Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/p1w9nO5S5xDkHXt8WYB7fbzYepI.roa
File:                     p1w9nO5S5xDkHXt8WYB7fbzYepI.roa (raw, json)
Hash identifier:          ygbOuBNiQAbicNUFBN5G3o+c+MNOSygNtUuYTBXguqw=
Subject key identifier:   A7:5C:3D:9C:EE:52:E7:10:E4:1D:7B:7C:59:80:7B:7D:BC:D8:7A:92
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188A5314EF92346CBC246328A981FBD5572
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/p1w9nO5S5xDkHXt8WYB7fbzYepI.roa
Signing time:             Sat 10 Jun 2023 12:04:12 +0000
ROA not before:           Sat 10 Jun 2023 12:04:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:188:a531:46c9/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:a5:31:4e:f9:23:46:cb:c2:46:32:8a:98:1f:bd:55:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 10 12:04:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a75c3d9cee52e710e41d7b7c59807b7dbcd87a92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:19:7d:87:99:99:c2:dd:13:b5:95:56:51:26:
                    b8:cc:4b:3f:4b:e5:b4:4d:e7:48:67:c8:b6:98:70:
                    e0:23:b0:33:38:e2:fa:70:4a:44:1c:f4:ec:f6:c7:
                    2b:41:30:69:44:07:4e:2a:3b:8f:f1:0d:95:17:a7:
                    31:8b:0c:e9:f1:56:09:3d:55:96:fc:f4:55:bc:44:
                    2c:cb:59:a8:db:5a:2c:a8:85:f8:d7:a5:f9:c3:b5:
                    2e:b1:d6:49:18:64:4d:50:5a:78:bd:dc:e5:e2:ea:
                    83:a5:1d:a1:d2:a0:fc:62:98:a5:c6:81:86:80:c0:
                    ac:51:83:d8:e6:27:a0:00:25:08:ff:5f:04:b8:24:
                    54:4d:31:8d:3d:91:43:97:c2:3b:a6:49:91:e5:aa:
                    dd:96:8f:1b:64:99:68:81:55:ce:f1:54:f2:ef:c7:
                    bb:87:d8:e3:e0:88:f9:54:47:f2:0e:11:a0:66:4d:
                    ad:e3:cd:40:a8:3a:ba:82:36:65:a3:da:cb:7c:98:
                    7b:f7:16:ae:43:d4:bf:89:24:83:4e:9a:73:0d:9a:
                    f5:44:8c:8c:3b:51:e4:5d:26:21:fc:39:ea:7d:6f:
                    c2:5b:0b:7a:f4:fa:f2:b4:4e:02:89:4e:68:c0:5a:
                    3d:76:c3:aa:af:dd:a3:30:c4:b6:2b:bd:47:83:fa:
                    9e:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:5C:3D:9C:EE:52:E7:10:E4:1D:7B:7C:59:80:7B:7D:BC:D8:7A:92
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/p1w9nO5S5xDkHXt8WYB7fbzYepI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:d0:e0:61:4a:31:6e:13:cd:a2:6a:e5:81:17:18:98:9d:57:
         f6:da:7e:16:18:53:e6:5c:c0:c3:03:b3:3b:21:52:be:50:c0:
         8b:16:64:3b:ab:ed:70:48:06:57:d6:b9:eb:28:26:7e:0f:95:
         50:d3:3e:3f:1e:8c:d9:0e:39:f2:8d:e8:96:96:1d:84:06:c6:
         c2:d9:0a:20:2a:d5:c7:de:fd:5a:ae:4d:03:d5:53:0c:c2:96:
         34:8c:1f:fe:62:73:fa:55:23:94:30:f1:21:c0:2f:45:a1:ec:
         29:87:d7:47:d4:92:5b:19:e7:8e:5c:0e:3b:ce:79:94:2c:53:
         98:f4:0f:ca:26:0b:92:93:96:a6:65:d6:fc:57:17:ef:46:53:
         45:f1:ec:42:f9:82:fb:0a:60:ed:7a:59:41:5e:95:ec:2c:e2:
         4a:0c:bc:a0:f2:88:72:87:da:f0:c1:89:8c:df:7c:9d:7a:d5:
         9b:43:9b:e4:10:0d:29:79:1d:09:ed:36:9e:8f:be:2e:14:46:
         3f:cb:97:a1:47:15:d5:8f:67:8b:51:d6:c6:3b:ec:32:09:ab:
         92:fe:17:90:a7:3f:fc:1d:09:c7:ea:40:c6:08:62:c4:80:40:
         5e:63:bd:64:67:a3:61:60:55:c6:4b:46:44:aa:75:f9:80:64:
         a4:f3:03:46
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYilMU75I0bLwkYyipgfvVVyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjEwMTIwNDEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzVjM2Q5Y2VlNTJlNzEwZTQxZDdiN2M1OTgwN2I3ZGJjZDg3YTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthl9h5mZwt0TtZVWUSa4zEs/S+W0
TedIZ8i2mHDgI7AzOOL6cEpEHPTs9scrQTBpRAdOKjuP8Q2VF6cxiwzp8VYJPVWW
/PRVvEQsy1mo21osqIX416X5w7UusdZJGGRNUFp4vdzl4uqDpR2h0qD8YpilxoGG
gMCsUYPY5iegACUI/18EuCRUTTGNPZFDl8I7pkmR5ardlo8bZJlogVXO8VTy78e7
h9jj4Ij5VEfyDhGgZk2t481AqDq6gjZlo9rLfJh79xauQ9S/iSSDTppzDZr1RIyM
O1HkXSYh/DnqfW/CWwt69PrytE4CiU5owFo9dsOqr92jMMS2K71Hg/qeDwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKdcPZzuUucQ5B17fFmAe3282HqSMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcDF3OW5PNVM1eERrSFh0OFdZQjdmYnpZZXBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABzQ4GFKMW4TzaJq5YEX
GJidV/bafhYYU+ZcwMMDszshUr5QwIsWZDur7XBIBlfWuesoJn4PlVDTPj8ejNkO
OfKN6JaWHYQGxsLZCiAq1cfe/VquTQPVUwzCljSMH/5ic/pVI5Qw8SHAL0Wh7CmH
10fUklsZ545cDjvOeZQsU5j0D8omC5KTlqZl1vxXF+9GU0Xx7EL5gvsKYO16WUFe
lews4koMvKDyiHKH2vDBiYzffJ161ZtDm+QQDSl5HQntNp6Pvi4URj/Ll6FHFdWP
Z4tR1sY77DIJq5L+F5CnP/wdCcfqQMYIYsSAQF5jvWRno2FgVcZLRkSqdfmAZKTz
A0Y=
-----END CERTIFICATE-----