Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/8u9-hpERf6plOCspg5h5ikper3w.roa
File:                     8u9-hpERf6plOCspg5h5ikper3w.roa (raw, json)
Hash identifier:          zFEbWfHsO0Z109qoCWlnqhhjBpZMoD1FP/BuTXPG8Ck=
Subject key identifier:   F2:EF:7E:86:91:11:7F:AA:65:38:2B:29:83:98:79:8A:4A:5E:AF:7C
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018947049B3F8F837AB286E7034D92B8280A
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/8u9-hpERf6plOCspg5h5ikper3w.roa
Signing time:             Tue 11 Jul 2023 22:13:51 +0000
ROA not before:           Tue 11 Jul 2023 22:13:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:47:04:9b:3f:8f:83:7a:b2:86:e7:03:4d:92:b8:28:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 11 22:13:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f2ef7e8691117faa65382b298398798a4a5eaf7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:11:76:cc:e2:45:59:2d:d3:a3:d2:d7:fc:ad:
                    cf:56:7e:8b:00:96:a3:d2:6e:5c:da:ad:e5:26:f1:
                    bf:81:7b:d4:c1:47:4c:a8:7a:56:78:61:1b:8a:fe:
                    8e:7e:08:ee:10:bd:69:39:c0:3d:63:66:51:c1:a1:
                    3e:ce:e6:83:5d:a2:c3:98:11:f9:3e:41:98:43:27:
                    e7:c2:ed:61:67:0d:9c:7d:72:a3:f2:3d:cd:0a:87:
                    ba:53:76:90:4d:bd:9a:b4:f4:17:75:91:84:df:f2:
                    27:7a:2f:3b:5e:fa:e3:10:f6:72:76:2a:49:7f:be:
                    dc:d3:66:02:89:75:ff:a9:3e:87:ff:b5:f5:42:34:
                    af:4f:d4:8c:22:4e:92:85:14:52:8b:cf:a1:4a:b5:
                    92:63:a9:e7:5e:d6:6d:9c:4b:5b:5c:aa:b6:29:9d:
                    18:30:bb:32:2f:d0:c7:fc:ac:e3:b9:1a:50:12:69:
                    ef:94:a2:84:86:bf:f9:10:4e:93:85:39:76:87:a3:
                    d8:27:d4:a1:02:51:9d:c0:ca:c3:90:8a:22:35:7d:
                    34:a6:bb:fb:92:aa:84:ca:2f:b7:51:1c:9c:b0:07:
                    26:cb:65:71:78:bb:77:e4:68:27:6e:f5:40:4f:c0:
                    69:17:59:23:cb:aa:1d:3c:c4:21:e0:f9:ff:26:e4:
                    16:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:EF:7E:86:91:11:7F:AA:65:38:2B:29:83:98:79:8A:4A:5E:AF:7C
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/8u9-hpERf6plOCspg5h5ikper3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         5e:71:11:fa:0d:ff:61:8d:a5:e4:6f:04:ae:66:a7:6b:94:8d:
         16:8b:d8:6a:4b:a9:ae:bd:da:cf:9e:fb:c1:20:15:4c:ed:5b:
         76:17:e9:4b:13:ff:ae:14:c0:d9:85:a7:0e:88:d6:e9:4e:58:
         29:62:f5:b2:25:3c:83:c4:5e:18:64:93:f5:cf:4b:16:f3:2f:
         5f:4b:b7:06:62:cc:55:7b:8d:9d:fa:18:c6:3d:9a:29:55:3e:
         57:47:1e:21:9f:7e:4d:86:e1:0c:41:93:05:05:38:bb:33:1c:
         41:8b:f1:3b:88:72:99:0a:f9:b9:6e:b5:36:8e:70:7c:57:94:
         6d:74:4f:de:93:3a:16:30:a8:fe:21:28:19:7e:c2:7c:ab:26:
         61:ca:a3:16:43:7a:86:82:a7:e2:2f:7b:5c:24:8f:d4:30:e9:
         ea:ec:3d:0b:ea:a9:c5:98:28:31:b1:6e:56:27:74:69:94:a6:
         39:1c:c6:21:f3:46:b7:ca:9b:97:db:8e:2a:35:8b:db:76:6e:
         24:1e:cd:f2:9a:2e:b6:12:a2:40:b1:2c:a4:4b:e6:6e:e2:52:
         f9:b6:6a:ab:dd:72:a7:55:51:56:14:a5:4f:e2:35:e3:c6:1e:
         1d:e7:1a:58:11:97:4c:86:0e:64:49:0d:49:00:b1:52:2e:b2:
         24:dd:03:ee
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlHBJs/j4N6sobnA02SuCgKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzExMjIxMzUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmVmN2U4NjkxMTE3ZmFhNjUzODJiMjk4Mzk4Nzk4YTRhNWVhZjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkxF2zOJFWS3To9LX/K3PVn6LAJaj
0m5c2q3lJvG/gXvUwUdMqHpWeGEbiv6OfgjuEL1pOcA9Y2ZRwaE+zuaDXaLDmBH5
PkGYQyfnwu1hZw2cfXKj8j3NCoe6U3aQTb2atPQXdZGE3/Inei87XvrjEPZydipJ
f77c02YCiXX/qT6H/7X1QjSvT9SMIk6ShRRSi8+hSrWSY6nnXtZtnEtbXKq2KZ0Y
MLsyL9DH/KzjuRpQEmnvlKKEhr/5EE6ThTl2h6PYJ9ShAlGdwMrDkIoiNX00prv7
kqqEyi+3URycsAcmy2VxeLt35GgnbvVAT8BpF1kjy6odPMQh4Pn/JuQW9wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPLvfoaREX+qZTgrKYOYeYpKXq98MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvOHU5LWhwRVJmNnBsT0NzcGc1aDVpa3BlcjN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAF5xEfoN/2GNpeRvBK5m
p2uUjRaL2GpLqa692s+e+8EgFUztW3YX6UsT/64UwNmFpw6I1ulOWCli9bIlPIPE
Xhhkk/XPSxbzL19LtwZizFV7jZ36GMY9milVPldHHiGffk2G4QxBkwUFOLszHEGL
8TuIcpkK+blutTaOcHxXlG10T96TOhYwqP4hKBl+wnyrJmHKoxZDeoaCp+Ive1wk
j9Qw6ersPQvqqcWYKDGxblYndGmUpjkcxiHzRrfKm5fbjio1i9t2biQezfKaLrYS
okCxLKRL5m7iUvm2aqvdcqdVUVYUpU/iNePGHh3nGlgRl0yGDmRJDUkAsVIusiTd
A+4=
-----END CERTIFICATE-----