Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xmrrDSaePDCPTqXc8mvFZPFHJxc.roa
File:                     xmrrDSaePDCPTqXc8mvFZPFHJxc.roa (raw, json)
Hash identifier:          b62ha9YVv7j6BFbvsLGSI/1VImXVTpDYjdk5Bpj8XCM=
Subject key identifier:   C6:6A:EB:0D:26:9E:3C:30:8F:4E:A5:DC:F2:6B:C5:64:F1:47:27:17
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01897638482BE6E214FDA851FE3B771E2FB4
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xmrrDSaePDCPTqXc8mvFZPFHJxc.roa
Signing time:             Fri 21 Jul 2023 02:12:27 +0000
ROA not before:           Fri 21 Jul 2023 02:12:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:76:38:48:2b:e6:e2:14:fd:a8:51:fe:3b:77:1e:2f:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 21 02:12:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c66aeb0d269e3c308f4ea5dcf26bc564f1472717
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:4c:e0:0a:6f:45:2f:42:c3:67:80:c1:2b:cc:
                    9d:d6:ef:4e:1f:64:3d:6b:19:0b:bb:de:61:eb:88:
                    71:a1:55:a0:3f:ec:a6:9c:d6:fa:c2:b8:2c:a1:f4:
                    da:fe:29:f7:94:aa:b0:82:bb:dc:aa:00:f7:9f:b4:
                    2a:4b:5e:79:3c:8c:a7:14:f3:93:74:ac:eb:49:95:
                    5c:d2:8e:b2:85:2a:09:db:4c:01:56:17:22:f7:3b:
                    c9:4a:2a:56:12:2f:c5:96:a5:7d:7b:97:d0:d3:61:
                    21:69:59:7b:2a:30:3b:3f:ee:33:b5:5a:36:9d:3f:
                    c9:62:b9:2e:72:b1:03:d7:0d:92:96:cb:94:e2:fa:
                    be:a0:4d:58:20:2e:75:57:ae:2d:21:83:b2:bc:3d:
                    3e:2d:d2:5d:2b:cf:53:87:5f:d0:aa:df:10:b4:8e:
                    fa:8f:d8:3d:be:0d:94:17:3c:7c:39:58:93:56:6f:
                    aa:03:4d:38:55:93:cd:b8:32:27:e6:0b:94:6b:bb:
                    42:e9:24:21:25:9f:5a:d7:ae:47:45:cc:01:83:9c:
                    66:d3:ea:c5:8c:43:cd:eb:5b:a2:ba:63:09:f0:3b:
                    74:28:a7:e1:21:e4:2a:ed:13:cc:49:9f:69:49:07:
                    c6:cc:57:55:0d:9d:3e:80:8e:20:ec:21:93:e3:8f:
                    b1:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:6A:EB:0D:26:9E:3C:30:8F:4E:A5:DC:F2:6B:C5:64:F1:47:27:17
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xmrrDSaePDCPTqXc8mvFZPFHJxc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2b:0a:dd:6a:23:66:13:1f:e3:7e:de:93:f4:22:3b:14:36:4b:
         d0:80:6c:c4:b5:85:3a:d0:7a:35:4e:ed:3b:20:9a:6c:22:94:
         28:5a:c3:bf:4f:11:17:3f:c0:48:b3:8a:25:2b:f4:90:24:36:
         01:45:3e:59:ce:0f:20:f6:90:a1:71:40:2f:97:30:66:d5:0d:
         cf:50:f6:3b:e7:eb:cd:e1:62:a8:1d:f6:51:3f:48:ef:4b:46:
         b4:00:c0:d7:e9:89:43:58:31:fd:c1:5b:6b:79:fe:03:b6:95:
         7b:31:e8:7e:1c:c9:04:32:1c:0a:83:f4:08:3a:1a:10:43:93:
         6f:bb:77:35:57:d0:ef:e3:4b:77:74:8d:ac:61:76:d5:c7:e6:
         8c:1f:d1:6c:c2:dd:dc:49:fd:50:8f:cc:42:5f:c9:c3:8e:87:
         44:08:16:af:a7:b9:d5:4f:70:a9:e9:2d:0c:17:db:e1:ad:00:
         d8:2c:13:d0:f3:c8:00:01:ed:25:cf:de:51:5f:06:ff:0a:96:
         e0:71:2a:4d:88:9c:6a:83:e4:2c:99:c9:ae:7b:2f:e2:b7:91:
         87:44:bd:d9:73:e2:ef:00:06:3a:b9:d2:57:5e:9f:62:fc:1a:
         bb:b9:11:64:cf:5c:d0:82:a0:bf:86:a7:48:0b:88:4b:d3:83:
         b6:bb:b6:38
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYl2OEgr5uIU/ahR/jt3Hi+0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzIxMDIxMjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjZhZWIwZDI2OWUzYzMwOGY0ZWE1ZGNmMjZiYzU2NGYxNDcyNzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoUzgCm9FL0LDZ4DBK8yd1u9OH2Q9
axkLu95h64hxoVWgP+ymnNb6wrgsofTa/in3lKqwgrvcqgD3n7QqS155PIynFPOT
dKzrSZVc0o6yhSoJ20wBVhci9zvJSipWEi/FlqV9e5fQ02EhaVl7KjA7P+4ztVo2
nT/JYrkucrED1w2SlsuU4vq+oE1YIC51V64tIYOyvD0+LdJdK89Th1/Qqt8QtI76
j9g9vg2UFzx8OViTVm+qA004VZPNuDIn5guUa7tC6SQhJZ9a165HRcwBg5xm0+rF
jEPN61uiumMJ8Dt0KKfhIeQq7RPMSZ9pSQfGzFdVDZ0+gI4g7CGT44+xbQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMZq6w0mnjwwj06l3PJrxWTxRycXMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEveG1yckRTYWVQRENQVHFYYzhtdkZaUEZISnhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACsK3WojZhMf437ek/Qi
OxQ2S9CAbMS1hTrQejVO7TsgmmwilChaw79PERc/wEiziiUr9JAkNgFFPlnODyD2
kKFxQC+XMGbVDc9Q9jvn683hYqgd9lE/SO9LRrQAwNfpiUNYMf3BW2t5/gO2lXsx
6H4cyQQyHAqD9Ag6GhBDk2+7dzVX0O/jS3d0jaxhdtXH5owf0WzC3dxJ/VCPzEJf
ycOOh0QIFq+nudVPcKnpLQwX2+GtANgsE9DzyAAB7SXP3lFfBv8KluBxKk2InGqD
5CyZya57L+K3kYdEvdlz4u8ABjq50lden2L8Gru5EWTPXNCCoL+Gp0gLiEvTg7a7
tjg=
-----END CERTIFICATE-----