Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-mfrXwwzCrqF_fgHGgdl3hnfW-o.roa
File:                     1-mfrXwwzCrqF_fgHGgdl3hnfW-o.roa (raw, json)
Hash identifier:          aXnsjrp/esD42hSEqw9GZqv4UZqeIxcXPeds63FM1/s=
Subject key identifier:   FA:67:EB:5F:0C:33:0A:BA:85:FD:F8:07:1A:07:65:DE:19:DF:5B:EA
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188A0115C21C234E202724F2A84A6416BC1
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-mfrXwwzCrqF_fgHGgdl3hnfW-o.roa
Signing time:             Fri 09 Jun 2023 12:11:12 +0000
ROA not before:           Fri 09 Jun 2023 12:11:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:a0:11:5c:21:c2:34:e2:02:72:4f:2a:84:a6:41:6b:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  9 12:11:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fa67eb5f0c330aba85fdf8071a0765de19df5bea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:07:19:a1:90:3a:8b:46:b0:59:ad:47:ad:f9:
                    28:f2:01:af:a8:af:7b:fd:8c:9d:65:d9:3f:2c:f4:
                    eb:a3:19:94:e9:0d:3b:c6:a0:77:4c:1b:47:27:52:
                    8d:e5:11:8a:b9:40:a0:d2:7f:a9:c2:09:b7:6d:b3:
                    fd:88:f2:8c:6c:03:6f:c4:ff:25:a0:17:9e:fb:52:
                    96:8d:c1:1b:57:71:8f:70:5b:80:a1:72:93:34:7b:
                    ba:93:29:12:6d:6b:26:bd:8f:d3:25:58:ca:8a:3b:
                    41:38:85:a4:0d:10:d5:d6:83:c7:33:b8:c8:19:f7:
                    33:33:60:aa:8a:7a:3d:2b:d9:c1:07:8b:7a:9a:07:
                    fe:54:e4:f6:f7:3e:33:0a:0e:2a:0a:94:e7:0a:2e:
                    3d:15:43:a1:b0:7a:4e:e8:8b:8a:ca:6c:52:d7:7e:
                    be:72:11:ae:ca:14:50:74:29:e6:49:62:67:1f:f3:
                    8a:07:2c:76:3b:e9:08:a3:90:aa:fd:fe:f2:9d:01:
                    1f:51:2f:40:98:1e:fb:12:af:1e:48:f7:86:76:1b:
                    e9:2c:59:e7:aa:e7:59:5c:ab:ec:20:21:c7:af:45:
                    5a:e0:4c:56:33:f5:ad:17:6a:ce:66:7d:d4:a4:f4:
                    0b:bd:ea:7a:ae:56:9d:41:fe:3b:2c:b0:fc:c6:17:
                    7e:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:67:EB:5F:0C:33:0A:BA:85:FD:F8:07:1A:07:65:DE:19:DF:5B:EA
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-mfrXwwzCrqF_fgHGgdl3hnfW-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         67:bc:71:23:5a:2b:07:20:9e:5b:29:94:6d:7b:3a:9a:07:71:
         ff:a1:d4:53:7c:46:0d:e7:52:f5:49:c9:8a:4c:18:78:06:66:
         b5:11:0e:9d:c4:58:17:50:45:f7:1d:24:f3:e8:db:67:b3:a5:
         ad:0e:e4:44:d1:8b:56:f3:df:70:bd:a2:5b:ce:99:88:c7:f8:
         c1:45:b1:ba:29:ad:f2:6a:44:b8:83:f9:55:99:1d:74:4d:92:
         cb:c8:bd:a6:0f:20:74:a5:98:f4:5d:01:45:92:06:7c:d7:8d:
         da:83:23:00:5c:00:63:43:8c:51:16:df:6c:4c:d0:fc:cc:a0:
         26:64:bc:51:9a:a6:1a:dc:eb:b3:75:6b:71:24:9d:c5:16:61:
         d8:c8:12:0e:e4:aa:ea:db:78:d8:07:61:ae:67:94:43:82:c1:
         1b:f8:22:60:8e:25:44:30:e9:3f:1b:df:bc:4e:bb:e1:da:a8:
         1c:5f:fa:47:82:89:6a:c1:81:0a:e4:cc:b6:27:23:31:b4:9f:
         c2:bc:cc:e1:6e:e7:92:c5:b3:ef:b4:05:a8:ee:31:27:31:62:
         2c:c8:30:27:6d:21:6f:1b:67:a6:7c:94:8e:06:28:ec:33:18:
         f0:9e:39:6c:fe:0a:ea:04:c2:97:db:1f:26:cd:50:57:37:e7:
         28:c5:c3:be
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYigEVwhwjTiAnJPKoSmQWvBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA5MTIxMTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTY3ZWI1ZjBjMzMwYWJhODVmZGY4MDcxYTA3NjVkZTE5ZGY1YmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjgcZoZA6i0awWa1Hrfko8gGvqK97
/YydZdk/LPTroxmU6Q07xqB3TBtHJ1KN5RGKuUCg0n+pwgm3bbP9iPKMbANvxP8l
oBee+1KWjcEbV3GPcFuAoXKTNHu6kykSbWsmvY/TJVjKijtBOIWkDRDV1oPHM7jI
GfczM2Cqino9K9nBB4t6mgf+VOT29z4zCg4qCpTnCi49FUOhsHpO6IuKymxS136+
chGuyhRQdCnmSWJnH/OKByx2O+kIo5Cq/f7ynQEfUS9AmB77Eq8eSPeGdhvpLFnn
qudZXKvsICHHr0Va4ExWM/WtF2rOZn3UpPQLvep6rladQf47LLD8xhd+qwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPpn618MMwq6hf34BxoHZd4Z31vqMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMS1tZnJYd3d6Q3JxRl9mZ0hHZ2RsM2huZlctby5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNWUvNzk4NDQ3LTIxZjQtNDVhYi05OWRjLTFhYmUzYWMxMGFh
Ni8xL2NnUjc0VnNuV1FMYzloZmNQUTRXM0I4d2dDSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAwBggrBgEFBQcBBwEB/wQhMB8wDAQCAAEwBgMEA8EAGDAP
BAIAAjAJAwcAIAEGfABkMA0GCSqGSIb3DQEBCwUAA4IBAQBnvHEjWisHIJ5bKZRt
ezqaB3H/odRTfEYN51L1ScmKTBh4Bma1EQ6dxFgXUEX3HSTz6Ntns6WtDuRE0YtW
899wvaJbzpmIx/jBRbG6Ka3yakS4g/lVmR10TZLLyL2mDyB0pZj0XQFFkgZ8143a
gyMAXABjQ4xRFt9sTND8zKAmZLxRmqYa3OuzdWtxJJ3FFmHYyBIO5Krq23jYB2Gu
Z5RDgsEb+CJgjiVEMOk/G9+8Trvh2qgcX/pHgolqwYEK5My2JyMxtJ/CvMzhbueS
xbPvtAWo7jEnMWIsyDAnbSFvG2emfJSOBijsMxjwnjls/grqBMKX2x8mzVBXN+co
xcO+
-----END CERTIFICATE-----