Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/nOE1UcKuGoLoNmJhsL4j4MRFTZ8.roa
File:                     nOE1UcKuGoLoNmJhsL4j4MRFTZ8.roa (raw, json)
Hash identifier:          4sw+HqBaMu+pbFu5yGD3Ulxq1k+0DV0da0jYERerWJI=
Subject key identifier:   9C:E1:35:51:C2:AE:1A:82:E8:36:62:61:B0:BE:23:E0:C4:45:4D:9F
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018974B0707F827999C69A218BFE2CBF1455
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/nOE1UcKuGoLoNmJhsL4j4MRFTZ8.roa
Signing time:             Thu 20 Jul 2023 19:04:27 +0000
ROA not before:           Thu 20 Jul 2023 19:04:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:189:74b0:6557/128 maxlen: 128
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:74:b0:70:7f:82:79:99:c6:9a:21:8b:fe:2c:bf:14:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 20 19:04:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9ce13551c2ae1a82e8366261b0be23e0c4454d9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:7c:37:0e:ab:30:76:50:c4:fe:8d:28:4b:b5:
                    45:07:f8:b7:b3:44:20:5f:b4:0b:4f:de:8f:ae:97:
                    18:b0:71:41:92:b5:65:c2:bd:21:4a:67:75:cf:cc:
                    91:4f:59:e9:8e:40:ba:74:82:7a:12:f5:cc:dc:36:
                    ba:92:50:ea:70:38:49:f9:d8:5c:d1:0d:77:e4:5b:
                    74:87:e8:a6:45:45:83:b0:06:02:12:1b:3f:5c:cd:
                    57:bb:f8:43:24:fe:ac:f5:23:42:f0:83:be:8f:7e:
                    f5:de:ea:df:f4:e9:8c:dc:88:ee:70:34:33:86:62:
                    a8:a6:88:3d:68:b0:f0:59:aa:81:00:33:f3:33:a8:
                    65:80:b4:69:ab:cb:a0:38:87:26:2e:bb:2c:05:76:
                    f4:41:69:cf:1e:9a:6a:89:f6:43:54:7a:64:03:12:
                    6e:a1:52:58:72:f4:0d:02:fb:8f:68:43:5d:43:d1:
                    8c:e6:f8:03:e2:bd:9a:dd:70:81:a2:84:06:4f:85:
                    b6:d4:8b:d2:d4:62:fe:11:c0:4f:7b:42:e8:47:25:
                    0c:22:97:22:4a:48:c7:51:b1:94:6f:48:44:14:23:
                    08:7f:4b:d9:cb:54:27:13:2c:c4:52:45:f7:64:77:
                    05:06:7d:25:9f:87:8a:f6:72:db:35:24:83:5d:dd:
                    73:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:E1:35:51:C2:AE:1A:82:E8:36:62:61:B0:BE:23:E0:C4:45:4D:9F
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/nOE1UcKuGoLoNmJhsL4j4MRFTZ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         5e:37:c5:cc:ea:03:88:a0:04:82:7d:02:4b:ad:a5:3a:dc:28:
         7a:0c:d4:2e:75:ff:00:e1:8c:58:83:31:97:9f:ce:9a:9b:1d:
         5b:fe:53:5f:35:1c:9f:b2:f4:51:dd:ff:3a:ac:c1:b7:8a:79:
         29:e2:f7:16:3d:8a:af:38:8c:d1:bf:f6:42:de:05:eb:77:f2:
         9b:fa:0d:ee:e5:7f:69:54:2c:22:74:d3:03:ca:f6:42:64:59:
         37:19:54:27:7d:4b:61:2a:dd:e4:a2:ef:9c:de:6e:b4:b2:dc:
         c3:34:0f:be:01:2e:07:88:c6:41:4f:8a:4f:f9:d2:22:5a:91:
         84:5d:31:8b:45:21:58:7f:0d:19:e4:e1:db:08:eb:b3:5a:05:
         40:43:ba:ee:60:a6:0e:42:a0:6f:49:c7:f5:35:41:24:d9:6a:
         fd:25:fa:18:db:f8:7a:aa:47:1a:4a:08:5d:ba:99:b6:b7:7c:
         1e:2d:4d:12:48:bf:e0:56:58:db:0a:a0:1f:26:99:81:5e:f5:
         9b:20:d5:5f:19:78:ff:75:d8:1d:4a:c9:b1:a3:67:78:05:68:
         b5:ff:dd:55:47:2e:4d:a2:50:cd:84:e9:68:6e:17:2f:47:dc:
         9e:5a:5b:c1:1a:09:83:b1:9e:f2:a3:65:74:f2:ec:aa:c7:a2:
         0a:93:45:d0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYl0sHB/gnmZxpohi/4svxRVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzIwMTkwNDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2UxMzU1MWMyYWUxYTgyZTgzNjYyNjFiMGJlMjNlMGM0NDU0ZDlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk3w3DqswdlDE/o0oS7VFB/i3s0Qg
X7QLT96PrpcYsHFBkrVlwr0hSmd1z8yRT1npjkC6dIJ6EvXM3Da6klDqcDhJ+dhc
0Q135Ft0h+imRUWDsAYCEhs/XM1Xu/hDJP6s9SNC8IO+j3713urf9OmM3IjucDQz
hmKopog9aLDwWaqBADPzM6hlgLRpq8ugOIcmLrssBXb0QWnPHppqifZDVHpkAxJu
oVJYcvQNAvuPaENdQ9GM5vgD4r2a3XCBooQGT4W21IvS1GL+EcBPe0LoRyUMIpci
SkjHUbGUb0hEFCMIf0vZy1QnEyzEUkX3ZHcFBn0ln4eK9nLbNSSDXd1zbwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJzhNVHCrhqC6DZiYbC+I+DERU2fMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbk9FMVVjS3VHb0xvTm1KaHNMNGo0TVJGVFo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAF43xczqA4igBIJ9Akut
pTrcKHoM1C51/wDhjFiDMZefzpqbHVv+U181HJ+y9FHd/zqswbeKeSni9xY9iq84
jNG/9kLeBet38pv6De7lf2lULCJ00wPK9kJkWTcZVCd9S2Eq3eSi75zebrSy3MM0
D74BLgeIxkFPik/50iJakYRdMYtFIVh/DRnk4dsI67NaBUBDuu5gpg5CoG9Jx/U1
QSTZav0l+hjb+HqqRxpKCF26mba3fB4tTRJIv+BWWNsKoB8mmYFe9Zsg1V8ZeP91
2B1KybGjZ3gFaLX/3VVHLk2iUM2E6WhuFy9H3J5aW8EaCYOxnvKjZXTy7KrHogqT
RdA=
-----END CERTIFICATE-----