Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/og90m1VPGgtD1wgf6Q5yebHo9wg.roa
File:                     og90m1VPGgtD1wgf6Q5yebHo9wg.roa (raw, json)
Hash identifier:          /KkhO92qXc/fJMya1Jjl4dCkwwyHvOEoVKVh5mPE1Ro=
Subject key identifier:   A2:0F:74:9B:55:4F:1A:0B:43:D7:08:1F:E9:0E:72:79:B1:E8:F7:08
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01896B3F6FBC441A9ED78D6A7CFC93BB655C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/og90m1VPGgtD1wgf6Q5yebHo9wg.roa
Signing time:             Tue 18 Jul 2023 23:04:26 +0000
ROA not before:           Tue 18 Jul 2023 23:04:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:189:6b3f:48cd/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:6b:3f:6f:bc:44:1a:9e:d7:8d:6a:7c:fc:93:bb:65:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 18 23:04:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a20f749b554f1a0b43d7081fe90e7279b1e8f708
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:48:ce:ed:77:55:cb:0f:e6:5a:9f:2e:14:c8:
                    37:f0:cb:e8:73:f5:df:7c:3b:f2:82:01:ee:47:d8:
                    10:8c:3f:43:d2:81:5b:66:cb:95:a5:d1:ef:08:93:
                    cd:69:97:0c:c8:6d:d5:47:50:1d:5d:80:d0:6b:c4:
                    a5:c6:3c:6a:d6:2c:e8:08:9b:f8:8b:07:e6:8e:98:
                    d5:9d:88:50:26:86:dd:54:3f:43:b0:02:d3:9b:67:
                    fc:0b:5b:84:88:d5:e8:c1:7b:9e:67:07:c0:77:20:
                    ca:84:09:dd:f7:96:32:8f:85:6e:c3:69:7e:14:5e:
                    40:cd:45:09:c2:13:10:8d:ec:63:08:53:c1:21:08:
                    cb:7f:75:57:e1:4e:ff:65:00:9e:6b:28:d2:0f:40:
                    65:84:22:9f:8d:1a:d1:4d:6a:eb:0f:bd:d3:1e:24:
                    08:f8:1b:8b:ce:48:e6:d8:65:29:84:45:a7:d4:a6:
                    de:19:d1:e5:43:fe:f4:e8:95:30:2e:50:55:42:0c:
                    a9:70:57:d3:33:65:54:ed:a9:94:ee:99:45:29:9f:
                    fe:a8:29:45:cc:66:bd:70:21:b0:be:19:06:65:f8:
                    54:3c:f6:cc:83:b2:59:36:dc:14:ee:c0:0f:c5:26:
                    c5:8e:62:98:a6:8b:a7:24:be:4f:e0:c9:4a:3a:b3:
                    20:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:0F:74:9B:55:4F:1A:0B:43:D7:08:1F:E9:0E:72:79:B1:E8:F7:08
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/og90m1VPGgtD1wgf6Q5yebHo9wg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:c4:4b:21:3b:ec:82:81:32:ac:bf:78:c6:d8:56:f9:a3:8d:
         a7:a2:5e:d9:8b:82:1f:ee:67:4f:19:09:19:4d:9f:c7:35:01:
         ba:83:fe:95:f8:36:6f:d3:27:5e:1f:4c:24:06:78:ea:c5:19:
         74:0d:88:53:a1:03:69:b3:9e:35:fc:ab:e5:08:ef:60:c6:70:
         bc:63:d3:16:f0:1d:55:1a:6c:e0:8b:e9:7d:8e:25:19:f3:00:
         42:eb:8e:10:de:15:9c:ab:c2:06:2a:12:09:82:1c:d8:f4:d7:
         2c:af:ac:12:31:8e:dc:26:0c:ef:87:ec:d6:5e:dd:da:fe:d1:
         43:bb:90:fd:24:f6:1c:f6:59:e4:6c:ac:17:e4:27:3b:ec:dc:
         7a:9c:49:b2:75:ab:ba:8c:58:7c:8e:3d:07:5b:fc:42:34:1d:
         b7:3e:c5:74:05:e3:c6:3a:1e:f6:54:36:8b:ea:f0:aa:ca:17:
         fe:b5:18:7a:1a:1c:06:26:bc:02:63:9f:04:d2:72:07:3a:c6:
         47:ad:1d:80:98:a9:a1:6c:76:57:e5:32:c6:ff:bc:39:a3:03:
         e1:03:a7:2d:b5:c1:70:b1:bf:28:9c:df:57:93:b4:62:4f:84:
         0d:e7:d6:9b:21:18:d4:aa:cf:ce:fb:9c:25:3e:de:49:f8:a3:
         74:92:9c:b3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlrP2+8RBqe141qfPyTu2VcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzE4MjMwNDI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjBmNzQ5YjU1NGYxYTBiNDNkNzA4MWZlOTBlNzI3OWIxZThmNzA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqEjO7XdVyw/mWp8uFMg38Mvoc/Xf
fDvyggHuR9gQjD9D0oFbZsuVpdHvCJPNaZcMyG3VR1AdXYDQa8Slxjxq1izoCJv4
iwfmjpjVnYhQJobdVD9DsALTm2f8C1uEiNXowXueZwfAdyDKhAnd95Yyj4Vuw2l+
FF5AzUUJwhMQjexjCFPBIQjLf3VX4U7/ZQCeayjSD0BlhCKfjRrRTWrrD73THiQI
+BuLzkjm2GUphEWn1KbeGdHlQ/706JUwLlBVQgypcFfTM2VU7amU7plFKZ/+qClF
zGa9cCGwvhkGZfhUPPbMg7JZNtwU7sAPxSbFjmKYpounJL5P4MlKOrMghQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKIPdJtVTxoLQ9cIH+kOcnmx6PcIMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvb2c5MG0xVlBHZ3REMXdnZjZRNXllYkhvOXdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABzESyE77IKBMqy/eMbY
VvmjjaeiXtmLgh/uZ08ZCRlNn8c1AbqD/pX4Nm/TJ14fTCQGeOrFGXQNiFOhA2mz
njX8q+UI72DGcLxj0xbwHVUabOCL6X2OJRnzAELrjhDeFZyrwgYqEgmCHNj01yyv
rBIxjtwmDO+H7NZe3dr+0UO7kP0k9hz2WeRsrBfkJzvs3HqcSbJ1q7qMWHyOPQdb
/EI0Hbc+xXQF48Y6HvZUNovq8KrKF/61GHoaHAYmvAJjnwTScgc6xketHYCYqaFs
dlflMsb/vDmjA+EDpy21wXCxvyic31eTtGJPhA3n1pshGNSqz877nCU+3kn4o3SS
nLM=
-----END CERTIFICATE-----