Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xPIZmIscdTWTcIDFE8SqiwWuAAI.roa
File:                     xPIZmIscdTWTcIDFE8SqiwWuAAI.roa (raw, json)
Hash identifier:          sD2lSCi7bF/lxq10HuAM3TqjGUZyb7YBeIiLiFEAv/Y=
Subject key identifier:   C4:F2:19:98:8B:1C:75:35:93:70:80:C5:13:C4:AA:8B:05:AE:00:02
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01888B0AF94B4D90C70D015A9482EAD2DC61
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xPIZmIscdTWTcIDFE8SqiwWuAAI.roa
Signing time:             Mon 05 Jun 2023 10:12:12 +0000
ROA not before:           Mon 05 Jun 2023 10:12:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:8b:0a:f9:4b:4d:90:c7:0d:01:5a:94:82:ea:d2:dc:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  5 10:12:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c4f219988b1c7535937080c513c4aa8b05ae0002
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:ad:c4:2e:a7:cd:44:2e:70:2c:23:97:0d:14:
                    8c:64:7a:ae:d3:ec:ad:58:1f:ae:19:17:ed:90:0d:
                    ac:df:76:64:ec:e8:98:4c:ab:84:09:60:07:8c:fe:
                    19:d9:77:33:f6:a2:38:69:b9:7e:f1:dc:50:02:4a:
                    ea:f1:c4:56:ac:11:0f:18:ff:bf:82:c5:ba:07:dd:
                    08:e5:b6:50:d4:d5:c2:1f:0d:de:17:48:50:8f:75:
                    71:1b:df:c3:6b:e8:14:88:0c:03:8b:64:f7:f9:a6:
                    1d:f9:ab:45:48:24:27:14:58:bc:7a:e2:a8:70:d9:
                    8b:61:5b:6d:05:f9:05:d4:4c:5d:e7:d2:87:37:8e:
                    0d:3a:3f:9e:9b:e8:f0:95:10:b0:8a:44:f0:fb:ad:
                    b3:f3:79:9b:5c:4e:99:b1:9b:7b:a9:7f:ed:4b:1f:
                    0f:dd:a3:4c:1b:66:33:cc:e4:6a:1f:ff:45:d6:e7:
                    23:fd:9c:d5:d5:07:6f:19:39:47:ec:51:26:28:86:
                    14:6d:73:6b:cb:38:45:35:db:b9:e2:6a:b8:d8:64:
                    e4:ce:bd:32:6a:5b:bc:69:5b:b7:61:5a:4d:ee:f0:
                    59:87:d8:65:ee:ca:73:a7:51:02:2b:76:18:dd:e8:
                    04:41:67:5a:d9:06:a3:f2:32:9d:3a:7a:d1:f9:0b:
                    57:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:F2:19:98:8B:1C:75:35:93:70:80:C5:13:C4:AA:8B:05:AE:00:02
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xPIZmIscdTWTcIDFE8SqiwWuAAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         ac:b1:69:0b:8e:0d:93:74:af:be:b9:2a:35:f0:da:d9:38:e2:
         15:06:58:8a:b1:64:98:2e:6d:a9:75:4b:92:02:83:b0:30:58:
         25:c8:04:3d:1e:07:ba:2b:eb:1b:cc:05:73:3b:56:db:a8:63:
         6a:ea:36:a1:22:a2:14:36:59:b6:2e:65:9b:bc:12:73:1a:04:
         a4:79:f9:93:7e:d7:38:3e:05:b1:fb:76:98:6a:80:b8:64:29:
         17:9e:0f:0f:4f:97:99:0a:ae:d8:d6:34:d9:5c:49:65:c2:43:
         e9:ff:32:34:50:87:af:78:c6:25:f5:48:38:c3:76:45:f9:0f:
         26:f4:4d:cf:36:b7:5a:84:37:8c:3d:00:6e:96:09:11:ba:f0:
         33:ed:fb:43:66:76:31:97:ac:05:01:30:60:86:a0:a3:cd:7b:
         a8:a2:a2:11:05:ae:f9:28:e9:b1:75:d9:55:10:82:dd:cd:34:
         de:f5:9f:c3:17:d3:0d:87:d3:f0:cd:61:4c:49:6b:4a:dd:2c:
         43:19:85:77:9e:41:62:9d:63:48:e5:0f:13:18:1e:12:db:56:
         69:aa:ca:da:39:66:8c:75:ca:37:62:92:c0:2f:33:c9:b2:13:
         9b:80:7e:b0:53:96:1b:69:f4:88:84:73:50:fa:cb:9c:4a:e7:
         a9:34:df:79
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiLCvlLTZDHDQFalILq0txhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA1MTAxMjEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGYyMTk5ODhiMWM3NTM1OTM3MDgwYzUxM2M0YWE4YjA1YWUwMDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh63ELqfNRC5wLCOXDRSMZHqu0+yt
WB+uGRftkA2s33Zk7OiYTKuECWAHjP4Z2Xcz9qI4abl+8dxQAkrq8cRWrBEPGP+/
gsW6B90I5bZQ1NXCHw3eF0hQj3VxG9/Da+gUiAwDi2T3+aYd+atFSCQnFFi8euKo
cNmLYVttBfkF1Exd59KHN44NOj+em+jwlRCwikTw+62z83mbXE6ZsZt7qX/tSx8P
3aNMG2YzzORqH/9F1ucj/ZzV1QdvGTlH7FEmKIYUbXNryzhFNdu54mq42GTkzr0y
alu8aVu3YVpN7vBZh9hl7spzp1ECK3YY3egEQWda2Qaj8jKdOnrR+QtXFQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMTyGZiLHHU1k3CAxRPEqosFrgACMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEveFBJWm1Jc2NkVFdUY0lERkU4U3Fpd1d1QUFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKyxaQuODZN0r765KjXw
2tk44hUGWIqxZJgubal1S5ICg7AwWCXIBD0eB7or6xvMBXM7VtuoY2rqNqEiohQ2
WbYuZZu8EnMaBKR5+ZN+1zg+BbH7dphqgLhkKReeDw9Pl5kKrtjWNNlcSWXCQ+n/
MjRQh694xiX1SDjDdkX5Dyb0Tc82t1qEN4w9AG6WCRG68DPt+0NmdjGXrAUBMGCG
oKPNe6iiohEFrvko6bF12VUQgt3NNN71n8MX0w2H0/DNYUxJa0rdLEMZhXeeQWKd
Y0jlDxMYHhLbVmmqyto5Zox1yjdiksAvM8myE5uAfrBTlhtp9IiEc1D6y5xK56k0
33k=
-----END CERTIFICATE-----