Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xw5En89KUQxFA53BysUB3rbmtk8.roa
File:                     xw5En89KUQxFA53BysUB3rbmtk8.roa (raw, json)
Hash identifier:          bH7TH2gros+Y7YVyKfFzuX/eGY81CDwT5Wkt5cjDRP0=
Subject key identifier:   C7:0E:44:9F:CF:4A:51:0C:45:03:9D:C1:CA:C5:01:DE:B6:E6:B6:4F
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0189782794AA2DE99F751181A415D9C466C6
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xw5En89KUQxFA53BysUB3rbmtk8.roa
Signing time:             Fri 21 Jul 2023 11:13:26 +0000
ROA not before:           Fri 21 Jul 2023 11:13:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:78:27:94:aa:2d:e9:9f:75:11:81:a4:15:d9:c4:66:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 21 11:13:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c70e449fcf4a510c45039dc1cac501deb6e6b64f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:d5:4e:eb:ba:d4:6c:49:40:00:51:4f:8a:ce:
                    0f:5a:58:b7:79:db:d2:55:f7:45:4f:8c:75:14:39:
                    54:ce:6d:06:c3:80:1c:d4:7a:3f:a3:ae:78:f0:bf:
                    26:45:d1:00:1e:63:aa:53:78:a1:02:f4:9f:8b:ec:
                    7c:11:36:27:40:98:da:b9:a7:87:1f:85:5a:0f:92:
                    2c:db:ad:34:82:57:cd:d5:76:2b:0f:23:68:da:d2:
                    e1:3f:10:ca:5a:a2:82:f2:fe:85:56:22:cc:25:2f:
                    55:de:35:af:68:b5:97:6a:a7:61:4a:42:15:c8:87:
                    af:ca:e8:fc:a3:e6:0a:e3:f4:ef:47:94:e7:89:87:
                    5f:ee:18:58:ec:83:26:4a:eb:bd:95:b7:ed:bb:13:
                    0d:d0:b6:80:b2:13:72:92:0f:43:2c:49:4f:61:42:
                    2e:0d:26:47:48:28:0e:57:a6:49:b9:fb:28:8e:1e:
                    df:ce:71:9f:55:40:d8:97:a5:fd:d8:d1:52:5c:35:
                    40:97:a2:9f:59:fc:2e:ac:0e:ae:91:34:43:d7:02:
                    09:d6:68:b4:73:97:6a:33:2e:7f:32:6a:bf:eb:9c:
                    92:f8:9d:32:fc:b6:2a:b4:1d:e5:d7:4c:b2:8e:74:
                    21:ae:05:73:99:9d:60:03:38:f8:30:d2:18:d0:65:
                    59:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:0E:44:9F:CF:4A:51:0C:45:03:9D:C1:CA:C5:01:DE:B6:E6:B6:4F
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xw5En89KUQxFA53BysUB3rbmtk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a1:88:dd:42:6b:f7:2a:ea:4a:6e:c7:96:ff:c4:c3:eb:cf:99:
         8c:5a:a4:65:a9:92:38:96:26:c5:5d:55:b9:0a:aa:2c:19:52:
         17:1c:ee:6f:3d:0c:fe:bf:60:1e:23:74:98:02:c4:57:c8:b1:
         ef:3f:e6:a4:f1:78:6c:b7:d1:91:be:bc:c7:1b:e2:71:d6:78:
         38:1f:44:37:2f:b5:ec:b5:b0:8d:34:03:e3:01:f1:ae:ae:16:
         1c:e0:1c:2e:35:5e:9a:9e:bb:f1:84:66:05:e7:e0:fe:ba:ce:
         12:9d:51:13:cc:52:9c:df:28:93:31:1b:55:2c:07:5e:1b:93:
         63:e1:c7:f6:97:0d:c5:1e:ea:29:0f:db:a7:e8:07:2c:0e:26:
         eb:14:91:06:8c:6c:a7:cb:62:0f:c8:fd:22:27:ba:95:6c:6c:
         5a:08:c7:de:e1:c8:4d:d6:8c:03:fb:15:b6:ba:42:c5:29:c2:
         d6:87:2b:1f:1b:29:ee:b1:f3:4a:25:d2:a9:42:a1:1e:e2:d1:
         32:92:6e:4b:65:f1:f1:53:52:dd:8a:9c:3c:83:7b:33:1f:99:
         57:b8:92:67:04:fb:3f:0c:f6:fa:a7:fd:a0:7b:f1:92:04:6e:
         06:b3:a8:80:9e:16:dc:9f:ef:3a:94:f0:f3:64:21:91:bd:65:
         2c:cd:f4:20
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYl4J5SqLemfdRGBpBXZxGbGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzIxMTExMzI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzBlNDQ5ZmNmNGE1MTBjNDUwMzlkYzFjYWM1MDFkZWI2ZTZiNjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh9VO67rUbElAAFFPis4PWli3edvS
VfdFT4x1FDlUzm0Gw4Ac1Ho/o6548L8mRdEAHmOqU3ihAvSfi+x8ETYnQJjauaeH
H4VaD5Is2600glfN1XYrDyNo2tLhPxDKWqKC8v6FViLMJS9V3jWvaLWXaqdhSkIV
yIevyuj8o+YK4/TvR5TniYdf7hhY7IMmSuu9lbftuxMN0LaAshNykg9DLElPYUIu
DSZHSCgOV6ZJufsojh7fznGfVUDYl6X92NFSXDVAl6KfWfwurA6ukTRD1wIJ1mi0
c5dqMy5/Mmq/65yS+J0y/LYqtB3l10yyjnQhrgVzmZ1gAzj4MNIY0GVZywIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMcORJ/PSlEMRQOdwcrFAd625rZPMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEveHc1RW44OUtVUXhGQTUzQnlzVUIzcmJtdGs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKGI3UJr9yrqSm7Hlv/E
w+vPmYxapGWpkjiWJsVdVbkKqiwZUhcc7m89DP6/YB4jdJgCxFfIse8/5qTxeGy3
0ZG+vMcb4nHWeDgfRDcvtey1sI00A+MB8a6uFhzgHC41Xpqeu/GEZgXn4P66zhKd
URPMUpzfKJMxG1UsB14bk2Phx/aXDcUe6ikP26foBywOJusUkQaMbKfLYg/I/SIn
upVsbFoIx97hyE3WjAP7Fba6QsUpwtaHKx8bKe6x80ol0qlCoR7i0TKSbktl8fFT
Ut2KnDyDezMfmVe4kmcE+z8M9vqn/aB78ZIEbgazqICeFtyf7zqU8PNkIZG9ZSzN
9CA=
-----END CERTIFICATE-----