Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/wrG-VD10MlTIcrYpyD0HF-FHDmQ.roa
File:                     wrG-VD10MlTIcrYpyD0HF-FHDmQ.roa (raw, json)
Hash identifier:          7SUV21oy7d9r13tg+AIw49uylCQTFovReuNO5lj+TnI=
Subject key identifier:   C2:B1:BE:54:3D:74:32:54:C8:72:B6:29:C8:3D:07:17:E1:47:0E:64
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018896679B770A01F3A92F4D79104ECFDFA4
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/wrG-VD10MlTIcrYpyD0HF-FHDmQ.roa
Signing time:             Wed 07 Jun 2023 15:09:12 +0000
ROA not before:           Wed 07 Jun 2023 15:09:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:96:67:9b:77:0a:01:f3:a9:2f:4d:79:10:4e:cf:df:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  7 15:09:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c2b1be543d743254c872b629c83d0717e1470e64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:80:be:fd:b9:43:59:c6:45:a5:d8:d6:12:3f:
                    3e:11:f7:6f:dc:0d:fb:65:a0:c2:ab:57:cb:1d:3d:
                    4e:bf:d4:a6:1f:5b:36:50:c8:1c:c0:e0:f3:a9:e6:
                    d4:2b:9b:af:86:71:90:77:da:b7:86:b8:2c:6d:ca:
                    67:1b:6d:01:c8:18:38:a5:b1:47:5f:68:e3:51:46:
                    d4:d2:ea:3c:ad:ec:00:c1:8b:db:1a:19:48:0c:83:
                    72:de:1c:50:18:3d:9b:dc:1a:4e:9b:75:f2:a8:60:
                    7e:5c:83:6e:a8:b8:cc:7e:3e:ed:ef:bd:d9:58:9f:
                    5c:79:be:97:70:87:f5:3f:73:2a:84:89:65:cb:e5:
                    72:bf:a0:73:2d:c2:e2:d3:d1:8f:5f:41:42:56:7e:
                    5c:d5:fb:26:f3:f2:59:98:28:04:3b:e0:c8:b8:be:
                    c9:a9:19:07:12:25:a0:12:d2:56:5a:9b:e1:3d:40:
                    62:ff:78:a0:d0:7e:a2:02:4a:2e:e7:85:fb:e2:dd:
                    19:1d:42:e5:d1:ef:61:a0:e0:bd:2a:08:06:37:b8:
                    a3:b0:7e:dd:6a:a7:7d:65:50:3c:6e:96:97:85:1d:
                    b2:9b:07:5c:0c:9b:9f:0e:9d:f2:a4:54:d3:8c:bf:
                    5f:e5:62:6b:cc:ef:41:b8:13:5c:d7:ba:82:98:a8:
                    d4:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:B1:BE:54:3D:74:32:54:C8:72:B6:29:C8:3D:07:17:E1:47:0E:64
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/wrG-VD10MlTIcrYpyD0HF-FHDmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         57:2c:e1:a0:2c:1e:56:a9:7f:a6:e4:56:17:41:90:55:91:40:
         01:bb:a2:25:6f:16:7b:f7:41:93:d8:78:e0:e0:84:c6:f1:08:
         66:47:f3:c9:e7:34:06:c0:34:19:58:18:a5:3f:bd:94:bb:82:
         8a:a3:53:ea:a7:32:ce:af:e8:85:c7:a1:29:da:0e:23:9e:31:
         fa:7c:98:29:c9:cb:81:f0:2b:ae:50:2e:48:f7:6d:21:29:69:
         0b:71:43:46:c1:fc:0a:5c:08:f1:71:25:77:8a:a9:b7:01:a1:
         b1:8f:95:b7:aa:d9:a7:7c:23:67:de:cc:b3:da:de:86:42:c2:
         12:3f:a9:ae:d9:cb:e9:d1:37:26:d5:9c:b3:f7:d7:a1:db:c8:
         a1:2b:a7:53:b2:6b:f8:c3:bd:5e:38:f8:f7:56:98:43:fb:73:
         a3:8a:5b:0e:dc:c3:7a:7c:4d:92:f9:f1:a2:e5:4e:27:d7:10:
         32:17:7d:ff:84:88:c1:1a:ac:f9:2d:df:f5:9c:b5:a4:cf:3e:
         97:d9:36:a4:85:f9:c2:6a:ee:d3:88:2b:61:fc:20:b8:d6:da:
         88:4e:57:8a:3d:d3:d5:69:4f:ec:9b:f5:04:fa:19:aa:26:8c:
         71:a6:8b:18:ea:60:c4:70:47:48:62:41:1a:3c:9e:99:4f:7a:
         58:b5:e0:2c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiWZ5t3CgHzqS9NeRBOz9+kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA3MTUwOTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmIxYmU1NDNkNzQzMjU0Yzg3MmI2MjljODNkMDcxN2UxNDcwZTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYC+/blDWcZFpdjWEj8+Efdv3A37
ZaDCq1fLHT1Ov9SmH1s2UMgcwODzqebUK5uvhnGQd9q3hrgsbcpnG20ByBg4pbFH
X2jjUUbU0uo8rewAwYvbGhlIDINy3hxQGD2b3BpOm3XyqGB+XINuqLjMfj7t773Z
WJ9ceb6XcIf1P3MqhIlly+Vyv6BzLcLi09GPX0FCVn5c1fsm8/JZmCgEO+DIuL7J
qRkHEiWgEtJWWpvhPUBi/3ig0H6iAkou54X74t0ZHULl0e9hoOC9KggGN7ijsH7d
aqd9ZVA8bpaXhR2ymwdcDJufDp3ypFTTjL9f5WJrzO9BuBNc17qCmKjU0QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMKxvlQ9dDJUyHK2Kcg9BxfhRw5kMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvd3JHLVZEMTBNbFRJY3JZcHlEMEhGLUZIRG1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFcs4aAsHlapf6bkVhdB
kFWRQAG7oiVvFnv3QZPYeODghMbxCGZH88nnNAbANBlYGKU/vZS7goqjU+qnMs6v
6IXHoSnaDiOeMfp8mCnJy4HwK65QLkj3bSEpaQtxQ0bB/ApcCPFxJXeKqbcBobGP
lbeq2ad8I2fezLPa3oZCwhI/qa7Zy+nRNybVnLP316HbyKErp1Oya/jDvV44+PdW
mEP7c6OKWw7cw3p8TZL58aLlTifXEDIXff+EiMEarPkt3/WctaTPPpfZNqSF+cJq
7tOIK2H8ILjW2ohOV4o909VpT+yb9QT6GaomjHGmixjqYMRwR0hiQRo8nplPeli1
4Cw=
-----END CERTIFICATE-----