Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1UDKZIzRZwzl3r3LMWaKybRq9K8.roa
File:                     1UDKZIzRZwzl3r3LMWaKybRq9K8.roa (raw, json)
Hash identifier:          usFj/5xlHWYRRiZl2XwGOwE/h6nsYTLVb/1trBBqD04=
Subject key identifier:   D5:40:CA:64:8C:D1:67:0C:E5:DE:BD:CB:31:66:8A:C9:B4:6A:F4:AF
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188D8117C479B16DBD6D55DD0CDDFB983F3
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1UDKZIzRZwzl3r3LMWaKybRq9K8.roa
Signing time:             Tue 20 Jun 2023 09:10:04 +0000
ROA not before:           Tue 20 Jun 2023 09:10:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:d8:11:7c:47:9b:16:db:d6:d5:5d:d0:cd:df:b9:83:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 20 09:10:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d540ca648cd1670ce5debdcb31668ac9b46af4af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:17:6c:61:b4:67:ee:f0:3e:9c:0b:38:18:62:
                    6f:3d:d1:29:39:0f:4a:e9:58:8a:4f:3f:b9:74:dd:
                    66:09:8e:b6:1f:b7:1e:2f:94:48:d0:2b:1f:28:56:
                    5f:61:2b:7a:23:f2:06:ec:9d:b5:9c:25:fa:b8:3c:
                    fb:42:14:92:3d:8d:a2:f1:6e:d9:87:c6:6f:70:51:
                    15:d7:55:fe:0c:3f:ec:7d:30:aa:f3:6a:2d:22:1a:
                    8d:4e:7b:13:66:11:26:ae:ee:c7:05:78:8e:97:87:
                    ac:b0:0f:cc:35:5e:a3:80:00:fb:26:b8:9c:22:87:
                    0e:92:2b:7c:31:89:b8:ee:69:73:c5:22:2b:dd:99:
                    72:90:a1:4e:5f:a5:3e:e5:aa:ab:b2:f9:74:ae:f5:
                    4a:be:11:5d:47:19:71:a5:bb:55:b9:c1:8b:0b:9e:
                    f7:97:46:ef:41:ee:72:9e:3e:c5:7c:39:95:7c:72:
                    a5:10:2b:32:f5:f8:f8:f9:b0:03:44:3d:f7:4e:ab:
                    e3:66:8f:b1:b8:0c:cb:ab:99:6a:22:6d:5c:19:01:
                    14:91:9a:5a:43:8d:fc:00:c3:53:85:99:8b:2b:42:
                    fa:76:f9:11:fe:03:e1:27:b3:fc:65:1c:8b:58:20:
                    95:0e:97:cb:ee:b5:19:e4:0f:3f:6e:3a:0d:b9:20:
                    7b:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:40:CA:64:8C:D1:67:0C:E5:DE:BD:CB:31:66:8A:C9:B4:6A:F4:AF
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1UDKZIzRZwzl3r3LMWaKybRq9K8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         1b:ea:00:bb:4a:12:0b:95:53:ba:5e:2b:37:9d:28:98:c6:94:
         e6:3d:1c:8b:46:98:d0:25:40:d0:17:63:4c:8e:68:f5:79:f5:
         b2:4a:84:e7:47:3b:32:5c:9e:49:64:84:1c:e5:9b:90:d4:9f:
         ce:b5:7c:7f:f0:2a:75:ce:21:9d:36:0e:44:92:82:f3:4d:71:
         fd:44:00:10:37:2e:a0:c4:c9:54:5b:c3:f6:a7:c9:fc:d8:c1:
         a2:54:0a:7f:8c:f0:52:a8:e0:04:be:6f:0a:83:43:c6:9d:ff:
         d3:72:c5:ce:c7:d7:42:b3:a7:a0:db:73:8d:e3:1e:b9:74:3b:
         11:7d:e5:a4:a2:68:69:f6:eb:ea:b6:aa:36:24:1f:ac:80:2d:
         ba:9a:73:a8:01:f0:7b:37:f7:0d:01:33:be:be:80:f1:c9:00:
         6b:af:5d:89:c0:9a:65:a4:c1:ee:9e:14:bd:04:6e:67:ae:e4:
         7d:ab:ec:36:36:5e:e0:05:11:25:00:75:51:a7:24:50:0b:53:
         ff:b6:09:50:c9:43:3f:23:36:88:32:74:77:fc:b0:0b:15:32:
         31:b9:d6:5f:60:ff:fd:c2:6f:cd:31:5e:35:02:49:8e:bd:60:
         c1:fc:6d:a1:2b:12:78:10:9b:a6:e3:85:3c:52:88:c8:10:e6:
         f8:87:6f:71
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYjYEXxHmxbb1tVd0M3fuYPzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjIwMDkxMDA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTQwY2E2NDhjZDE2NzBjZTVkZWJkY2IzMTY2OGFjOWI0NmFmNGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjRdsYbRn7vA+nAs4GGJvPdEpOQ9K
6ViKTz+5dN1mCY62H7ceL5RI0CsfKFZfYSt6I/IG7J21nCX6uDz7QhSSPY2i8W7Z
h8ZvcFEV11X+DD/sfTCq82otIhqNTnsTZhEmru7HBXiOl4essA/MNV6jgAD7Jric
IocOkit8MYm47mlzxSIr3ZlykKFOX6U+5aqrsvl0rvVKvhFdRxlxpbtVucGLC573
l0bvQe5ynj7FfDmVfHKlECsy9fj4+bADRD33TqvjZo+xuAzLq5lqIm1cGQEUkZpa
Q438AMNThZmLK0L6dvkR/gPhJ7P8ZRyLWCCVDpfL7rUZ5A8/bjoNuSB7nwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNVAymSM0WcM5d69yzFmism0avSvMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMVVES1pJelJad3psM3IzTE1XYUt5YlJxOUs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABvqALtKEguVU7peKzed
KJjGlOY9HItGmNAlQNAXY0yOaPV59bJKhOdHOzJcnklkhBzlm5DUn861fH/wKnXO
IZ02DkSSgvNNcf1EABA3LqDEyVRbw/anyfzYwaJUCn+M8FKo4AS+bwqDQ8ad/9Ny
xc7H10Kzp6Dbc43jHrl0OxF95aSiaGn26+q2qjYkH6yALbqac6gB8Hs39w0BM76+
gPHJAGuvXYnAmmWkwe6eFL0Ebmeu5H2r7DY2XuAFESUAdVGnJFALU/+2CVDJQz8j
NogydHf8sAsVMjG51l9g//3Cb80xXjUCSY69YMH8baErEngQm6bjhTxSiMgQ5viH
b3E=
-----END CERTIFICATE-----