Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3z8vdc4mqGw0D98VPuZDiOnOuI0.roa
File:                     3z8vdc4mqGw0D98VPuZDiOnOuI0.roa (raw, json)
Hash identifier:          GsJZHRQgdsWplFcMQGoJ62TsEvG9OTFQqlueQ0AwnCQ=
Subject key identifier:   DF:3F:2F:75:CE:26:A8:6C:34:0F:DF:15:3E:E6:43:88:E9:CE:B8:8D
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018934FAAFD8B57590A4834ED458A7EA1832
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3z8vdc4mqGw0D98VPuZDiOnOuI0.roa
Signing time:             Sat 08 Jul 2023 10:09:51 +0000
ROA not before:           Sat 08 Jul 2023 10:09:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:34:fa:af:d8:b5:75:90:a4:83:4e:d4:58:a7:ea:18:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul  8 10:09:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=df3f2f75ce26a86c340fdf153ee64388e9ceb88d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:2b:10:23:80:65:68:ff:c9:f4:94:98:77:e2:
                    09:4a:aa:6e:a4:12:cd:45:28:3f:e4:c7:64:02:85:
                    ea:0f:4c:d2:f5:7f:29:41:fc:d7:a9:7e:cc:e6:7f:
                    12:a4:03:5e:af:b7:de:e7:48:9b:9b:20:85:f9:7d:
                    fe:73:44:6b:ab:34:59:a2:04:a9:15:f3:ad:fa:56:
                    fe:b5:59:8c:73:a6:3d:5e:37:17:d4:1e:48:0a:a7:
                    7e:13:47:6e:30:10:fa:ab:88:ad:5c:d5:43:20:d4:
                    9a:05:b1:57:58:04:7f:1e:03:68:12:10:8e:08:b4:
                    00:e0:83:6d:80:3a:78:f3:7e:6f:e3:f3:b7:14:84:
                    26:53:f1:2f:ec:ca:96:2a:3f:b5:a4:93:f2:03:86:
                    f7:9b:1e:66:30:d8:7d:94:53:ed:47:76:6c:0c:5c:
                    7b:d7:58:73:98:ed:76:df:f6:d3:1d:75:05:7f:32:
                    d2:61:2f:a7:d2:6e:3e:a9:10:1c:a1:64:e8:d8:c4:
                    d6:12:39:89:bd:9c:6d:a1:5e:43:61:8c:42:d8:9e:
                    20:27:21:67:42:99:31:f6:c1:a9:85:a5:8c:5e:d5:
                    6e:20:46:cc:3d:04:7f:4e:97:6f:2d:f5:21:a4:ce:
                    22:81:01:6d:4a:ab:4d:96:83:27:40:0a:8b:d7:c2:
                    36:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:3F:2F:75:CE:26:A8:6C:34:0F:DF:15:3E:E6:43:88:E9:CE:B8:8D
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3z8vdc4mqGw0D98VPuZDiOnOuI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         3f:17:de:c9:a2:fc:1b:d3:ea:fb:60:71:1e:19:3f:76:1d:17:
         52:47:95:f1:6e:20:ac:59:89:64:b7:c3:18:50:06:c0:a2:b0:
         4d:0f:33:84:d1:ce:7e:33:de:ab:ec:56:8a:03:c8:44:65:5b:
         52:7a:8b:64:58:c9:19:1f:c4:9b:a3:3c:c6:73:69:d1:fa:48:
         76:d9:65:72:68:f7:5c:47:83:40:fa:aa:06:e6:a1:7e:87:47:
         66:e5:e3:a3:16:5a:c0:33:bc:a6:f9:26:06:e9:42:fb:07:77:
         91:9d:72:30:27:95:1b:92:d6:b6:a7:bf:5b:8f:94:62:b8:c3:
         6d:88:ab:03:1c:9a:db:58:bd:9d:18:2d:29:c0:2f:6d:56:47:
         79:d4:32:7e:fd:31:80:96:1c:d7:50:29:55:aa:23:b8:1a:e6:
         39:03:60:49:5e:8d:0b:01:1e:91:2e:d8:49:77:e1:05:77:a3:
         d6:e4:aa:17:54:bd:7a:9e:45:94:41:30:66:11:39:aa:ca:0a:
         ab:82:6a:eb:8b:eb:76:d4:ef:60:3b:21:ca:72:d3:f8:cc:0a:
         98:ff:1c:4a:5f:15:8c:fd:98:9d:e7:a2:e8:52:f7:0c:25:97:
         a6:f3:07:ad:0d:7d:e3:5c:13:7a:a6:22:2d:76:55:bf:ab:3f:
         f7:17:4c:bb
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYk0+q/YtXWQpINO1Fin6hgyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzA4MTAwOTUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjNmMmY3NWNlMjZhODZjMzQwZmRmMTUzZWU2NDM4OGU5Y2ViODhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmisQI4BlaP/J9JSYd+IJSqpupBLN
RSg/5MdkAoXqD0zS9X8pQfzXqX7M5n8SpANer7fe50ibmyCF+X3+c0RrqzRZogSp
FfOt+lb+tVmMc6Y9XjcX1B5ICqd+E0duMBD6q4itXNVDINSaBbFXWAR/HgNoEhCO
CLQA4INtgDp4835v4/O3FIQmU/Ev7MqWKj+1pJPyA4b3mx5mMNh9lFPtR3ZsDFx7
11hzmO123/bTHXUFfzLSYS+n0m4+qRAcoWTo2MTWEjmJvZxtoV5DYYxC2J4gJyFn
Qpkx9sGphaWMXtVuIEbMPQR/TpdvLfUhpM4igQFtSqtNloMnQAqL18I2GwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFN8/L3XOJqhsNA/fFT7mQ4jpzriNMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvM3o4dmRjNG1xR3cwRDk4VlB1WkRpT25PdUkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAD8X3smi/BvT6vtgcR4Z
P3YdF1JHlfFuIKxZiWS3wxhQBsCisE0PM4TRzn4z3qvsVooDyERlW1J6i2RYyRkf
xJujPMZzadH6SHbZZXJo91xHg0D6qgbmoX6HR2bl46MWWsAzvKb5JgbpQvsHd5Gd
cjAnlRuS1ranv1uPlGK4w22IqwMcmttYvZ0YLSnAL21WR3nUMn79MYCWHNdQKVWq
I7ga5jkDYElejQsBHpEu2El34QV3o9bkqhdUvXqeRZRBMGYROarKCquCauuL63bU
72A7Icpy0/jMCpj/HEpfFYz9mJ3nouhS9wwll6bzB60NfeNcE3qmIi12Vb+rP/cX
TLs=
-----END CERTIFICATE-----