Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/z2K1_GxMUtJI0nZGGLrhUPoKfkw.roa
File:                     z2K1_GxMUtJI0nZGGLrhUPoKfkw.roa (raw, json)
Hash identifier:          zppIzauJmpm92q3uTH456peSRrGqoqjjzsY1kCQzAuY=
Subject key identifier:   CF:62:B5:FC:6C:4C:52:D2:48:D2:76:46:18:BA:E1:50:FA:0A:7E:4C
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018816BC28569111F96F27E7CA1288012963
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/z2K1_GxMUtJI0nZGGLrhUPoKfkw.roa
Signing time:             Sat 13 May 2023 20:10:09 +0000
ROA not before:           Sat 13 May 2023 20:10:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:16:bc:28:56:91:11:f9:6f:27:e7:ca:12:88:01:29:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 13 20:10:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cf62b5fc6c4c52d248d2764618bae150fa0a7e4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:96:5b:1b:08:ae:d1:f4:c3:fa:98:9b:30:a2:
                    dd:7d:c3:57:03:45:ab:ae:d9:5d:b7:53:95:5b:c4:
                    a6:e2:43:da:af:4b:5a:06:26:04:ad:82:4d:2c:bc:
                    a2:49:d9:cb:70:3d:f7:57:7b:e7:37:61:b6:95:69:
                    1e:8d:20:5a:fe:2f:7c:1f:79:b1:ee:b0:9a:44:5a:
                    cd:64:01:93:97:c2:c0:42:81:8d:81:9a:7b:5c:2f:
                    52:58:64:1f:0a:2d:2a:c7:69:14:50:36:22:52:34:
                    8d:07:d7:c4:a5:c1:a7:9d:dc:11:8a:76:81:5a:fe:
                    29:54:d7:49:45:b6:6d:a2:aa:1f:e8:6b:66:09:2c:
                    8a:03:de:fc:91:6c:c3:9e:1a:82:88:20:77:e5:26:
                    75:f0:ff:da:80:02:2d:40:64:a1:dd:ee:8b:94:d7:
                    db:24:98:1e:b2:6a:04:a6:72:b1:31:63:72:d4:84:
                    3b:f5:f7:4c:76:2f:8d:0d:69:e2:e4:50:1e:86:5b:
                    7e:e4:3e:7c:24:93:de:14:d2:77:40:0b:95:ba:eb:
                    a4:9f:2e:94:7e:bc:ac:8d:87:3f:dc:a6:86:b3:31:
                    1a:ca:b7:15:99:c5:04:a3:ee:cc:74:40:2d:5a:ae:
                    06:e6:97:84:92:56:ed:fd:31:27:4a:78:a3:cc:c0:
                    ed:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:62:B5:FC:6C:4C:52:D2:48:D2:76:46:18:BA:E1:50:FA:0A:7E:4C
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/z2K1_GxMUtJI0nZGGLrhUPoKfkw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         73:2c:a2:98:6e:d1:b7:84:de:c0:ad:31:e5:02:73:9c:4e:6c:
         df:c9:1a:d3:ef:86:7c:c3:3d:6f:db:5b:59:af:1d:8e:f3:b7:
         c5:66:d4:1d:be:f4:ec:17:21:e7:28:aa:a3:95:43:90:fd:2b:
         3b:38:00:45:54:7d:8d:05:ee:e1:30:a3:63:78:5f:a0:4e:da:
         7b:8f:14:d5:47:18:35:ec:3d:a5:64:53:07:8a:e9:87:70:8d:
         ba:47:0e:01:0d:6d:97:c8:b1:ef:2e:e9:c4:ef:ea:2d:61:74:
         6c:fd:34:eb:d7:9c:7f:a1:80:2b:63:cc:48:e0:37:47:59:db:
         06:2c:0f:66:dc:32:05:fb:71:6f:91:24:e3:ca:7c:72:66:fd:
         53:27:e6:96:8e:01:30:eb:25:ea:a6:62:92:c8:30:d1:c2:d8:
         5c:97:02:53:72:28:f5:d4:93:8c:17:68:89:06:05:df:18:12:
         81:55:3e:5a:2d:27:8f:1e:b5:cb:a8:96:65:56:db:f8:10:43:
         cf:ac:a6:38:4b:3a:b5:41:b4:8e:cc:dc:5c:dc:95:0b:4b:46:
         58:2d:c2:38:b1:b8:40:1c:30:d6:fb:17:08:45:8b:7d:a1:7a:
         c5:24:a4:9d:b7:5c:05:a4:b0:b3:83:b0:90:5c:05:a1:fd:64:
         7d:5c:55:da
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgWvChWkRH5byfnyhKIASljMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTEzMjAxMDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjYyYjVmYzZjNGM1MmQyNDhkMjc2NDYxOGJhZTE1MGZhMGE3ZTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJZbGwiu0fTD+pibMKLdfcNXA0Wr
rtldt1OVW8Sm4kPar0taBiYErYJNLLyiSdnLcD33V3vnN2G2lWkejSBa/i98H3mx
7rCaRFrNZAGTl8LAQoGNgZp7XC9SWGQfCi0qx2kUUDYiUjSNB9fEpcGnndwRinaB
Wv4pVNdJRbZtoqof6GtmCSyKA978kWzDnhqCiCB35SZ18P/agAItQGSh3e6LlNfb
JJgesmoEpnKxMWNy1IQ79fdMdi+NDWni5FAehlt+5D58JJPeFNJ3QAuVuuukny6U
frysjYc/3KaGszEayrcVmcUEo+7MdEAtWq4G5peEklbt/TEnSnijzMDtmwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFM9itfxsTFLSSNJ2Rhi64VD6Cn5MMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvejJLMV9HeE1VdEpJMG5aR0dMcmhVUG9LZmt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHMsophu0beE3sCtMeUC
c5xObN/JGtPvhnzDPW/bW1mvHY7zt8Vm1B2+9OwXIecoqqOVQ5D9Kzs4AEVUfY0F
7uEwo2N4X6BO2nuPFNVHGDXsPaVkUweK6YdwjbpHDgENbZfIse8u6cTv6i1hdGz9
NOvXnH+hgCtjzEjgN0dZ2wYsD2bcMgX7cW+RJOPKfHJm/VMn5paOATDrJeqmYpLI
MNHC2FyXAlNyKPXUk4wXaIkGBd8YEoFVPlotJ48etcuolmVW2/gQQ8+spjhLOrVB
tI7M3FzclQtLRlgtwjixuEAcMNb7FwhFi32hesUkpJ23XAWksLODsJBcBaH9ZH1c
Vdo=
-----END CERTIFICATE-----