Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/npEr1xqTy2-x62tRlKHWKZWQU5M.roa
File:                     npEr1xqTy2-x62tRlKHWKZWQU5M.roa (raw, json)
Hash identifier:          VFe+Yjy8I/eGA/Kt9m3Fh3B7vTPlOKPUTHSoF6kahBo=
Subject key identifier:   9E:91:2B:D7:1A:93:CB:6F:B1:EB:6B:51:94:A1:D6:29:95:90:53:93
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01886D305902886575041C572780AE88FE67
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/npEr1xqTy2-x62tRlKHWKZWQU5M.roa
Signing time:             Tue 30 May 2023 15:04:25 +0000
ROA not before:           Tue 30 May 2023 15:04:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:188:6d30:3b0c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:6d:30:59:02:88:65:75:04:1c:57:27:80:ae:88:fe:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 30 15:04:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9e912bd71a93cb6fb1eb6b5194a1d62995905393
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:c1:25:b2:f7:8c:12:32:3c:76:36:7b:67:53:
                    0f:85:0c:e1:d8:5c:2c:a9:02:3c:d6:fb:9b:c7:7e:
                    a5:07:dd:a3:ce:b4:a6:66:0b:65:ec:3a:58:90:3c:
                    a3:2f:91:b6:f8:3c:0d:21:de:5c:43:36:8c:b6:45:
                    4f:3c:86:5f:40:75:96:e3:9f:f8:47:6d:bb:c2:0b:
                    30:d4:7e:a1:86:ec:a1:0f:74:b9:53:a6:d3:27:41:
                    86:17:77:45:1d:24:51:d1:1e:69:5e:f9:23:b7:47:
                    2a:50:e2:92:0e:50:7a:73:dd:d1:af:5c:49:3f:70:
                    d0:06:80:9e:b1:5c:ca:95:dc:9a:01:ea:ab:32:85:
                    4a:d2:24:7c:cd:db:5a:df:4a:4a:37:6b:b6:78:bd:
                    ca:12:62:2e:3f:60:a3:bf:9f:74:54:80:7f:06:99:
                    c7:25:a8:2e:15:db:5d:ed:c4:ba:2a:1b:7d:d3:a7:
                    fa:c2:43:8b:b2:26:fc:5a:5c:d4:74:07:04:af:28:
                    c3:73:11:02:15:40:54:4e:a5:32:19:44:85:da:14:
                    06:9a:32:2d:ba:36:e4:9e:6c:eb:7e:27:ce:97:5e:
                    7c:e4:15:f5:14:b3:a8:4d:3c:4a:34:e5:ad:de:ed:
                    de:20:52:26:f8:9b:a2:94:81:d2:ad:c5:5d:6f:15:
                    97:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:91:2B:D7:1A:93:CB:6F:B1:EB:6B:51:94:A1:D6:29:95:90:53:93
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/npEr1xqTy2-x62tRlKHWKZWQU5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         5d:ce:86:07:55:7d:17:18:63:37:c1:a4:a0:64:53:bb:bc:88:
         da:ea:6b:7a:85:4c:b6:0b:d5:2e:64:67:ef:07:de:3a:f8:a8:
         e6:81:c5:e7:24:c7:6c:cf:7d:43:e9:e3:5c:01:f9:b8:ae:1d:
         30:52:4f:43:60:20:dc:22:37:bb:e2:05:f6:98:c1:54:4d:0e:
         a5:c2:f1:81:ca:68:82:df:71:a5:11:03:1f:92:d9:e7:a7:85:
         b9:c9:3a:bc:33:72:86:87:da:a4:1b:2b:f7:8f:bc:b3:8f:42:
         9c:5d:92:7b:43:52:5d:c2:72:60:3b:0f:68:6c:42:db:6e:b7:
         19:91:b6:01:76:f8:aa:b5:16:9e:24:a7:44:db:96:0a:49:e7:
         d0:26:91:08:c6:5c:2c:fc:18:19:a9:e0:37:ac:6d:94:c4:5d:
         e6:2c:8e:22:7a:a7:f5:02:4d:b7:be:83:a3:9c:92:c9:e1:2f:
         61:0c:ea:a6:a9:46:8c:f2:fb:d4:6d:da:89:e6:f4:f9:9b:b3:
         85:1e:f4:2f:51:1e:02:12:40:ff:c2:c4:4e:1a:7c:db:85:10:
         29:4f:5b:c2:9e:8f:0b:b6:43:da:14:7a:1b:2f:9e:6d:dd:e5:
         3a:75:41:ec:f5:a1:72:34:b1:63:5c:1d:7a:15:1b:0b:71:fe:
         0e:b9:54:3a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhtMFkCiGV1BBxXJ4CuiP5nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTMwMTUwNDI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTkxMmJkNzFhOTNjYjZmYjFlYjZiNTE5NGExZDYyOTk1OTA1MzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAocElsveMEjI8djZ7Z1MPhQzh2Fws
qQI81vubx36lB92jzrSmZgtl7DpYkDyjL5G2+DwNId5cQzaMtkVPPIZfQHWW45/4
R227wgsw1H6hhuyhD3S5U6bTJ0GGF3dFHSRR0R5pXvkjt0cqUOKSDlB6c93Rr1xJ
P3DQBoCesVzKldyaAeqrMoVK0iR8zdta30pKN2u2eL3KEmIuP2Cjv590VIB/BpnH
JaguFdtd7cS6Kht906f6wkOLsib8WlzUdAcEryjDcxECFUBUTqUyGUSF2hQGmjIt
ujbknmzrfifOl1585BX1FLOoTTxKNOWt3u3eIFIm+JuilIHSrcVdbxWXnQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJ6RK9cak8tvsetrUZSh1imVkFOTMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbnBFcjF4cVR5Mi14NjJ0UmxLSFdLWldRVTVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAF3OhgdVfRcYYzfBpKBk
U7u8iNrqa3qFTLYL1S5kZ+8H3jr4qOaBxeckx2zPfUPp41wB+biuHTBST0NgINwi
N7viBfaYwVRNDqXC8YHKaILfcaURAx+S2eenhbnJOrwzcoaH2qQbK/ePvLOPQpxd
kntDUl3CcmA7D2hsQttutxmRtgF2+Kq1Fp4kp0TblgpJ59AmkQjGXCz8GBmp4Des
bZTEXeYsjiJ6p/UCTbe+g6OcksnhL2EM6qapRozy+9Rt2onm9Pmbs4Ue9C9RHgIS
QP/CxE4afNuFEClPW8Kejwu2Q9oUehsvnm3d5Tp1Qez1oXI0sWNcHXoVGwtx/g65
VDo=
-----END CERTIFICATE-----