Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/uqB2BbwusHi64Qig1-a4jm7bowg.roa
File:                     uqB2BbwusHi64Qig1-a4jm7bowg.roa (raw, json)
Hash identifier:          GuyG0AU6GDr0XNDamrICSvHq2mFzLzoIYZicn4t1NPM=
Subject key identifier:   BA:A0:76:05:BC:2E:B0:78:BA:E1:08:A0:D7:E6:B8:8E:6E:DB:A3:08
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018969C46985098D29842ED0C27BDE53D9F8
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/uqB2BbwusHi64Qig1-a4jm7bowg.roa
Signing time:             Tue 18 Jul 2023 16:10:27 +0000
ROA not before:           Tue 18 Jul 2023 16:10:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:69:c4:69:85:09:8d:29:84:2e:d0:c2:7b:de:53:d9:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 18 16:10:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=baa07605bc2eb078bae108a0d7e6b88e6edba308
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:2e:9b:30:e6:e5:8f:b3:ef:e5:ef:df:4f:cf:
                    0c:32:fd:6f:8e:c6:82:85:48:65:9f:fb:73:ca:d3:
                    8c:cc:ba:30:20:4c:b7:65:2a:4e:69:91:78:0a:91:
                    bc:60:fe:59:97:5b:8b:53:57:d9:59:97:90:cc:d5:
                    9a:ff:3f:09:5e:f5:20:bb:96:ee:22:c2:94:98:75:
                    0f:7d:cc:f9:e5:43:45:a5:7a:79:3d:3c:5d:d3:de:
                    bc:05:77:cf:12:56:84:63:73:aa:84:98:e1:2e:52:
                    be:fd:37:e7:e7:09:f8:c8:4f:96:38:39:ad:cd:49:
                    b1:1c:5a:d6:39:54:24:87:41:13:4d:5e:1b:4f:3f:
                    e8:34:5c:d1:e4:f5:55:7f:a5:55:6e:84:32:1c:c5:
                    ad:da:f5:dc:8b:24:d1:62:f6:00:13:37:65:f6:0d:
                    5c:9a:36:4e:69:63:23:18:fe:96:40:8b:d0:58:9d:
                    43:01:5b:c7:23:55:98:d8:2f:43:6e:1b:36:51:46:
                    9a:3b:8d:33:4f:c4:fe:26:46:f9:46:6d:1c:79:ec:
                    cb:1a:e6:2d:df:ff:bc:26:e4:b0:48:41:76:4d:03:
                    86:a3:c0:8e:8f:8e:a0:a4:20:4e:45:4a:ea:30:77:
                    bd:41:11:f6:30:2b:39:4d:ac:c5:8c:a3:57:6b:41:
                    c2:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:A0:76:05:BC:2E:B0:78:BA:E1:08:A0:D7:E6:B8:8E:6E:DB:A3:08
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/uqB2BbwusHi64Qig1-a4jm7bowg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         37:4e:18:17:cb:ba:fa:09:f1:82:61:50:01:2d:00:2f:13:5d:
         04:86:ad:19:4d:ee:6e:39:00:c1:4a:3b:a2:2c:65:06:9c:19:
         e1:5c:04:58:ee:f3:db:9f:d1:0e:9c:76:0e:71:36:e4:2c:5c:
         d9:7f:fc:80:71:68:cd:0f:f0:fe:7a:cf:7f:04:89:dd:46:c6:
         1d:6a:64:b2:ab:26:98:db:08:99:d3:47:4a:82:52:de:7e:e7:
         2f:ae:ed:a8:e8:58:2c:de:b9:3a:d7:b2:70:16:f8:fc:19:2c:
         82:6a:19:89:50:2c:74:3d:33:d7:38:35:77:bf:c3:13:4c:6e:
         99:5c:c8:80:f3:cf:5a:ac:0a:a0:6f:53:d9:0a:37:c3:5a:c0:
         93:28:96:9d:54:15:04:06:93:33:b5:b3:7f:c8:71:9e:c6:31:
         1c:85:45:9a:1b:5e:68:5b:b9:61:3f:72:4d:63:b1:cf:b6:83:
         aa:c9:74:bb:2a:5e:d3:ee:32:d8:50:f5:47:41:2d:c6:83:5d:
         cd:a8:a6:68:c5:19:a7:2f:d3:89:bd:e4:2a:f7:17:c7:49:e6:
         aa:84:6e:1c:40:12:a4:57:c3:75:b1:87:e3:9d:ce:34:c3:2c:
         e3:75:22:37:81:92:8b:8f:29:67:8a:db:b6:26:ad:91:ab:a4:
         c3:b7:3d:66
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlpxGmFCY0phC7QwnveU9n4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzE4MTYxMDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWEwNzYwNWJjMmViMDc4YmFlMTA4YTBkN2U2Yjg4ZTZlZGJhMzA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4i6bMOblj7Pv5e/fT88MMv1vjsaC
hUhln/tzytOMzLowIEy3ZSpOaZF4CpG8YP5Zl1uLU1fZWZeQzNWa/z8JXvUgu5bu
IsKUmHUPfcz55UNFpXp5PTxd0968BXfPElaEY3OqhJjhLlK+/Tfn5wn4yE+WODmt
zUmxHFrWOVQkh0ETTV4bTz/oNFzR5PVVf6VVboQyHMWt2vXciyTRYvYAEzdl9g1c
mjZOaWMjGP6WQIvQWJ1DAVvHI1WY2C9Dbhs2UUaaO40zT8T+Jkb5Rm0ceezLGuYt
3/+8JuSwSEF2TQOGo8COj46gpCBORUrqMHe9QRH2MCs5TazFjKNXa0HC6QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLqgdgW8LrB4uuEIoNfmuI5u26MIMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvdXFCMkJid3VzSGk2NFFpZzEtYTRqbTdib3dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADdOGBfLuvoJ8YJhUAEt
AC8TXQSGrRlN7m45AMFKO6IsZQacGeFcBFju89uf0Q6cdg5xNuQsXNl//IBxaM0P
8P56z38Eid1Gxh1qZLKrJpjbCJnTR0qCUt5+5y+u7ajoWCzeuTrXsnAW+PwZLIJq
GYlQLHQ9M9c4NXe/wxNMbplcyIDzz1qsCqBvU9kKN8NawJMolp1UFQQGkzO1s3/I
cZ7GMRyFRZobXmhbuWE/ck1jsc+2g6rJdLsqXtPuMthQ9UdBLcaDXc2opmjFGacv
04m95Cr3F8dJ5qqEbhxAEqRXw3Wxh+OdzjTDLON1IjeBkouPKWeK27YmrZGrpMO3
PWY=
-----END CERTIFICATE-----