Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/o03PpZIRkk3BdEcVIUYtpp8GZpM.roa
File:                     o03PpZIRkk3BdEcVIUYtpp8GZpM.roa (raw, json)
Hash identifier:          Fj6yydgA6WhCG2zaZBTrsDTyLppjY+Ibtj8oHSl/Fes=
Subject key identifier:   A3:4D:CF:A5:92:11:92:4D:C1:74:47:15:21:46:2D:A6:9F:06:66:93
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01888507FA1DC676F3C36481D3C6263AD549
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/o03PpZIRkk3BdEcVIUYtpp8GZpM.roa
Signing time:             Sun 04 Jun 2023 06:11:12 +0000
ROA not before:           Sun 04 Jun 2023 06:11:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:85:07:fa:1d:c6:76:f3:c3:64:81:d3:c6:26:3a:d5:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  4 06:11:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a34dcfa59211924dc174471521462da69f066693
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:15:79:67:d5:c5:9a:74:6e:8a:a3:c4:a5:fb:
                    7b:18:90:f9:42:c4:b1:aa:7d:f0:95:b6:ab:a2:a1:
                    3e:9a:8e:14:c9:9a:47:64:e2:8a:5e:13:d3:60:c6:
                    e2:ab:37:d5:d2:9a:65:a7:e7:68:8c:0c:6c:14:0f:
                    e0:b3:3b:73:08:21:1a:7a:cf:10:75:85:a7:8d:db:
                    3c:db:2e:fb:0c:23:f6:76:bf:92:4e:b3:58:8b:00:
                    79:dd:d0:08:65:14:91:eb:77:fc:3b:2e:b2:65:2c:
                    77:a9:a1:76:6a:f7:dc:45:4e:d5:12:4c:bb:c4:41:
                    23:04:8f:46:b8:33:30:62:b1:78:6e:66:e7:22:36:
                    f9:7f:be:93:12:f6:12:41:4e:84:46:4b:6a:66:5d:
                    59:13:4b:5a:e6:96:1a:0d:9b:79:01:51:d0:24:5a:
                    d3:17:97:89:ba:ba:7e:ca:35:36:e0:13:df:59:b3:
                    92:09:5e:e9:c8:d7:f3:4e:75:f2:13:27:ab:a9:3e:
                    f8:7a:38:3b:aa:e0:35:b4:2e:e1:43:f4:57:1d:b0:
                    58:d0:34:89:d0:fa:9d:d3:14:c7:5f:16:3d:18:3a:
                    8a:e2:91:8a:36:07:45:a2:e1:28:13:29:51:ea:08:
                    8b:4a:ff:e6:14:98:a6:b9:07:04:93:e3:69:58:80:
                    40:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:4D:CF:A5:92:11:92:4D:C1:74:47:15:21:46:2D:A6:9F:06:66:93
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/o03PpZIRkk3BdEcVIUYtpp8GZpM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a9:7e:70:a1:32:0b:6d:80:b4:70:99:ec:b8:de:b4:c0:12:ae:
         f8:37:a3:0e:01:ea:57:74:7c:6c:c8:42:7a:bf:ce:ff:d7:45:
         d6:e6:7d:d2:e0:36:46:cc:c3:15:bd:c6:95:15:2f:45:2b:18:
         59:a8:ab:e0:a5:bb:b6:4f:63:af:9c:92:af:8f:54:61:cb:a6:
         35:5a:e1:54:d8:d9:67:90:62:aa:0b:22:1e:0e:e2:72:ae:ee:
         97:a7:4a:55:88:3a:9b:d8:7d:8e:ff:97:3f:cd:7b:a1:7c:7c:
         4d:71:f8:21:c2:67:73:dd:e1:65:ad:ca:1e:a7:6a:d2:eb:75:
         2e:5c:59:43:59:72:70:bd:ec:42:d0:5b:f6:7e:1a:49:59:d9:
         c6:b8:28:19:bf:f9:5b:ba:b2:9c:ae:9a:4e:f5:99:14:b9:13:
         05:98:a7:0f:9e:e8:5c:8c:40:33:cf:1c:f5:0c:5a:d5:cb:08:
         05:b3:b1:5c:dd:bb:a7:66:0e:cb:e3:20:0a:7d:92:5b:26:a4:
         75:a4:02:02:89:7b:f2:7b:24:36:b0:a8:ff:9f:84:8d:24:d7:
         d1:6b:0b:3d:ac:72:af:a7:77:61:ef:62:5a:7e:ce:f0:a7:b4:
         cc:85:a1:90:6e:44:1a:5b:84:65:cc:33:29:7d:72:78:80:f0:
         b7:c4:a5:8e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiFB/odxnbzw2SB08YmOtVJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA0MDYxMTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzRkY2ZhNTkyMTE5MjRkYzE3NDQ3MTUyMTQ2MmRhNjlmMDY2NjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArRV5Z9XFmnRuiqPEpft7GJD5QsSx
qn3wlbaroqE+mo4UyZpHZOKKXhPTYMbiqzfV0pplp+dojAxsFA/gsztzCCEaes8Q
dYWnjds82y77DCP2dr+STrNYiwB53dAIZRSR63f8Oy6yZSx3qaF2avfcRU7VEky7
xEEjBI9GuDMwYrF4bmbnIjb5f76TEvYSQU6ERktqZl1ZE0ta5pYaDZt5AVHQJFrT
F5eJurp+yjU24BPfWbOSCV7pyNfzTnXyEyerqT74ejg7quA1tC7hQ/RXHbBY0DSJ
0Pqd0xTHXxY9GDqK4pGKNgdFouEoEylR6giLSv/mFJimuQcEk+NpWIBA0wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKNNz6WSEZJNwXRHFSFGLaafBmaTMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbzAzUHBaSVJrazNCZEVjVklVWXRwcDhHWnBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKl+cKEyC22AtHCZ7Lje
tMASrvg3ow4B6ld0fGzIQnq/zv/XRdbmfdLgNkbMwxW9xpUVL0UrGFmoq+Clu7ZP
Y6+ckq+PVGHLpjVa4VTY2WeQYqoLIh4O4nKu7penSlWIOpvYfY7/lz/Ne6F8fE1x
+CHCZ3Pd4WWtyh6natLrdS5cWUNZcnC97ELQW/Z+GklZ2ca4KBm/+Vu6spyumk71
mRS5EwWYpw+e6FyMQDPPHPUMWtXLCAWzsVzdu6dmDsvjIAp9klsmpHWkAgKJe/J7
JDawqP+fhI0k19FrCz2scq+nd2HvYlp+zvCntMyFoZBuRBpbhGXMMyl9cniA8LfE
pY4=
-----END CERTIFICATE-----