTZxDWVbymRDMOJAf2A2yZ3tSHWQFi0jonLiUmvo
HrWfwY2mXq6/ITBN9Vkj3mqj5VLMQHMKqIMkwv8O55JBfhE0RqIKJoB9OPi/qVkI
+CaPV68wn3366/m3rqef5+9SmGpc+LrAdTbt/DMNtnmbbgE06/ux12lNTtOs/LaF
afY=
-----END CERTIFICATE-----