Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/vNT0bvexnaQjCxS4xgeOQvyIXhE.roa
File:                     vNT0bvexnaQjCxS4xgeOQvyIXhE.roa (raw, json)
Hash identifier:          FtskW/An+Dr0H3GFR7SnXYg0XL7Tgsd5v0q7GMdIYsU=
Subject key identifier:   BC:D4:F4:6E:F7:B1:9D:A4:23:0B:14:B8:C6:07:8E:42:FC:88:5E:11
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01896BB1E3D1AA9274A23812BE91C071C075
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/vNT0bvexnaQjCxS4xgeOQvyIXhE.roa
Signing time:             Wed 19 Jul 2023 01:09:27 +0000
ROA not before:           Wed 19 Jul 2023 01:09:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:6b:b1:e3:d1:aa:92:74:a2:38:12:be:91:c0:71:c0:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 19 01:09:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bcd4f46ef7b19da4230b14b8c6078e42fc885e11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:8f:d6:29:d6:b5:bd:e0:54:c7:6b:97:db:07:
                    09:e6:a4:7d:1e:42:68:87:6c:93:bb:b9:2d:1c:62:
                    d5:e7:2c:19:f5:3a:5c:45:5f:b5:19:91:d9:81:5f:
                    1e:f4:56:cf:d9:7d:b9:4b:da:08:38:6d:17:78:d0:
                    3f:0d:1d:02:27:0f:bd:3f:d2:53:e4:7b:b1:f3:4b:
                    b7:23:0f:00:8d:44:6c:58:ea:97:79:b9:da:7d:20:
                    b8:a4:5b:f9:e6:2c:dc:b7:f6:98:fb:56:41:a6:f7:
                    65:85:20:6a:06:5e:cb:79:19:ca:b3:10:44:eb:1f:
                    34:87:c9:5e:fe:d8:41:dd:e9:87:1d:fa:79:3d:84:
                    0b:29:c2:9c:cb:e4:57:eb:33:f6:24:b9:93:1d:ea:
                    7f:9c:c3:fc:b0:e6:59:a4:91:36:2a:71:a1:91:13:
                    ad:0d:71:00:0e:80:c6:cf:83:cb:25:2e:b5:3e:ae:
                    85:cd:dd:2c:98:df:a9:25:fd:96:9d:03:f0:80:a6:
                    6e:b8:d5:ff:45:ce:a3:29:a2:76:7f:ef:d7:c5:cd:
                    77:d9:dd:db:ff:44:21:68:82:71:58:3b:bb:24:48:
                    e9:d2:45:6a:7b:1a:2a:ce:f6:a9:72:29:1d:58:26:
                    85:f4:a3:e4:5a:90:b6:90:b8:87:60:98:ea:29:73:
                    db:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:D4:F4:6E:F7:B1:9D:A4:23:0B:14:B8:C6:07:8E:42:FC:88:5E:11
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/vNT0bvexnaQjCxS4xgeOQvyIXhE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         35:85:fa:c4:b2:ee:39:1f:92:1f:d9:12:14:af:e8:45:7e:5d:
         ad:a7:09:fd:39:0a:ae:9b:94:02:d1:00:e4:9d:66:5a:ad:7a:
         23:f3:74:35:0b:1a:9b:02:a8:fa:a1:d7:e7:14:f1:e2:90:87:
         71:b4:1c:b4:2f:4e:d1:11:36:99:57:a0:c9:96:6e:ef:c2:13:
         26:55:fc:32:7b:1b:46:d8:00:67:4e:e4:5c:da:42:f3:b5:19:
         fc:0c:59:66:1d:c3:92:9e:5a:b5:6e:08:76:ba:1e:7e:61:6b:
         93:0d:cf:4c:74:3f:8e:8d:38:04:30:4d:89:99:77:0d:0d:a8:
         69:13:ad:70:06:6f:4f:23:d3:dd:ff:8a:83:1f:ec:35:cc:d3:
         56:19:91:23:a2:51:d1:1f:e7:56:72:87:50:ee:26:bb:76:af:
         18:ab:b6:bf:ae:3a:fe:de:19:29:5d:db:ab:1d:3a:06:dc:54:
         25:c5:e4:0e:e5:8a:32:1f:2c:9b:6c:d2:ef:a6:ab:52:57:d3:
         11:dc:1c:5e:68:0e:61:b3:70:4f:6a:27:38:f3:02:d6:52:d1:
         46:e1:c0:06:d5:5d:4f:05:f6:63:ea:65:b2:37:34:16:d1:59:
         2a:71:3d:2a:2e:3a:f5:47:32:d0:ab:03:09:cb:b3:94:64:42:
         51:5f:4b:03
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlrsePRqpJ0ojgSvpHAccB1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzE5MDEwOTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2Q0ZjQ2ZWY3YjE5ZGE0MjMwYjE0YjhjNjA3OGU0MmZjODg1ZTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4/WKda1veBUx2uX2wcJ5qR9HkJo
h2yTu7ktHGLV5ywZ9TpcRV+1GZHZgV8e9FbP2X25S9oIOG0XeNA/DR0CJw+9P9JT
5Hux80u3Iw8AjURsWOqXebnafSC4pFv55izct/aY+1ZBpvdlhSBqBl7LeRnKsxBE
6x80h8le/thB3emHHfp5PYQLKcKcy+RX6zP2JLmTHep/nMP8sOZZpJE2KnGhkROt
DXEADoDGz4PLJS61Pq6Fzd0smN+pJf2WnQPwgKZuuNX/Rc6jKaJ2f+/Xxc132d3b
/0QhaIJxWDu7JEjp0kVqexoqzvapcikdWCaF9KPkWpC2kLiHYJjqKXPb7wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLzU9G73sZ2kIwsUuMYHjkL8iF4RMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvdk5UMGJ2ZXhuYVFqQ3hTNHhnZU9RdnlJWGhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADWF+sSy7jkfkh/ZEhSv
6EV+Xa2nCf05Cq6blALRAOSdZlqteiPzdDULGpsCqPqh1+cU8eKQh3G0HLQvTtER
NplXoMmWbu/CEyZV/DJ7G0bYAGdO5FzaQvO1GfwMWWYdw5KeWrVuCHa6Hn5ha5MN
z0x0P46NOAQwTYmZdw0NqGkTrXAGb08j093/ioMf7DXM01YZkSOiUdEf51Zyh1Du
Jrt2rxirtr+uOv7eGSld26sdOgbcVCXF5A7lijIfLJts0u+mq1JX0xHcHF5oDmGz
cE9qJzjzAtZS0UbhwAbVXU8F9mPqZbI3NBbRWSpxPSouOvVHMtCrAwnLs5RkQlFf
SwM=
-----END CERTIFICATE-----