Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/sl8LukuR6SioQkqtHgyVJk-Haos.roa
File:                     sl8LukuR6SioQkqtHgyVJk-Haos.roa (raw, json)
Hash identifier:          tKlNbJeoxbzQvnTcRbYo0WtJ9P8kOy9Xn++/704/JAE=
Subject key identifier:   B2:5F:0B:BA:4B:91:E9:28:A8:42:4A:AD:1E:0C:95:26:4F:87:6A:8B
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01884D3ED9CD3C1E351583ABDE0A4D971B84
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/sl8LukuR6SioQkqtHgyVJk-Haos.roa
Signing time:             Wed 24 May 2023 10:12:24 +0000
ROA not before:           Wed 24 May 2023 10:12:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:4d:3e:d9:cd:3c:1e:35:15:83:ab:de:0a:4d:97:1b:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 24 10:12:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b25f0bba4b91e928a8424aad1e0c95264f876a8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:cb:82:69:32:94:7f:3e:90:58:57:07:c1:8b:
                    45:3f:fb:bc:38:51:db:7f:8e:ed:64:23:38:e5:d4:
                    c2:2d:d1:a9:38:51:d3:b3:5d:b9:1f:31:c3:42:c3:
                    98:82:70:ad:53:21:a4:3c:53:7a:af:42:6e:15:2e:
                    1f:5a:95:c2:3b:67:47:85:42:df:6e:db:6d:71:2a:
                    90:5b:59:cd:60:e4:c8:bb:d2:3a:21:06:0f:f5:fa:
                    ef:31:0c:0d:c4:c2:10:9b:fd:b6:98:8e:5f:3d:92:
                    67:30:82:0c:a2:66:62:c6:61:c9:d4:65:33:5b:7c:
                    6d:ea:5d:22:b5:7f:11:04:3d:e3:cf:63:f5:52:ea:
                    4c:9e:0b:01:e9:05:97:38:28:d1:48:82:42:b7:e0:
                    2a:46:4e:0e:fc:b1:76:b7:4e:dc:ea:3b:62:2b:d2:
                    43:2e:0c:23:0d:ee:40:9b:08:9c:39:7c:49:5f:07:
                    62:82:5d:e2:2d:49:c4:af:04:db:e9:df:d3:b8:e0:
                    5d:ec:00:01:c1:11:b4:77:66:00:0a:88:3c:0a:84:
                    95:3d:7b:7b:0e:1e:96:ee:4c:72:78:28:1a:b3:a2:
                    ca:b6:92:67:00:eb:35:f0:f9:1a:b2:d9:6f:4d:cc:
                    b6:a1:66:f2:06:e6:48:5c:3e:30:d4:af:fc:80:16:
                    d2:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:5F:0B:BA:4B:91:E9:28:A8:42:4A:AD:1E:0C:95:26:4F:87:6A:8B
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/sl8LukuR6SioQkqtHgyVJk-Haos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:e3:0a:ff:d5:ab:b0:f2:14:d2:29:ce:0c:d6:c6:17:1d:28:
         26:e4:92:eb:a2:de:93:35:21:df:86:d1:a8:59:ad:22:8f:24:
         30:cf:f6:4a:89:cd:57:ff:51:d1:f4:21:6f:85:12:9e:61:28:
         e0:71:bd:9f:a4:46:74:83:01:7b:a2:bd:43:c3:cd:3c:13:ca:
         11:2d:be:5a:a8:c6:ea:7c:e9:d8:ad:0b:a5:21:7b:db:40:e5:
         90:ac:cb:5e:e0:14:d8:f9:fe:ac:98:b5:19:ae:83:8c:40:74:
         9a:ba:6d:58:5b:72:04:52:b7:b1:64:ba:ac:4b:5c:a9:a4:29:
         45:5c:87:fb:15:58:62:2e:08:b6:1d:da:ba:44:4c:4e:4b:ee:
         ff:d0:f7:52:71:c4:ad:47:96:b3:9c:94:db:8c:2e:53:b5:b8:
         35:33:81:d7:59:ec:46:98:9e:3e:63:e9:26:08:d7:b3:96:a0:
         ea:b0:05:99:fa:d5:da:16:ca:dc:1b:ed:79:fd:ad:f7:64:28:
         fc:bc:6a:83:da:06:fe:70:1d:b8:74:d3:d7:23:e2:fb:6a:9b:
         45:45:dc:57:c5:18:26:2f:db:d7:45:93:b2:c8:b2:dc:a2:55:
         22:f4:3d:78:e1:0c:10:89:b1:4c:38:30:2d:e2:e1:2f:0d:0c:
         ba:62:4d:30
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhNPtnNPB41FYOr3gpNlxuEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTI0MTAxMjI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjVmMGJiYTRiOTFlOTI4YTg0MjRhYWQxZTBjOTUyNjRmODc2YThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8uCaTKUfz6QWFcHwYtFP/u8OFHb
f47tZCM45dTCLdGpOFHTs125HzHDQsOYgnCtUyGkPFN6r0JuFS4fWpXCO2dHhULf
btttcSqQW1nNYOTIu9I6IQYP9frvMQwNxMIQm/22mI5fPZJnMIIMomZixmHJ1GUz
W3xt6l0itX8RBD3jz2P1UupMngsB6QWXOCjRSIJCt+AqRk4O/LF2t07c6jtiK9JD
LgwjDe5AmwicOXxJXwdigl3iLUnErwTb6d/TuOBd7AABwRG0d2YACog8CoSVPXt7
Dh6W7kxyeCgas6LKtpJnAOs18PkastlvTcy2oWbyBuZIXD4w1K/8gBbSSwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLJfC7pLkekoqEJKrR4MlSZPh2qLMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvc2w4THVrdVI2U2lvUWtxdEhneVZKay1IYW9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABrjCv/Vq7DyFNIpzgzW
xhcdKCbkkuui3pM1Id+G0ahZrSKPJDDP9kqJzVf/UdH0IW+FEp5hKOBxvZ+kRnSD
AXuivUPDzTwTyhEtvlqoxup86ditC6Uhe9tA5ZCsy17gFNj5/qyYtRmug4xAdJq6
bVhbcgRSt7FkuqxLXKmkKUVch/sVWGIuCLYd2rpETE5L7v/Q91JxxK1HlrOclNuM
LlO1uDUzgddZ7EaYnj5j6SYI17OWoOqwBZn61doWytwb7Xn9rfdkKPy8aoPaBv5w
Hbh009cj4vtqm0VF3FfFGCYv29dFk7LIstyiVSL0PXjhDBCJsUw4MC3i4S8NDLpi
TTA=
-----END CERTIFICATE-----