Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/nPfoomAo6F9uxsbwzWNjP4mcfBk.roa
File:                     nPfoomAo6F9uxsbwzWNjP4mcfBk.roa (raw, json)
Hash identifier:          6tO88eAI4NEBX6JnSVenDCVRHdGr5V6VIb0g+3GpVSg=
Subject key identifier:   9C:F7:E8:A2:60:28:E8:5F:6E:C6:C6:F0:CD:63:63:3F:89:9C:7C:19
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188BC6349820A3F2B35294C72C3E814C4B6
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/nPfoomAo6F9uxsbwzWNjP4mcfBk.roa
Signing time:             Thu 15 Jun 2023 00:10:03 +0000
ROA not before:           Thu 15 Jun 2023 00:10:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:bc:63:49:82:0a:3f:2b:35:29:4c:72:c3:e8:14:c4:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 15 00:10:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9cf7e8a26028e85f6ec6c6f0cd63633f899c7c19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:d9:49:11:01:bf:c5:91:1b:bc:6c:78:a8:9b:
                    67:a2:6c:c8:eb:25:57:f3:3d:96:ef:fd:ec:49:74:
                    7d:36:6a:20:40:c9:2c:bc:5f:b6:d1:d1:9c:0b:a1:
                    8e:eb:d5:5e:8c:e1:6f:64:60:69:2a:de:95:31:dd:
                    8a:be:01:78:72:72:30:96:7a:20:14:66:aa:49:42:
                    3a:4a:3d:7b:d3:f1:12:1e:e2:62:05:6b:24:0a:f6:
                    bb:59:15:f0:29:26:fb:5b:7e:ec:51:00:dc:a6:7b:
                    61:96:64:0d:a5:44:4b:90:d1:4c:9d:e3:4e:57:23:
                    82:08:47:f9:de:42:f1:34:1d:d8:b9:c9:f0:bd:a6:
                    29:30:03:2b:a0:89:12:77:5d:d6:f2:83:5c:73:39:
                    5d:95:a4:bf:68:8e:aa:6d:f5:e3:31:10:97:31:6c:
                    6b:8d:08:68:77:fb:a8:8d:39:e4:e6:8f:aa:1e:72:
                    87:78:66:3b:c3:a8:02:a3:40:dc:8d:d4:34:75:08:
                    f4:7b:de:f3:06:bd:4e:5e:2b:4a:22:75:8f:df:99:
                    ca:e6:15:b7:fd:ee:94:20:db:4c:b6:40:0f:3e:2c:
                    7e:be:35:65:f3:b9:52:5e:b2:a8:6f:6b:6e:6d:34:
                    54:9a:01:36:44:ac:d4:b5:33:a3:d4:58:66:08:05:
                    b3:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:F7:E8:A2:60:28:E8:5F:6E:C6:C6:F0:CD:63:63:3F:89:9C:7C:19
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/nPfoomAo6F9uxsbwzWNjP4mcfBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:2c:31:06:f0:32:4f:e1:e1:0b:61:8d:21:67:ce:76:26:ba:
         f0:3b:09:ed:fd:04:b1:8c:f6:d1:a0:3c:85:5f:2b:e2:e4:4c:
         ce:db:c9:02:2e:b0:47:c4:cb:3a:5f:cc:e3:6c:e4:f2:f1:c9:
         af:2d:7e:bb:3a:c8:2b:05:f8:cc:7b:16:35:5e:2b:90:b4:cf:
         ea:74:3a:33:ac:9c:94:33:f8:6b:fd:7f:b3:eb:99:20:ae:88:
         36:a3:f9:6f:9e:43:d1:c5:5a:a9:38:3e:0d:33:17:b8:46:0a:
         e7:f1:5e:30:2d:2c:24:5c:72:f3:c9:24:9a:48:29:71:26:12:
         4f:f7:66:6b:c5:53:ca:5a:02:b1:78:7a:2a:55:7d:d0:05:99:
         eb:8e:95:9e:1e:f6:c9:e3:71:83:00:a2:59:7d:0a:84:36:34:
         74:8b:22:d8:57:c9:96:09:ad:1a:af:41:03:34:eb:86:15:80:
         1c:c9:04:03:8c:fb:7d:85:72:a7:5d:4c:49:19:89:b6:f7:37:
         80:20:c2:8b:7f:03:37:a4:fa:65:2e:e3:05:ff:b2:73:40:e2:
         b4:b5:38:c4:67:3c:2d:e0:39:b8:53:49:c7:f8:28:d7:db:13:
         e1:53:18:32:51:fe:12:f3:0b:e8:6b:d6:69:e8:c4:8c:58:a3:
         94:17:22:2d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYi8Y0mCCj8rNSlMcsPoFMS2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjE1MDAxMDAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2Y3ZThhMjYwMjhlODVmNmVjNmM2ZjBjZDYzNjMzZjg5OWM3YzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu9lJEQG/xZEbvGx4qJtnomzI6yVX
8z2W7/3sSXR9NmogQMksvF+20dGcC6GO69VejOFvZGBpKt6VMd2KvgF4cnIwlnog
FGaqSUI6Sj170/ESHuJiBWskCva7WRXwKSb7W37sUQDcpnthlmQNpURLkNFMneNO
VyOCCEf53kLxNB3YucnwvaYpMAMroIkSd13W8oNcczldlaS/aI6qbfXjMRCXMWxr
jQhod/uojTnk5o+qHnKHeGY7w6gCo0DcjdQ0dQj0e97zBr1OXitKInWP35nK5hW3
/e6UINtMtkAPPix+vjVl87lSXrKob2tubTRUmgE2RKzUtTOj1FhmCAWzlwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJz36KJgKOhfbsbG8M1jYz+JnHwZMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvblBmb29tQW82Rjl1eHNid3pXTmpQNG1jZkJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGgsMQbwMk/h4QthjSFn
znYmuvA7Ce39BLGM9tGgPIVfK+LkTM7byQIusEfEyzpfzONs5PLxya8tfrs6yCsF
+Mx7FjVeK5C0z+p0OjOsnJQz+Gv9f7PrmSCuiDaj+W+eQ9HFWqk4Pg0zF7hGCufx
XjAtLCRccvPJJJpIKXEmEk/3ZmvFU8paArF4eipVfdAFmeuOlZ4e9snjcYMAoll9
CoQ2NHSLIthXyZYJrRqvQQM064YVgBzJBAOM+32FcqddTEkZibb3N4Agwot/Azek
+mUu4wX/snNA4rS1OMRnPC3gObhTScf4KNfbE+FTGDJR/hLzC+hr1mnoxIxYo5QX
Ii0=
-----END CERTIFICATE-----