Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/0RQsTqD5K1_MMcl9M-aR9qKauAY.roa
File:                     0RQsTqD5K1_MMcl9M-aR9qKauAY.roa (raw, json)
Hash identifier:          AV8YRNmQqH/YEvgCm0hl0sRajn+pWkrVqQqk3wcov0o=
Subject key identifier:   D1:14:2C:4E:A0:F9:2B:5F:CC:31:C9:7D:33:E6:91:F6:A2:9A:B8:06
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188E1EBA5637FCB9138A305EA55730991CF
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/0RQsTqD5K1_MMcl9M-aR9qKauAY.roa
Signing time:             Thu 22 Jun 2023 07:04:56 +0000
ROA not before:           Thu 22 Jun 2023 07:04:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:188:e1eb:30f3/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:e1:eb:a5:63:7f:cb:91:38:a3:05:ea:55:73:09:91:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 22 07:04:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d1142c4ea0f92b5fcc31c97d33e691f6a29ab806
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:2d:27:68:0a:37:8a:2e:ce:d1:1c:63:78:d0:
                    71:6c:25:f0:76:d0:2e:6c:f2:ed:df:f4:e0:5f:1a:
                    17:16:cd:11:3d:d6:b0:ac:55:14:7a:a1:0f:0a:be:
                    73:7e:c0:3b:eb:51:ce:fb:da:33:4e:02:e7:5a:18:
                    26:5a:ef:8d:eb:6b:7e:7b:04:f0:90:83:8d:dd:7a:
                    e5:5e:cb:77:1a:ef:18:1e:d2:0b:f8:cd:9e:39:6a:
                    07:76:af:28:32:91:c1:b3:72:3e:86:29:ff:90:12:
                    88:53:da:0f:72:b6:e7:98:00:29:f5:ce:bf:b9:8a:
                    32:ce:b7:1a:ca:7b:b8:eb:ea:ee:e0:d0:2c:e4:f2:
                    88:b6:8d:4f:b3:f8:f7:de:ab:4e:d1:e5:34:9b:e5:
                    9a:7a:60:f5:4d:35:fc:ff:21:41:ed:ca:db:15:a9:
                    a7:f0:d0:32:b5:09:b8:a6:db:3e:52:ba:49:25:df:
                    00:5e:c2:b4:8b:de:86:a7:ab:96:d1:c0:90:3e:b0:
                    03:7e:8a:17:17:fb:e0:6a:21:54:ee:9b:11:a0:ea:
                    64:5e:0a:fe:04:47:e1:46:6b:03:86:cb:33:57:87:
                    f6:fb:4e:31:4c:6e:84:a9:4f:87:52:38:bc:1a:ef:
                    f8:ab:be:bb:87:01:e5:bc:3b:bf:d0:41:b6:ef:99:
                    80:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:14:2C:4E:A0:F9:2B:5F:CC:31:C9:7D:33:E6:91:F6:A2:9A:B8:06
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/0RQsTqD5K1_MMcl9M-aR9qKauAY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:8d:88:ed:e3:ea:38:dd:98:65:f4:d0:60:98:c1:61:f5:a6:
         cd:04:69:5c:55:f2:0c:f5:03:43:f4:9b:df:19:f0:0d:ac:8f:
         e2:a7:58:0d:3f:38:65:0f:76:ac:c1:27:95:6b:d0:86:88:e7:
         5f:72:cf:91:ae:13:2a:49:17:98:65:83:8a:9b:92:55:a7:08:
         c8:ed:20:28:4d:6c:17:35:1f:52:cd:dc:cf:5e:e9:89:95:67:
         33:74:70:2c:b3:5f:67:f0:61:50:ba:0b:9a:cd:31:f1:c1:d5:
         87:a2:05:13:70:9f:92:1e:b8:56:67:90:4c:e3:59:db:54:f6:
         9b:4e:89:e3:72:f6:99:de:d1:2b:5d:b6:46:e9:81:d7:4c:c3:
         0f:4e:ba:e2:80:be:72:6f:3d:31:84:c2:e7:74:0e:d2:7d:4c:
         f1:9c:fe:4b:e8:04:ed:57:fd:54:d3:97:96:7c:fc:bb:53:ad:
         5c:f0:d3:b4:6a:4b:6e:4f:f5:4c:a7:2d:9f:ea:b4:be:3c:12:
         d7:a2:f0:64:11:26:4f:64:38:29:7e:29:d2:cc:85:5b:ef:40:
         10:cc:6a:b3:2e:8e:0d:ac:ae:96:b0:37:ae:93:26:f0:7b:b8:
         19:61:dc:21:b7:d0:70:e8:f7:37:18:84:a8:47:31:1c:cd:90:
         ff:8b:e3:66
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYjh66Vjf8uROKMF6lVzCZHPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjIyMDcwNDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTE0MmM0ZWEwZjkyYjVmY2MzMWM5N2QzM2U2OTFmNmEyOWFiODA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2y0naAo3ii7O0RxjeNBxbCXwdtAu
bPLt3/TgXxoXFs0RPdawrFUUeqEPCr5zfsA761HO+9ozTgLnWhgmWu+N62t+ewTw
kION3XrlXst3Gu8YHtIL+M2eOWoHdq8oMpHBs3I+hin/kBKIU9oPcrbnmAAp9c6/
uYoyzrcaynu46+ru4NAs5PKIto1Ps/j33qtO0eU0m+WaemD1TTX8/yFB7crbFamn
8NAytQm4pts+UrpJJd8AXsK0i96Gp6uW0cCQPrADfooXF/vgaiFU7psRoOpkXgr+
BEfhRmsDhsszV4f2+04xTG6EqU+HUji8Gu/4q767hwHlvDu/0EG275mA5QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNEULE6g+StfzDHJfTPmkfaimrgGMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMFJRc1RxRDVLMV9NTWNsOU0tYVI5cUthdUFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFGNiO3j6jjdmGX00GCY
wWH1ps0EaVxV8gz1A0P0m98Z8A2sj+KnWA0/OGUPdqzBJ5Vr0IaI519yz5GuEypJ
F5hlg4qbklWnCMjtIChNbBc1H1LN3M9e6YmVZzN0cCyzX2fwYVC6C5rNMfHB1Yei
BRNwn5IeuFZnkEzjWdtU9ptOieNy9pne0StdtkbpgddMww9OuuKAvnJvPTGEwud0
DtJ9TPGc/kvoBO1X/VTTl5Z8/LtTrVzw07RqS25P9UynLZ/qtL48Etei8GQRJk9k
OCl+KdLMhVvvQBDMarMujg2srpawN66TJvB7uBlh3CG30HDo9zcYhKhHMRzNkP+L
42Y=
-----END CERTIFICATE-----