Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/v2q5gmukpWapdoMDWzb7AUCUAQc.roa
File:                     v2q5gmukpWapdoMDWzb7AUCUAQc.roa (raw, json)
Hash identifier:          /UvKDZD3TwpxKmhyxNdXLAGrPDI4ebf6W7RqVS1tOYc=
Subject key identifier:   BF:6A:B9:82:6B:A4:A5:66:A9:76:83:03:5B:36:FB:01:40:94:01:07
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188A800357B13110FF119C8654A32CCB155
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/v2q5gmukpWapdoMDWzb7AUCUAQc.roa
Signing time:             Sun 11 Jun 2023 01:09:25 +0000
ROA not before:           Sun 11 Jun 2023 01:09:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:a8:00:35:7b:13:11:0f:f1:19:c8:65:4a:32:cc:b1:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 11 01:09:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bf6ab9826ba4a566a97683035b36fb0140940107
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:02:e8:ae:bc:93:62:46:55:a9:bf:0a:2e:08:
                    9e:5c:c2:64:bb:58:48:41:a3:6a:12:71:15:a4:95:
                    f6:4f:87:c6:13:82:b2:ab:4a:03:bc:dd:e0:a8:49:
                    f4:80:6c:02:9d:05:ba:22:ae:9b:85:05:2d:78:98:
                    64:76:78:e1:a3:76:5f:b1:94:ae:b9:e8:f1:10:0b:
                    e3:e6:eb:fe:94:81:f9:68:d4:87:ee:11:82:52:eb:
                    c1:0e:37:7c:c2:68:04:e1:18:95:ba:c2:4b:9a:1a:
                    d8:d8:3b:7e:10:0c:cb:38:d5:53:13:20:f9:c8:9f:
                    a3:91:b8:50:dd:b6:da:ea:23:59:c8:bc:25:b2:82:
                    94:80:a1:e9:d2:e4:a1:2d:d0:53:51:b2:7d:d7:8f:
                    4f:9c:79:19:8c:d5:00:39:d3:73:a7:6a:d1:54:7e:
                    da:ae:dd:fa:ee:89:f2:72:76:3f:6b:e8:ec:66:0c:
                    17:e1:59:ee:4f:00:69:1f:d5:13:08:16:d6:8a:35:
                    7a:8c:69:64:a8:3b:d8:0c:47:61:22:fe:5f:ae:f0:
                    90:22:f4:98:7b:b0:ae:3f:fe:46:23:b7:ff:d4:47:
                    62:7a:f6:98:e4:30:a9:f6:7a:8b:a6:18:37:84:10:
                    d3:48:1a:3a:08:3b:23:cc:f8:84:40:a2:69:1f:a5:
                    f9:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:6A:B9:82:6B:A4:A5:66:A9:76:83:03:5B:36:FB:01:40:94:01:07
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/v2q5gmukpWapdoMDWzb7AUCUAQc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         57:dd:ac:ca:f9:f6:5f:bd:2c:3c:18:15:13:ea:1f:15:a8:57:
         e2:28:6f:8b:06:37:74:4b:05:2d:81:b1:26:58:d7:b4:ab:e1:
         a9:75:11:9c:bf:9d:b9:09:59:a0:ef:e0:97:64:4f:44:b7:df:
         6c:34:c2:48:b3:ee:81:e3:6d:e8:dc:9c:86:7e:eb:31:3e:52:
         2c:b9:09:61:47:9f:88:41:78:1e:94:0f:eb:0c:24:b8:6e:cd:
         c6:bf:8e:9f:db:eb:72:0c:48:5b:43:b4:96:fc:cc:29:10:3a:
         ad:e5:2a:8a:6e:f7:f5:35:c2:e6:fe:68:47:37:37:c6:6e:8b:
         50:16:00:31:54:5d:da:e1:8d:e9:95:10:06:8e:8b:08:79:86:
         a4:1b:03:da:22:31:40:44:e3:2f:12:af:11:c0:36:ff:af:28:
         b9:4e:ea:5a:1b:76:79:1d:eb:f9:60:71:29:c1:d9:35:40:a5:
         6d:aa:25:5c:24:3f:9e:17:14:ba:4e:fb:12:93:9f:a6:e2:77:
         c7:9e:f8:7b:b2:b1:41:fa:f9:8e:8c:b0:78:f5:0e:00:17:5e:
         07:db:7f:f2:03:2c:8b:b6:3d:b4:26:55:5f:73:21:40:60:7a:
         44:a3:53:44:89:f4:a0:5c:f4:55:87:9e:fa:83:07:a2:6e:d9:
         90:7d:1f:54
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYioADV7ExEP8RnIZUoyzLFVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjExMDEwOTI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjZhYjk4MjZiYTRhNTY2YTk3NjgzMDM1YjM2ZmIwMTQwOTQwMTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzQLorryTYkZVqb8KLgieXMJku1hI
QaNqEnEVpJX2T4fGE4Kyq0oDvN3gqEn0gGwCnQW6Iq6bhQUteJhkdnjho3ZfsZSu
uejxEAvj5uv+lIH5aNSH7hGCUuvBDjd8wmgE4RiVusJLmhrY2Dt+EAzLONVTEyD5
yJ+jkbhQ3bba6iNZyLwlsoKUgKHp0uShLdBTUbJ9149PnHkZjNUAOdNzp2rRVH7a
rt367onycnY/a+jsZgwX4VnuTwBpH9UTCBbWijV6jGlkqDvYDEdhIv5frvCQIvSY
e7CuP/5GI7f/1EdievaY5DCp9nqLphg3hBDTSBo6CDsjzPiEQKJpH6X5aQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFL9quYJrpKVmqXaDA1s2+wFAlAEHMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvdjJxNWdtdWtwV2FwZG9NRFd6YjdBVUNVQVFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFfdrMr59l+9LDwYFRPq
HxWoV+Iob4sGN3RLBS2BsSZY17Sr4al1EZy/nbkJWaDv4JdkT0S332w0wkiz7oHj
bejcnIZ+6zE+Uiy5CWFHn4hBeB6UD+sMJLhuzca/jp/b63IMSFtDtJb8zCkQOq3l
Kopu9/U1wub+aEc3N8Zui1AWADFUXdrhjemVEAaOiwh5hqQbA9oiMUBE4y8SrxHA
Nv+vKLlO6lobdnkd6/lgcSnB2TVApW2qJVwkP54XFLpO+xKTn6bid8ee+HuysUH6
+Y6MsHj1DgAXXgfbf/IDLIu2PbQmVV9zIUBgekSjU0SJ9KBc9FWHnvqDB6Ju2ZB9
H1Q=
-----END CERTIFICATE-----