Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/uaTJgA6CveQQjWjhYJJLmwu4ddc.roa
File:                     uaTJgA6CveQQjWjhYJJLmwu4ddc.roa (raw, json)
Hash identifier:          nNoJHY6C65G+5Ad00X5PPfxpvqQ4Yw08isDUIiUY8A8=
Subject key identifier:   B9:A4:C9:80:0E:82:BD:E4:10:8D:68:E1:60:92:4B:9B:0B:B8:75:D7
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188947B11C4BD3C8A5E573B2CA5A6B3076F
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/uaTJgA6CveQQjWjhYJJLmwu4ddc.roa
Signing time:             Wed 07 Jun 2023 06:11:13 +0000
ROA not before:           Wed 07 Jun 2023 06:11:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:94:7b:11:c4:bd:3c:8a:5e:57:3b:2c:a5:a6:b3:07:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  7 06:11:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b9a4c9800e82bde4108d68e160924b9b0bb875d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:da:91:40:3d:cf:52:75:9b:8a:05:ed:f8:7b:
                    b0:62:47:ca:02:4e:f0:e3:6d:bc:71:aa:78:0b:ea:
                    63:df:8e:96:7f:8c:a5:18:cd:14:f7:02:89:24:3b:
                    ca:fe:5a:45:b4:06:a4:98:a9:72:3c:ed:ac:c9:02:
                    bc:52:a1:8c:50:74:6f:3d:c3:e2:cf:5c:7a:76:09:
                    ee:42:69:67:53:56:76:aa:12:32:df:98:85:7f:02:
                    e7:36:fb:ce:e4:65:35:5e:88:e6:c0:bf:2a:25:5d:
                    6e:98:d6:50:19:d8:f2:dc:4a:24:5e:48:88:f6:86:
                    46:18:0c:92:97:d7:50:c1:90:88:4a:f4:ae:43:4a:
                    23:2f:31:db:16:50:38:5a:97:17:f6:da:1e:c0:5e:
                    a1:14:20:cc:bb:8c:06:54:d6:06:03:1d:54:dd:7a:
                    34:7c:10:13:eb:9f:0f:73:05:70:2e:05:17:dc:89:
                    77:24:21:1c:f0:7d:85:62:a0:5a:4b:1c:1a:03:49:
                    5f:b6:7f:52:7a:ab:f7:4c:15:71:f9:f5:d7:5d:ea:
                    fe:f9:92:ec:4a:07:94:8f:44:cc:0e:92:19:6b:85:
                    3a:fc:dc:39:be:42:70:11:fe:ad:7a:2f:4a:32:d9:
                    45:93:17:ca:cd:ab:74:9b:53:f1:c9:44:28:85:0f:
                    4f:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:A4:C9:80:0E:82:BD:E4:10:8D:68:E1:60:92:4B:9B:0B:B8:75:D7
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/uaTJgA6CveQQjWjhYJJLmwu4ddc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         53:1f:42:c6:71:15:ef:4e:e3:0c:4e:b0:08:25:c7:7e:73:10:
         19:84:f1:a6:a1:e5:db:cb:75:5a:4b:ca:c3:db:23:db:c5:9a:
         37:ea:e0:7c:75:b0:d4:af:0f:de:14:96:5c:af:8b:f1:1b:d9:
         86:01:f6:3c:67:e6:4f:85:ed:49:9f:0d:64:3b:9b:df:35:5e:
         e1:d9:2c:a2:de:da:62:f0:56:9f:43:21:9c:7f:4c:a9:9b:1e:
         5c:16:e3:15:dd:57:09:64:1f:15:a3:df:d6:41:70:57:72:2d:
         5f:ab:dc:37:5c:a2:0e:9c:f5:e6:b2:55:78:c7:11:58:57:13:
         77:0b:e3:56:6f:e5:ca:24:3b:52:d5:f6:a0:61:f7:f0:f7:b1:
         f9:c2:29:4a:f5:9d:91:c6:37:a6:02:38:81:3b:60:b4:9b:45:
         11:8b:ed:de:be:f9:2b:43:af:91:3d:85:a1:aa:71:50:f7:d4:
         07:85:56:e4:54:6b:34:be:ba:b8:ff:b3:1c:82:37:51:a3:ea:
         a8:84:79:27:6d:99:db:b8:1f:a4:90:ba:67:9c:81:f0:23:63:
         a1:b7:57:c9:b5:51:3f:20:cb:f7:bf:12:03:87:c3:d2:93:38:
         bc:90:ff:2f:de:d3:da:c1:ac:75:4a:ca:a2:c2:0e:16:b1:54:
         12:f7:4c:a4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiUexHEvTyKXlc7LKWmswdvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA3MDYxMTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWE0Yzk4MDBlODJiZGU0MTA4ZDY4ZTE2MDkyNGI5YjBiYjg3NWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjtqRQD3PUnWbigXt+HuwYkfKAk7w
4228cap4C+pj346Wf4ylGM0U9wKJJDvK/lpFtAakmKlyPO2syQK8UqGMUHRvPcPi
z1x6dgnuQmlnU1Z2qhIy35iFfwLnNvvO5GU1XojmwL8qJV1umNZQGdjy3EokXkiI
9oZGGAySl9dQwZCISvSuQ0ojLzHbFlA4WpcX9toewF6hFCDMu4wGVNYGAx1U3Xo0
fBAT658PcwVwLgUX3Il3JCEc8H2FYqBaSxwaA0lftn9Seqv3TBVx+fXXXer++ZLs
SgeUj0TMDpIZa4U6/Nw5vkJwEf6tei9KMtlFkxfKzat0m1PxyUQohQ9PyQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLmkyYAOgr3kEI1o4WCSS5sLuHXXMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvdWFUSmdBNkN2ZVFRaldqaFlKSkxtd3U0ZGRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFMfQsZxFe9O4wxOsAgl
x35zEBmE8aah5dvLdVpLysPbI9vFmjfq4Hx1sNSvD94Ullyvi/Eb2YYB9jxn5k+F
7UmfDWQ7m981XuHZLKLe2mLwVp9DIZx/TKmbHlwW4xXdVwlkHxWj39ZBcFdyLV+r
3Ddcog6c9eayVXjHEVhXE3cL41Zv5cokO1LV9qBh9/D3sfnCKUr1nZHGN6YCOIE7
YLSbRRGL7d6++StDr5E9haGqcVD31AeFVuRUazS+urj/sxyCN1Gj6qiEeSdtmdu4
H6SQumecgfAjY6G3V8m1UT8gy/e/EgOHw9KTOLyQ/y/e09rBrHVKyqLCDhaxVBL3
TKQ=
-----END CERTIFICATE-----