Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/s29FFDS-k3YMhTBBEoTDe7JzOok.roa
File:                     s29FFDS-k3YMhTBBEoTDe7JzOok.roa (raw, json)
Hash identifier:          iQU77hilS6Y9B+IRvmJzmdhxbqKRp8S7jca6WBMO9Eg=
Subject key identifier:   B3:6F:45:14:34:BE:93:76:0C:85:30:41:12:84:C3:7B:B2:73:3A:89
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018708FE6F76EE4BDE6F668F334D69A0EB16
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/s29FFDS-k3YMhTBBEoTDe7JzOok.roa
Signing time:             Wed 22 Mar 2023 11:05:05 +0000
ROA not before:           Wed 22 Mar 2023 11:05:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:187:8fe:1b15/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:08:fe:6f:76:ee:4b:de:6f:66:8f:33:4d:69:a0:eb:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 22 11:05:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b36f451434be93760c8530411284c37bb2733a89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:78:db:b7:a8:99:97:7e:aa:27:fd:ef:2b:7d:
                    fa:cc:ec:2a:60:fe:00:a8:3e:ff:b3:a2:3c:d5:6c:
                    ec:84:75:9f:38:3e:ca:15:18:50:9c:ac:cb:0f:81:
                    de:39:5a:c0:49:8e:5f:af:07:0b:6d:e2:b2:cd:e5:
                    48:eb:3b:6b:a4:e3:11:77:7b:ef:f4:46:b6:a4:a7:
                    01:88:9e:fa:d5:99:74:95:22:e3:dc:eb:d8:74:07:
                    62:13:b6:1f:88:df:59:8a:2a:85:fd:df:73:7d:d7:
                    e0:23:94:d4:c2:71:64:1c:f2:46:30:d6:4e:db:99:
                    56:6d:28:99:66:47:0c:0e:b6:13:b7:11:f4:39:b0:
                    b5:a5:5f:31:3e:e9:d4:a4:ff:be:0b:85:1d:6a:01:
                    2b:2d:c0:9b:4a:71:f5:b8:5b:48:80:15:34:c5:ad:
                    94:54:37:c8:ac:9d:be:e5:45:e0:af:3b:04:43:41:
                    c0:59:40:4f:d6:9f:05:62:0f:c6:6c:e4:bc:37:5b:
                    6a:22:33:d4:bb:5d:f6:dc:a7:77:30:9f:1d:ca:07:
                    33:fb:59:6a:28:a1:20:b5:9f:86:a1:bd:94:9c:69:
                    c5:a9:55:3e:54:d1:0e:60:a2:35:2d:b7:5c:6d:7c:
                    90:e9:bc:f2:a5:51:ed:e8:88:47:30:0f:f3:2d:c8:
                    30:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:6F:45:14:34:BE:93:76:0C:85:30:41:12:84:C3:7B:B2:73:3A:89
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/s29FFDS-k3YMhTBBEoTDe7JzOok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         7d:0f:12:0f:57:60:5e:06:3e:ee:23:33:ce:8b:d6:f2:fa:d3:
         06:86:b5:7a:d6:be:5c:6e:57:06:b6:ae:56:f8:af:b8:f4:c4:
         a5:6e:2a:d4:ec:1b:75:a6:58:36:f5:e2:fd:37:be:6b:a4:59:
         b9:6e:3a:23:fd:8f:2a:52:1e:6d:89:c1:b3:f4:26:5f:7f:c0:
         c2:b9:42:c8:8a:74:bd:3e:89:4f:32:20:ff:85:a2:3f:10:1d:
         db:ac:70:3c:3d:d9:0c:ed:64:a7:08:8d:c0:95:98:b1:17:f1:
         1e:94:15:cb:ce:ee:1a:0c:07:92:fd:64:0e:46:7d:7c:63:0b:
         40:92:2b:a0:48:10:d0:3e:b2:32:79:cc:3d:6c:ec:58:7b:63:
         5e:45:ed:c8:01:25:bf:9e:2f:f0:92:1f:2a:f6:43:1b:6a:c5:
         25:76:68:6b:2c:ae:70:ea:a2:47:19:16:df:2e:aa:c7:da:81:
         2f:8d:77:f1:ab:b2:5a:e4:90:33:7e:cb:da:48:55:0c:e4:3a:
         46:47:4a:2c:f4:1d:95:95:9f:1c:1e:f0:19:9d:f9:27:d0:55:
         a4:d5:e2:47:46:f9:47:14:63:95:93:ca:c2:80:51:62:fd:b7:
         35:b1:c6:11:e4:db:24:6e:a6:17:85:df:5f:e9:ce:25:a9:19:
         ca:dd:83:ad
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcI/m927kveb2aPM01poOsWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzIyMTEwNTA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzZmNDUxNDM0YmU5Mzc2MGM4NTMwNDExMjg0YzM3YmIyNzMzYTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj3jbt6iZl36qJ/3vK336zOwqYP4A
qD7/s6I81WzshHWfOD7KFRhQnKzLD4HeOVrASY5frwcLbeKyzeVI6ztrpOMRd3vv
9Ea2pKcBiJ761Zl0lSLj3OvYdAdiE7YfiN9ZiiqF/d9zfdfgI5TUwnFkHPJGMNZO
25lWbSiZZkcMDrYTtxH0ObC1pV8xPunUpP++C4UdagErLcCbSnH1uFtIgBU0xa2U
VDfIrJ2+5UXgrzsEQ0HAWUBP1p8FYg/GbOS8N1tqIjPUu1323Kd3MJ8dygcz+1lq
KKEgtZ+Gob2UnGnFqVU+VNEOYKI1LbdcbXyQ6bzypVHt6IhHMA/zLcgwvQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLNvRRQ0vpN2DIUwQRKEw3uyczqJMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvczI5RkZEUy1rM1lNaFRCQkVvVERlN0p6T29rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAH0PEg9XYF4GPu4jM86L
1vL60waGtXrWvlxuVwa2rlb4r7j0xKVuKtTsG3WmWDb14v03vmukWbluOiP9jypS
Hm2JwbP0Jl9/wMK5QsiKdL0+iU8yIP+Foj8QHduscDw92QztZKcIjcCVmLEX8R6U
FcvO7hoMB5L9ZA5GfXxjC0CSK6BIENA+sjJ5zD1s7Fh7Y15F7cgBJb+eL/CSHyr2
QxtqxSV2aGssrnDqokcZFt8uqsfagS+Nd/GrslrkkDN+y9pIVQzkOkZHSiz0HZWV
nxwe8Bmd+SfQVaTV4kdG+UcUY5WTysKAUWL9tzWxxhHk2yRupheF31/pziWpGcrd
g60=
-----END CERTIFICATE-----