Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/nrPOLLmNWBbtHgw06epSh7Et1xg.roa
File:                     nrPOLLmNWBbtHgw06epSh7Et1xg.roa (raw, json)
Hash identifier:          pj/LMdvRdWcc1x4QVIb6NmjFZCxtPvXC5nDURAXFfaY=
Subject key identifier:   9E:B3:CE:2C:B9:8D:58:16:ED:1E:0C:34:E9:EA:52:87:B1:2D:D7:18
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01896BEB905C990A0EE721A66965D62A3642
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/nrPOLLmNWBbtHgw06epSh7Et1xg.roa
Signing time:             Wed 19 Jul 2023 02:12:27 +0000
ROA not before:           Wed 19 Jul 2023 02:12:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:6b:eb:90:5c:99:0a:0e:e7:21:a6:69:65:d6:2a:36:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 19 02:12:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9eb3ce2cb98d5816ed1e0c34e9ea5287b12dd718
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:a9:b8:52:95:63:a4:26:90:e6:b1:5e:b6:19:
                    4a:5f:3b:b6:2e:cf:09:7b:2c:92:89:bb:65:10:e5:
                    97:cb:3a:37:77:68:de:77:d0:75:af:b7:7b:63:df:
                    ff:ef:17:44:4d:44:87:89:6c:75:c0:e6:ef:4e:c0:
                    3b:b0:59:ca:5d:88:10:d2:c7:76:63:c1:f4:65:1e:
                    55:1b:c7:ef:fa:0b:ab:96:62:8c:76:3b:c0:81:40:
                    f8:3e:78:55:99:27:c8:de:db:55:39:5e:aa:f2:03:
                    ae:f6:0a:13:a1:79:4b:99:7a:23:8b:fb:41:03:09:
                    69:df:91:14:9c:a6:99:6c:95:d7:95:2d:92:55:10:
                    40:1f:2b:cd:7b:24:23:37:05:69:82:40:55:01:7e:
                    40:11:65:c9:91:d9:be:cb:9d:72:0a:ea:fd:00:c8:
                    85:d9:e8:d2:dd:86:f8:c3:03:12:82:c1:4d:0f:02:
                    c5:95:12:b0:b7:4a:94:dd:40:9e:c7:b1:83:15:27:
                    c2:ae:6c:52:a6:db:2b:e8:3d:56:9b:56:be:70:a5:
                    25:21:57:37:78:5f:c9:68:73:ec:dd:04:00:48:81:
                    39:ac:c5:a4:f1:84:d0:ce:bc:c6:f1:fa:e4:2a:1c:
                    5f:47:7d:1c:a3:ae:5e:3a:47:bb:fb:da:d5:d6:f9:
                    29:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:B3:CE:2C:B9:8D:58:16:ED:1E:0C:34:E9:EA:52:87:B1:2D:D7:18
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/nrPOLLmNWBbtHgw06epSh7Et1xg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:bb:5e:51:0f:d9:f0:98:d6:4c:74:a5:76:28:d1:31:cd:df:
         d5:94:ca:e8:ab:b9:39:d5:47:eb:e4:47:f0:22:5f:b0:50:02:
         bc:2e:20:cb:a6:ca:54:6c:bb:1f:83:7b:83:53:28:f2:2f:77:
         79:96:2f:cd:fb:1e:f1:a3:d5:3a:eb:61:6c:68:3a:f5:d3:21:
         6d:bc:aa:f7:69:c4:36:aa:49:89:8c:e4:b4:f6:51:56:ec:65:
         52:8d:4c:5f:c9:e1:e7:e3:f6:d5:bf:15:6b:be:06:36:bf:67:
         be:9d:f3:78:61:7f:34:3b:e1:d9:9c:f7:ff:2e:29:7c:e4:fa:
         7f:51:be:45:d8:35:77:40:fa:6e:20:24:45:90:31:cd:65:a8:
         66:4d:a3:73:d4:60:ac:73:57:53:cb:f8:69:94:a5:3c:9c:7d:
         63:6b:a6:22:1b:85:d2:b6:08:27:33:96:c9:30:9e:5a:bd:59:
         ed:34:88:1e:e9:16:aa:f4:de:28:44:7a:90:48:eb:38:9b:87:
         5e:16:66:5b:95:40:e6:ad:19:e5:36:9b:5d:c9:51:c2:6a:dc:
         94:38:bf:3f:c5:31:9f:d9:60:f3:fb:85:46:45:1e:f1:4b:c8:
         47:dc:c6:cf:b1:6e:17:6c:75:cc:83:ba:db:d6:45:7e:85:bb:
         55:9d:b2:88
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlr65BcmQoO5yGmaWXWKjZCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzE5MDIxMjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWIzY2UyY2I5OGQ1ODE2ZWQxZTBjMzRlOWVhNTI4N2IxMmRkNzE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiam4UpVjpCaQ5rFethlKXzu2Ls8J
eyySibtlEOWXyzo3d2jed9B1r7d7Y9//7xdETUSHiWx1wObvTsA7sFnKXYgQ0sd2
Y8H0ZR5VG8fv+gurlmKMdjvAgUD4PnhVmSfI3ttVOV6q8gOu9goToXlLmXoji/tB
Awlp35EUnKaZbJXXlS2SVRBAHyvNeyQjNwVpgkBVAX5AEWXJkdm+y51yCur9AMiF
2ejS3Yb4wwMSgsFNDwLFlRKwt0qU3UCex7GDFSfCrmxSptsr6D1Wm1a+cKUlIVc3
eF/JaHPs3QQASIE5rMWk8YTQzrzG8frkKhxfR30co65eOke7+9rV1vkp6QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJ6zziy5jVgW7R4MNOnqUoexLdcYMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbnJQT0xMbU5XQmJ0SGd3MDZlcFNoN0V0MXhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAI27XlEP2fCY1kx0pXYo
0THN39WUyuiruTnVR+vkR/AiX7BQArwuIMumylRsux+De4NTKPIvd3mWL837HvGj
1TrrYWxoOvXTIW28qvdpxDaqSYmM5LT2UVbsZVKNTF/J4efj9tW/FWu+Bja/Z76d
83hhfzQ74dmc9/8uKXzk+n9RvkXYNXdA+m4gJEWQMc1lqGZNo3PUYKxzV1PL+GmU
pTycfWNrpiIbhdK2CCczlskwnlq9We00iB7pFqr03ihEepBI6zibh14WZluVQOat
GeU2m13JUcJq3JQ4vz/FMZ/ZYPP7hUZFHvFLyEfcxs+xbhdsdcyDutvWRX6Fu1Wd
sog=
-----END CERTIFICATE-----