Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/zDxHiYKBgEhMAnBWT57avFsQIsA.roa
File:                     zDxHiYKBgEhMAnBWT57avFsQIsA.roa (raw, json)
Hash identifier:          qHQ8goPJiXNhKhMPOggEblsZhn+WYH5rxZ4KicoLj3g=
Subject key identifier:   CC:3C:47:89:82:81:80:48:4C:02:70:56:4F:9E:DA:BC:5B:10:22:C0
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188A4237A72BB259196B210D49E1C31C67F
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/zDxHiYKBgEhMAnBWT57avFsQIsA.roa
Signing time:             Sat 10 Jun 2023 07:09:28 +0000
ROA not before:           Sat 10 Jun 2023 07:09:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:a4:23:7a:72:bb:25:91:96:b2:10:d4:9e:1c:31:c6:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 10 07:09:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cc3c4789828180484c0270564f9edabc5b1022c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ec:6f:15:82:e1:cd:08:06:8d:f7:ae:4e:7f:
                    8e:2e:2a:fa:db:6d:15:16:0b:66:5d:1b:10:1b:b2:
                    f7:be:d7:9b:e5:14:1c:af:45:62:16:43:73:17:78:
                    26:48:3c:b3:c5:d7:71:41:f2:a3:6f:7b:25:54:1f:
                    dd:2a:e9:f4:da:e5:ee:b9:dd:ac:1e:2c:2f:5f:71:
                    82:d2:a0:fd:6d:d0:d2:8f:34:bb:3a:1b:58:27:04:
                    b4:2b:7f:bf:9f:64:e3:c1:7b:1b:a9:1c:fd:35:52:
                    39:19:e5:df:d0:11:df:88:97:c0:d5:59:93:97:7b:
                    db:71:37:fe:72:7a:34:23:0c:d2:5f:c7:25:d0:b2:
                    57:7f:b9:bd:5a:d1:28:bf:e2:56:16:97:cb:f5:a1:
                    9d:ea:d5:11:a5:bf:09:9a:8e:9f:0d:91:ba:5d:f6:
                    70:3d:54:13:0a:5e:62:69:91:fa:86:35:44:28:6f:
                    c3:be:9c:61:0e:95:7b:b3:b6:12:0f:2d:23:57:54:
                    22:25:e5:5c:bf:7f:33:d2:5e:d0:35:1d:35:85:44:
                    72:01:bd:23:21:3b:4a:f1:fa:7b:b4:ca:59:77:8a:
                    80:cd:47:c9:d3:8c:48:9f:54:ba:97:45:ef:fd:5a:
                    50:a3:87:cc:06:80:23:24:b5:65:e9:95:7b:ec:18:
                    20:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:3C:47:89:82:81:80:48:4C:02:70:56:4F:9E:DA:BC:5B:10:22:C0
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/zDxHiYKBgEhMAnBWT57avFsQIsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         b1:1e:74:cf:ab:88:a1:75:56:cb:0a:46:7d:d8:a5:21:d9:75:
         a6:a5:f8:de:5a:1f:1f:75:dc:92:4b:99:95:88:36:ea:3a:cd:
         09:f6:d1:56:1d:44:2b:4b:89:c7:4d:27:1b:39:90:d5:e5:82:
         f3:3d:f6:13:31:88:3f:88:3b:4e:d5:a8:10:ab:22:b8:a2:f2:
         2c:e1:b4:4e:5a:a3:91:df:1b:17:aa:e4:51:27:f0:4c:d9:55:
         77:8e:0d:3e:fc:fb:aa:de:27:78:2f:74:fe:4a:88:cd:e2:25:
         99:d7:34:17:f2:c4:1a:87:dc:5f:6e:d3:e0:50:43:54:87:5e:
         e9:fd:14:94:eb:aa:18:c7:fe:ea:a8:31:18:ce:85:bb:31:35:
         a5:95:6f:01:41:b4:f6:91:e5:7a:4d:c8:cd:5f:f3:ac:31:99:
         d9:c3:84:a2:bc:35:ad:dd:28:00:66:78:66:99:05:be:5c:f8:
         86:4d:64:ec:42:90:29:b2:6e:24:9d:6c:b4:28:84:1e:d3:d4:
         36:e5:cd:9d:2a:e9:cc:a2:5d:35:2b:31:23:05:29:f7:9a:86:
         a9:90:48:7c:27:57:7a:6b:1c:69:10:70:89:ec:d2:12:e7:ee:
         ce:42:74:2f:b2:e0:d9:49:c9:40:5e:d5:2a:34:f2:c2:63:98:
         aa:38:6d:53
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYikI3pyuyWRlrIQ1J4cMcZ/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjEwMDcwOTI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzNjNDc4OTgyODE4MDQ4NGMwMjcwNTY0ZjllZGFiYzViMTAyMmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAouxvFYLhzQgGjfeuTn+OLir6220V
FgtmXRsQG7L3vteb5RQcr0ViFkNzF3gmSDyzxddxQfKjb3slVB/dKun02uXuud2s
HiwvX3GC0qD9bdDSjzS7OhtYJwS0K3+/n2TjwXsbqRz9NVI5GeXf0BHfiJfA1VmT
l3vbcTf+cno0IwzSX8cl0LJXf7m9WtEov+JWFpfL9aGd6tURpb8Jmo6fDZG6XfZw
PVQTCl5iaZH6hjVEKG/DvpxhDpV7s7YSDy0jV1QiJeVcv38z0l7QNR01hURyAb0j
ITtK8fp7tMpZd4qAzUfJ04xIn1S6l0Xv/VpQo4fMBoAjJLVl6ZV77BggkQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMw8R4mCgYBITAJwVk+e2rxbECLAMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvekR4SGlZS0JnRWhNQW5CV1Q1N2F2RnNRSXNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBALEedM+riKF1VssKRn3Y
pSHZdaal+N5aHx913JJLmZWINuo6zQn20VYdRCtLicdNJxs5kNXlgvM99hMxiD+I
O07VqBCrIrii8izhtE5ao5HfGxeq5FEn8EzZVXeODT78+6reJ3gvdP5KiM3iJZnX
NBfyxBqH3F9u0+BQQ1SHXun9FJTrqhjH/uqoMRjOhbsxNaWVbwFBtPaR5XpNyM1f
86wxmdnDhKK8Na3dKABmeGaZBb5c+IZNZOxCkCmybiSdbLQohB7T1DblzZ0q6cyi
XTUrMSMFKfeahqmQSHwnV3prHGkQcIns0hLn7s5CdC+y4NlJyUBe1So08sJjmKo4
bVM=
-----END CERTIFICATE-----