Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/nHdbVpRI94VUdnM7z5-ZZn5AiAo.roa
File:                     nHdbVpRI94VUdnM7z5-ZZn5AiAo.roa (raw, json)
Hash identifier:          9l9hb+6gglj1/qTfobG262TGujOF4+ytOfGNuNC3KSs=
Subject key identifier:   9C:77:5B:56:94:48:F7:85:54:76:73:3B:CF:9F:99:66:7E:40:88:0A
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188262F9EAA97DEA2DB78F5781ABAC6B296
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/nHdbVpRI94VUdnM7z5-ZZn5AiAo.roa
Signing time:             Tue 16 May 2023 20:10:35 +0000
ROA not before:           Tue 16 May 2023 20:10:35 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:26:2f:9e:aa:97:de:a2:db:78:f5:78:1a:ba:c6:b2:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 16 20:10:35 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9c775b569448f7855476733bcf9f99667e40880a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:b2:6a:d6:e7:e1:39:0b:a3:6a:2f:e4:1b:f1:
                    7a:42:8d:11:ee:39:ea:25:1a:97:a6:57:37:e4:46:
                    16:16:d0:bf:bb:a3:bd:18:80:7f:44:d6:e3:03:35:
                    22:08:b8:42:c2:1a:4e:86:fe:a0:ef:d4:ae:09:44:
                    40:44:3d:dc:cd:a1:8b:ba:f7:84:18:c7:15:98:82:
                    f7:fd:cd:5f:8f:c2:09:a4:82:bb:86:fa:88:1e:88:
                    4f:e8:4a:78:26:d8:6b:44:55:a3:b3:f9:2d:8f:f2:
                    f6:1d:6b:e7:c0:f3:44:4d:f6:4c:88:a5:4b:a1:58:
                    bb:66:eb:ef:ab:f8:b2:fb:35:da:10:92:bf:4a:56:
                    8a:ad:b7:a9:cc:5b:53:b8:88:76:c5:53:9d:cb:a7:
                    91:43:02:df:fe:87:22:c5:ab:34:fd:53:07:33:bc:
                    f0:ca:af:06:46:53:59:35:32:8b:c0:3b:db:62:39:
                    a6:99:a8:4b:f8:bf:13:ea:f6:9b:9d:6b:8c:d8:22:
                    6b:6c:29:23:b4:05:e7:bf:95:0a:c9:d2:0b:aa:8f:
                    90:89:7b:21:25:4f:e3:66:2d:d2:5a:66:50:7c:07:
                    6a:5f:6e:f1:e4:04:45:93:a4:96:80:11:83:b4:6c:
                    72:5f:15:5f:12:dc:fe:b4:85:d0:24:07:fc:13:57:
                    d3:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:77:5B:56:94:48:F7:85:54:76:73:3B:CF:9F:99:66:7E:40:88:0A
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/nHdbVpRI94VUdnM7z5-ZZn5AiAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         69:f3:71:48:81:f8:64:36:c9:31:04:aa:0d:22:d0:63:17:12:
         b9:d3:ff:a3:3c:d8:ed:7c:90:eb:86:d3:f0:b1:39:f7:ea:dd:
         45:18:9b:72:88:28:62:5c:a6:fe:21:84:43:9d:51:1a:1c:4f:
         bd:99:59:58:86:eb:b5:b3:dc:48:cb:5c:d8:02:3d:54:1a:97:
         82:33:8d:27:ed:12:2e:ec:c7:15:de:ef:19:49:cf:c7:40:bd:
         6c:90:0e:a0:4d:7e:42:30:57:1e:38:78:a6:3c:81:0c:c8:67:
         71:8a:40:17:80:af:99:33:52:f8:08:15:bd:f0:a1:d4:bd:e1:
         a4:42:fd:f3:f8:27:65:65:d9:64:5c:1d:2e:d6:19:f3:89:96:
         23:f8:20:62:96:c2:58:e3:9e:af:0c:4f:8b:64:2c:cf:08:31:
         07:0c:29:15:78:21:b4:7b:49:f7:48:00:7b:75:e2:77:01:40:
         78:c4:e8:b5:74:73:10:28:58:43:c7:dc:cd:74:d3:d1:d7:79:
         32:8f:08:84:0a:ed:51:39:ee:38:7d:ab:21:e1:cc:ed:18:d1:
         bf:74:4f:88:4a:92:7a:2b:b7:0b:cf:74:eb:58:9f:7e:e2:9d:
         f1:5d:04:c9:82:0b:58:6e:06:ad:2f:5a:18:86:c2:3e:f6:82:
         d1:38:82:ae
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgmL56ql96i23j1eBq6xrKWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTE2MjAxMDM1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Yzc3NWI1Njk0NDhmNzg1NTQ3NjczM2JjZjlmOTk2NjdlNDA4ODBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA07Jq1ufhOQujai/kG/F6Qo0R7jnq
JRqXplc35EYWFtC/u6O9GIB/RNbjAzUiCLhCwhpOhv6g79SuCURARD3czaGLuveE
GMcVmIL3/c1fj8IJpIK7hvqIHohP6Ep4JthrRFWjs/ktj/L2HWvnwPNETfZMiKVL
oVi7Zuvvq/iy+zXaEJK/SlaKrbepzFtTuIh2xVOdy6eRQwLf/ocixas0/VMHM7zw
yq8GRlNZNTKLwDvbYjmmmahL+L8T6vabnWuM2CJrbCkjtAXnv5UKydILqo+QiXsh
JU/jZi3SWmZQfAdqX27x5ARFk6SWgBGDtGxyXxVfEtz+tIXQJAf8E1fTjQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJx3W1aUSPeFVHZzO8+fmWZ+QIgKMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbkhkYlZwUkk5NFZVZG5NN3o1LVpabjVBaUFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGnzcUiB+GQ2yTEEqg0i
0GMXErnT/6M82O18kOuG0/CxOffq3UUYm3KIKGJcpv4hhEOdURocT72ZWViG67Wz
3EjLXNgCPVQal4IzjSftEi7sxxXe7xlJz8dAvWyQDqBNfkIwVx44eKY8gQzIZ3GK
QBeAr5kzUvgIFb3wodS94aRC/fP4J2Vl2WRcHS7WGfOJliP4IGKWwljjnq8MT4tk
LM8IMQcMKRV4IbR7SfdIAHt14ncBQHjE6LV0cxAoWEPH3M1009HXeTKPCIQK7VE5
7jh9qyHhzO0Y0b90T4hKknortwvPdOtYn37infFdBMmCC1huBq0vWhiGwj72gtE4
gq4=
-----END CERTIFICATE-----