Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/p65DK8LXiDqt9Oc11Bun-uNxGr0.roa
File:                     p65DK8LXiDqt9Oc11Bun-uNxGr0.roa (raw, json)
Hash identifier:          7YswWJMdJtGgYdFNiUkWoW01OnL4aYcM0KYnnHOLULA=
Subject key identifier:   A7:AE:43:2B:C2:D7:88:3A:AD:F4:E7:35:D4:1B:A7:FA:E3:71:1A:BD
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01895D8B8628503BF26DD07EB9BF1E8C6421
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/p65DK8LXiDqt9Oc11Bun-uNxGr0.roa
Signing time:             Sun 16 Jul 2023 07:12:52 +0000
ROA not before:           Sun 16 Jul 2023 07:12:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:5d:8b:86:28:50:3b:f2:6d:d0:7e:b9:bf:1e:8c:64:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 16 07:12:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a7ae432bc2d7883aadf4e735d41ba7fae3711abd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:69:c7:41:ce:43:39:05:65:d9:f3:e3:d1:91:
                    1c:16:83:c2:5c:b5:bf:3d:55:39:fa:9e:13:54:eb:
                    d0:7f:37:84:56:57:3b:f0:ca:e3:14:60:52:b5:08:
                    60:05:5e:74:10:79:46:f0:a5:e9:4e:50:78:1d:b6:
                    0b:76:c3:7c:20:1e:c8:09:0e:e3:1f:4b:12:66:53:
                    22:49:9c:6b:b8:69:50:bb:e9:fe:57:e8:4e:ab:2f:
                    a9:86:8c:b6:8d:0a:0c:0d:b5:38:5c:42:b7:50:91:
                    2b:8f:70:69:c4:83:79:c1:6a:56:f9:22:38:3b:a9:
                    67:c3:17:6d:19:0c:9d:78:b6:a3:e0:65:36:15:01:
                    bc:a5:e5:5f:10:22:58:65:cb:a3:af:2a:2c:e8:98:
                    ce:1b:f9:fd:4e:b0:0d:16:63:23:8f:a2:27:9a:c0:
                    88:65:b9:5a:3e:b2:53:05:3c:e2:c9:dd:68:55:dc:
                    93:38:97:f9:f2:a8:04:7d:1a:c1:d4:6b:9a:c6:7e:
                    1c:7c:16:7d:0d:7c:49:68:5e:ec:25:49:8a:e1:1a:
                    06:60:71:58:f8:31:9c:81:8d:b3:1d:7f:a6:68:28:
                    c9:d6:bb:3a:94:8b:9e:69:8c:f3:bb:84:ef:a6:62:
                    46:f2:ca:1b:03:b4:5b:d2:33:bc:9a:87:84:68:5a:
                    6f:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:AE:43:2B:C2:D7:88:3A:AD:F4:E7:35:D4:1B:A7:FA:E3:71:1A:BD
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/p65DK8LXiDqt9Oc11Bun-uNxGr0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         03:cf:f7:60:42:04:42:b4:cc:98:56:c2:73:92:b1:3c:7f:27:
         f6:14:70:4c:dc:80:d7:ff:5d:5f:b3:22:0d:27:a0:7d:59:aa:
         c0:a5:54:ae:98:e5:36:28:38:df:62:d9:1e:72:1b:c2:2b:22:
         68:3b:de:38:3e:5c:bb:b0:7d:ae:b9:34:28:13:df:1c:96:1f:
         29:06:f4:e1:03:5b:00:1a:06:76:05:de:bf:3f:15:a3:eb:54:
         cd:3f:53:b9:9a:73:f6:95:49:78:e9:d6:11:d6:1b:3d:1a:9c:
         c9:49:e9:86:36:5e:ed:95:13:d4:12:62:52:0b:6b:b7:85:cf:
         af:1f:0e:6e:b1:31:51:18:af:3d:e3:47:7b:01:5d:ce:be:8c:
         17:39:76:07:c0:64:a3:5e:0c:6f:cd:1b:47:c1:12:5c:f1:67:
         9d:46:0c:37:eb:ac:d2:00:ef:4e:06:66:8d:35:f4:73:17:a6:
         75:14:4b:ef:90:cb:54:e0:70:d2:19:db:c9:c7:73:e6:a7:df:
         b0:f1:2f:6f:05:3f:7d:7d:62:4d:b6:45:b6:b7:f1:f4:64:7a:
         7f:d6:74:c9:f9:cf:b1:b5:cd:ea:a5:4f:0c:0b:dd:25:d3:14:
         ee:c3:d6:e9:77:fb:4b:53:10:01:10:b0:56:59:05:8b:79:d4:
         51:32:e5:0b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYldi4YoUDvybdB+ub8ejGQhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzE2MDcxMjUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2FlNDMyYmMyZDc4ODNhYWRmNGU3MzVkNDFiYTdmYWUzNzExYWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlWnHQc5DOQVl2fPj0ZEcFoPCXLW/
PVU5+p4TVOvQfzeEVlc78MrjFGBStQhgBV50EHlG8KXpTlB4HbYLdsN8IB7ICQ7j
H0sSZlMiSZxruGlQu+n+V+hOqy+phoy2jQoMDbU4XEK3UJErj3BpxIN5wWpW+SI4
O6lnwxdtGQydeLaj4GU2FQG8peVfECJYZcujryos6JjOG/n9TrANFmMjj6InmsCI
ZblaPrJTBTziyd1oVdyTOJf58qgEfRrB1Guaxn4cfBZ9DXxJaF7sJUmK4RoGYHFY
+DGcgY2zHX+maCjJ1rs6lIueaYzzu4TvpmJG8sobA7Rb0jO8moeEaFpvbQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKeuQyvC14g6rfTnNdQbp/rjcRq9MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcDY1REs4TFhpRHF0OU9jMTFCdW4tdU54R3IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAPP92BCBEK0zJhWwnOS
sTx/J/YUcEzcgNf/XV+zIg0noH1ZqsClVK6Y5TYoON9i2R5yG8IrImg73jg+XLuw
fa65NCgT3xyWHykG9OEDWwAaBnYF3r8/FaPrVM0/U7mac/aVSXjp1hHWGz0anMlJ
6YY2Xu2VE9QSYlILa7eFz68fDm6xMVEYrz3jR3sBXc6+jBc5dgfAZKNeDG/NG0fB
ElzxZ51GDDfrrNIA704GZo019HMXpnUUS++Qy1TgcNIZ28nHc+an37DxL28FP319
Yk22Rba38fRken/WdMn5z7G1zeqlTwwL3SXTFO7D1ul3+0tTEAEQsFZZBYt51FEy
5Qs=
-----END CERTIFICATE-----