Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/5yMpwUHC-66LA0kaeREatWCS3uc.roa
File:                     5yMpwUHC-66LA0kaeREatWCS3uc.roa (raw, json)
Hash identifier:          3HQ5j4WhqwP0jaETGzIlSnmPNhDIXQd6cVHrYMh8p74=
Subject key identifier:   E7:23:29:C1:41:C2:FB:AE:8B:03:49:1A:79:11:1A:B5:60:92:DE:E7
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188C5666EF050D67644904EBDBC5D30B4EC
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/5yMpwUHC-66LA0kaeREatWCS3uc.roa
Signing time:             Fri 16 Jun 2023 18:10:04 +0000
ROA not before:           Fri 16 Jun 2023 18:10:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:c5:66:6e:f0:50:d6:76:44:90:4e:bd:bc:5d:30:b4:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 16 18:10:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e72329c141c2fbae8b03491a79111ab56092dee7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:a8:61:e6:27:0f:35:5b:b4:78:f7:cb:3b:f2:
                    f0:ef:b0:7e:a1:ea:a3:c3:ab:10:f6:a5:6a:6f:22:
                    65:c0:d9:48:81:4e:fb:71:8e:2c:52:e1:59:a7:42:
                    ca:1e:37:51:8b:b9:c2:ec:64:84:1f:b7:b0:c9:b4:
                    99:eb:d1:72:0d:17:37:af:8c:a3:cd:b5:64:a1:59:
                    04:d5:c7:10:bc:aa:ad:d7:43:ca:cb:54:3c:5a:2f:
                    d1:73:13:81:2f:d8:61:b1:dc:5c:d7:9e:7f:71:33:
                    3b:73:81:76:a3:50:94:3c:07:01:87:0e:14:a2:12:
                    d4:0e:ed:29:26:72:bc:93:9c:eb:6f:7c:c9:5a:74:
                    66:4d:d7:8d:20:2c:2c:9f:8a:a5:26:b4:43:fc:13:
                    34:57:ff:d7:f1:6f:57:79:d2:40:b1:36:0f:9d:58:
                    90:bd:17:0b:46:63:ba:f9:72:cf:13:ba:3f:58:2b:
                    92:6d:0d:8b:6a:c3:73:a8:b4:f1:10:e2:0f:b9:d8:
                    2a:21:fd:5e:ed:6f:5c:5a:27:94:67:31:0e:f2:18:
                    90:e8:b0:96:50:d1:dd:10:22:5b:28:e9:02:ea:7d:
                    1e:0e:b9:22:11:3f:8d:9a:aa:bc:37:66:86:42:16:
                    c1:c9:7a:06:67:5d:61:24:10:1d:05:3f:bf:c5:38:
                    f5:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:23:29:C1:41:C2:FB:AE:8B:03:49:1A:79:11:1A:B5:60:92:DE:E7
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/5yMpwUHC-66LA0kaeREatWCS3uc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         4d:e0:e9:be:30:4e:f4:e6:67:54:ef:ae:1e:f3:d2:d8:18:95:
         55:c6:1d:20:e3:e5:57:7c:39:0d:84:35:37:d5:d8:d5:8e:a1:
         ac:0e:b7:60:ab:10:f9:1e:a3:18:fe:c0:7d:7c:37:e2:43:2e:
         72:b7:4b:a7:d1:33:c6:bc:a4:e3:c7:7a:c0:86:38:99:4e:1f:
         75:a7:7b:a2:cc:4b:55:4b:cc:9b:b4:f6:9e:c4:d0:1e:95:56:
         35:81:e9:42:8d:7c:3c:56:e9:c0:17:4f:67:b4:c3:83:ee:79:
         ad:a1:d8:4d:59:ac:e5:76:83:94:c3:56:5a:63:33:4a:a6:a5:
         83:26:68:09:1a:29:77:53:25:47:4f:54:3a:a2:e0:b2:73:65:
         14:cd:04:5b:df:6f:38:10:41:d9:7b:92:d0:b3:30:18:81:b7:
         7a:94:3a:02:cb:65:4e:d4:e5:3e:0a:84:14:1a:a8:06:6f:12:
         d1:6f:35:65:d7:74:bf:a5:e0:6f:01:a8:45:12:0c:64:3f:85:
         ff:5a:24:4e:23:91:d8:30:77:e0:9f:e5:49:35:70:30:10:5b:
         ff:7c:73:19:d0:07:48:d8:70:71:c2:1f:25:d9:d4:d0:1f:45:
         6b:2c:d7:fb:43:46:a1:27:fa:13:de:13:03:d6:14:68:42:92:
         0e:20:7c:ff
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYjFZm7wUNZ2RJBOvbxdMLTsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjE2MTgxMDA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzIzMjljMTQxYzJmYmFlOGIwMzQ5MWE3OTExMWFiNTYwOTJkZWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqahh5icPNVu0ePfLO/Lw77B+oeqj
w6sQ9qVqbyJlwNlIgU77cY4sUuFZp0LKHjdRi7nC7GSEH7ewybSZ69FyDRc3r4yj
zbVkoVkE1ccQvKqt10PKy1Q8Wi/RcxOBL9hhsdxc155/cTM7c4F2o1CUPAcBhw4U
ohLUDu0pJnK8k5zrb3zJWnRmTdeNICwsn4qlJrRD/BM0V//X8W9XedJAsTYPnViQ
vRcLRmO6+XLPE7o/WCuSbQ2LasNzqLTxEOIPudgqIf1e7W9cWieUZzEO8hiQ6LCW
UNHdECJbKOkC6n0eDrkiET+Nmqq8N2aGQhbByXoGZ11hJBAdBT+/xTj1MwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOcjKcFBwvuuiwNJGnkRGrVgkt7nMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNXlNcHdVSEMtNjZMQTBrYWVSRWF0V0NTM3VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAE3g6b4wTvTmZ1Tvrh7z
0tgYlVXGHSDj5Vd8OQ2ENTfV2NWOoawOt2CrEPkeoxj+wH18N+JDLnK3S6fRM8a8
pOPHesCGOJlOH3Wne6LMS1VLzJu09p7E0B6VVjWB6UKNfDxW6cAXT2e0w4Puea2h
2E1ZrOV2g5TDVlpjM0qmpYMmaAkaKXdTJUdPVDqi4LJzZRTNBFvfbzgQQdl7ktCz
MBiBt3qUOgLLZU7U5T4KhBQaqAZvEtFvNWXXdL+l4G8BqEUSDGQ/hf9aJE4jkdgw
d+Cf5Uk1cDAQW/98cxnQB0jYcHHCHyXZ1NAfRWss1/tDRqEn+hPeEwPWFGhCkg4g
fP8=
-----END CERTIFICATE-----