Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xTOLLLKuf-KytYv9ZY8hyTjq4J4.roa
File:                     xTOLLLKuf-KytYv9ZY8hyTjq4J4.roa (raw, json)
Hash identifier:          q92RgWG578mkFOoc2T0VH3Pg+GcangOs6szGM+EuQw4=
Subject key identifier:   C5:33:8B:2C:B2:AE:7F:E2:B2:B5:8B:FD:65:8F:21:C9:38:EA:E0:9E
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188CD55FC9DAB1BBF94F50A43CA7A73C603
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xTOLLLKuf-KytYv9ZY8hyTjq4J4.roa
Signing time:             Sun 18 Jun 2023 07:09:04 +0000
ROA not before:           Sun 18 Jun 2023 07:09:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:cd:55:fc:9d:ab:1b:bf:94:f5:0a:43:ca:7a:73:c6:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 18 07:09:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c5338b2cb2ae7fe2b2b58bfd658f21c938eae09e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:8d:89:22:ff:56:2c:ad:c9:b9:95:9a:3c:73:
                    ce:df:fb:6b:2a:7c:5f:de:d0:b3:bf:69:d7:88:3f:
                    aa:9a:f8:49:f3:7d:8b:ae:c4:21:c3:2f:2c:29:39:
                    c1:30:b3:7b:76:55:1e:66:cd:a4:37:57:d7:fb:b8:
                    3c:37:c9:f8:ae:36:d9:fc:42:4c:b9:ad:4d:ea:58:
                    9e:04:ff:1f:da:27:96:ab:9b:5f:b7:42:f0:34:68:
                    1f:06:e8:7a:52:05:33:af:84:88:38:f8:d5:e0:5b:
                    f8:c1:7f:c9:32:dc:ad:c0:e0:46:92:78:f0:ec:f2:
                    55:df:8e:18:d9:e2:23:34:96:95:2d:a6:23:68:3b:
                    14:a3:70:d1:26:61:9c:09:ae:45:84:74:65:0e:cc:
                    aa:b9:70:cc:f3:8b:dc:3f:d3:78:b7:46:b5:c3:6f:
                    0b:2d:0d:d1:31:9d:e1:0d:54:ac:ff:0e:fe:40:0d:
                    32:18:a3:72:52:e3:3a:14:84:ce:d2:d4:63:9f:d5:
                    78:04:14:b7:51:73:92:ad:2a:72:d0:d4:c1:bd:50:
                    85:17:89:0f:a3:f1:4a:c0:fa:38:bf:21:c1:21:51:
                    22:c8:bd:a5:c7:6f:7b:6c:a1:54:29:d4:10:41:4b:
                    86:8c:93:a0:7c:b3:31:05:5d:1a:d0:a6:88:69:bd:
                    fd:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:33:8B:2C:B2:AE:7F:E2:B2:B5:8B:FD:65:8F:21:C9:38:EA:E0:9E
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xTOLLLKuf-KytYv9ZY8hyTjq4J4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         09:22:b5:18:cc:ee:7c:e5:d0:a1:1b:ce:11:1f:5d:eb:3b:ac:
         35:e7:13:74:b8:66:b9:90:f8:34:f1:45:54:bd:ca:63:bb:a0:
         f5:26:f1:2b:db:72:46:ed:fc:13:1e:a5:ff:dc:4d:85:a6:e4:
         54:69:1d:70:29:e5:fe:71:83:d9:77:80:18:57:25:60:24:74:
         44:29:98:04:53:f7:8c:70:04:34:c3:77:ea:27:c7:fc:72:a4:
         93:fb:56:ad:70:c0:6a:f9:6d:6e:a3:c3:1a:6e:a7:99:11:d5:
         5a:6d:50:c6:6e:bf:4e:1c:bb:86:08:9d:6c:f4:de:54:66:34:
         c4:89:3d:be:1d:fb:df:46:78:36:8d:80:1c:f0:5a:f2:0a:8d:
         1b:45:cb:58:e4:79:61:e7:11:fd:f3:63:be:ce:5a:78:76:ce:
         e9:11:41:26:c0:03:88:1a:f2:21:35:68:71:1f:15:e7:ab:6d:
         af:22:b8:11:2a:a3:d3:db:46:82:8b:f4:79:26:5b:38:d9:f2:
         89:27:8c:bc:cf:c0:cd:53:f9:02:27:1d:33:c7:b6:90:08:a2:
         6d:dc:a9:26:b0:6d:7c:03:82:3f:94:04:3c:21:d8:f2:92:19:
         7e:99:76:69:5f:01:b1:f8:f5:27:55:25:c6:82:46:a3:bc:04:
         69:f8:36:c1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYjNVfydqxu/lPUKQ8p6c8YDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjE4MDcwOTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTMzOGIyY2IyYWU3ZmUyYjJiNThiZmQ2NThmMjFjOTM4ZWFlMDllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiI2JIv9WLK3JuZWaPHPO3/trKnxf
3tCzv2nXiD+qmvhJ832LrsQhwy8sKTnBMLN7dlUeZs2kN1fX+7g8N8n4rjbZ/EJM
ua1N6lieBP8f2ieWq5tft0LwNGgfBuh6UgUzr4SIOPjV4Fv4wX/JMtytwOBGknjw
7PJV344Y2eIjNJaVLaYjaDsUo3DRJmGcCa5FhHRlDsyquXDM84vcP9N4t0a1w28L
LQ3RMZ3hDVSs/w7+QA0yGKNyUuM6FITO0tRjn9V4BBS3UXOSrSpy0NTBvVCFF4kP
o/FKwPo4vyHBIVEiyL2lx297bKFUKdQQQUuGjJOgfLMxBV0a0KaIab39WQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMUziyyyrn/isrWL/WWPIck46uCeMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEveFRPTExMS3VmLUt5dFl2OVpZOGh5VGpxNEo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAkitRjM7nzl0KEbzhEf
Xes7rDXnE3S4ZrmQ+DTxRVS9ymO7oPUm8Svbckbt/BMepf/cTYWm5FRpHXAp5f5x
g9l3gBhXJWAkdEQpmART94xwBDTDd+onx/xypJP7Vq1wwGr5bW6jwxpup5kR1Vpt
UMZuv04cu4YInWz03lRmNMSJPb4d+99GeDaNgBzwWvIKjRtFy1jkeWHnEf3zY77O
Wnh2zukRQSbAA4ga8iE1aHEfFeerba8iuBEqo9PbRoKL9HkmWzjZ8oknjLzPwM1T
+QInHTPHtpAIom3cqSawbXwDgj+UBDwh2PKSGX6ZdmlfAbH49SdVJcaCRqO8BGn4
NsE=
-----END CERTIFICATE-----