Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xS_RvMZt1YUW8B-NMk1h4zGjNEY.roa
File:                     xS_RvMZt1YUW8B-NMk1h4zGjNEY.roa (raw, json)
Hash identifier:          6ipN9GCjl0RgUrdBk0uvOyUdvF8fxiDhdra4MluAJto=
Subject key identifier:   C5:2F:D1:BC:C6:6D:D5:85:16:F0:1F:8D:32:4D:61:E3:31:A3:34:46
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01882E1AE45BA33DE162DD455728209944BD
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xS_RvMZt1YUW8B-NMk1h4zGjNEY.roa
Signing time:             Thu 18 May 2023 09:04:54 +0000
ROA not before:           Thu 18 May 2023 09:04:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:188:2e1a:aaa9/128 maxlen: 128
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:2e:1a:e4:5b:a3:3d:e1:62:dd:45:57:28:20:99:44:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 18 09:04:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c52fd1bcc66dd58516f01f8d324d61e331a33446
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:bb:a2:6c:3d:7f:89:28:d2:d4:9f:7c:15:35:
                    30:b0:29:d6:51:4e:48:75:e1:97:dd:9f:73:15:df:
                    68:45:6f:b8:32:56:28:10:fc:fc:2a:8f:35:ad:9d:
                    f9:49:f7:55:9e:b5:b1:22:f3:82:dc:42:b5:a6:fd:
                    b0:1d:d0:a6:62:17:76:9c:41:dc:16:26:56:4a:05:
                    71:b1:9a:87:b8:9f:fb:71:33:72:74:3a:98:92:27:
                    9e:29:58:56:66:ff:1b:48:24:68:2b:40:8c:a2:62:
                    d9:e3:66:1c:41:3d:94:d1:4e:f2:7b:c3:7e:b4:ef:
                    99:4f:1c:a6:a6:61:03:43:e5:e8:a1:82:40:46:8f:
                    36:5f:97:0c:1f:b9:fb:6d:63:b5:73:9c:f9:e7:57:
                    ca:d7:6f:c4:7c:eb:ca:45:25:d5:ac:a7:d2:5a:f8:
                    76:67:30:f9:37:4e:d5:0f:73:80:f1:75:73:cc:53:
                    64:70:21:3f:ee:f7:22:47:28:a0:21:ef:b6:ba:62:
                    6a:a0:c6:aa:f3:8f:cb:71:4b:a4:e1:ea:aa:48:59:
                    74:b9:35:49:9a:4a:f7:7b:6e:e4:71:b3:3d:4d:8a:
                    19:06:17:8e:f0:20:70:76:c9:a1:0d:aa:cf:7c:77:
                    92:b4:0c:64:5e:0d:00:d7:6a:05:c5:33:e5:c9:86:
                    00:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:2F:D1:BC:C6:6D:D5:85:16:F0:1F:8D:32:4D:61:E3:31:A3:34:46
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xS_RvMZt1YUW8B-NMk1h4zGjNEY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a5:d7:01:e6:c8:4b:19:5c:64:46:60:d3:59:11:41:2f:9f:bd:
         ea:1d:d0:b5:15:ce:c0:20:4f:13:be:b2:89:02:25:d6:e4:c7:
         e5:c9:1e:8b:01:2a:72:a1:84:7d:02:ec:19:ba:db:34:6e:d8:
         ab:ac:14:e3:1d:96:7e:6b:9b:dc:82:e4:10:94:83:5f:86:58:
         0c:a8:fd:87:0f:3f:fb:a6:a2:80:23:7f:74:d1:db:f4:39:a7:
         af:f3:a5:f9:2a:10:ea:72:59:a6:ca:52:35:1e:8d:8d:5d:23:
         12:be:fa:85:9f:b0:19:48:90:57:92:12:69:0f:63:81:ca:df:
         8e:5c:84:3b:10:8f:49:65:0a:e3:e4:c7:0a:c2:85:0c:30:dd:
         df:0e:00:b2:dd:0d:2a:bc:c2:b4:23:11:c6:71:e9:02:c7:2a:
         c5:8d:cc:63:eb:67:47:de:22:93:52:bd:79:9b:50:df:fc:79:
         b4:1a:34:78:fe:a0:fb:33:7b:63:ab:ea:d4:0d:78:ad:90:21:
         c4:8b:7e:92:42:5a:46:91:60:3d:1e:a7:90:f3:b2:4b:51:21:
         40:d8:e6:9d:72:4d:2c:5d:88:b4:1c:fb:3c:17:e9:b8:36:0d:
         4b:81:b2:4c:07:f7:5e:76:fe:f1:54:ad:c2:20:fa:ff:01:d0:
         b8:df:22:83
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYguGuRboz3hYt1FVyggmUS9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTE4MDkwNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTJmZDFiY2M2NmRkNTg1MTZmMDFmOGQzMjRkNjFlMzMxYTMzNDQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlbuibD1/iSjS1J98FTUwsCnWUU5I
deGX3Z9zFd9oRW+4MlYoEPz8Ko81rZ35SfdVnrWxIvOC3EK1pv2wHdCmYhd2nEHc
FiZWSgVxsZqHuJ/7cTNydDqYkieeKVhWZv8bSCRoK0CMomLZ42YcQT2U0U7ye8N+
tO+ZTxympmEDQ+XooYJARo82X5cMH7n7bWO1c5z551fK12/EfOvKRSXVrKfSWvh2
ZzD5N07VD3OA8XVzzFNkcCE/7vciRyigIe+2umJqoMaq84/LcUuk4eqqSFl0uTVJ
mkr3e27kcbM9TYoZBheO8CBwdsmhDarPfHeStAxkXg0A12oFxTPlyYYAuwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMUv0bzGbdWFFvAfjTJNYeMxozRGMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEveFNfUnZNWnQxWVVXOEItTk1rMWg0ekdqTkVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKXXAebISxlcZEZg01kR
QS+fveod0LUVzsAgTxO+sokCJdbkx+XJHosBKnKhhH0C7Bm62zRu2KusFOMdln5r
m9yC5BCUg1+GWAyo/YcPP/umooAjf3TR2/Q5p6/zpfkqEOpyWabKUjUejY1dIxK+
+oWfsBlIkFeSEmkPY4HK345chDsQj0llCuPkxwrChQww3d8OALLdDSq8wrQjEcZx
6QLHKsWNzGPrZ0feIpNSvXmbUN/8ebQaNHj+oPsze2Or6tQNeK2QIcSLfpJCWkaR
YD0ep5DzsktRIUDY5p1yTSxdiLQc+zwX6bg2DUuBskwH9152/vFUrcIg+v8B0Ljf
IoM=
-----END CERTIFICATE-----