Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ABCXMkiujqqIQ2Tpq_6G7Z6CLIw.roa
File:                     ABCXMkiujqqIQ2Tpq_6G7Z6CLIw.roa (raw, json)
Hash identifier:          k9gweAJhvL6zytG5ooPf+aQATiKnDmNbck3heuj0iHc=
Subject key identifier:   00:10:97:32:48:AE:8E:AA:88:43:64:E9:AB:FE:86:ED:9E:82:2C:8C
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188E06B207963A8BE27465951C3DDA7664E
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ABCXMkiujqqIQ2Tpq_6G7Z6CLIw.roa
Signing time:             Thu 22 Jun 2023 00:04:56 +0000
ROA not before:           Thu 22 Jun 2023 00:04:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:188:e06a:8af3/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:e0:6b:20:79:63:a8:be:27:46:59:51:c3:dd:a7:66:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 22 00:04:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0010973248ae8eaa884364e9abfe86ed9e822c8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:ae:82:58:0b:23:9b:03:cc:b4:ca:a6:da:75:
                    68:d7:ed:fe:f7:15:64:78:00:4f:4c:fe:2c:4d:ff:
                    d6:ee:98:89:75:45:21:f0:6e:63:97:2d:f4:32:7e:
                    aa:cc:d4:44:f6:a5:93:a6:b0:21:1c:dc:0b:cd:ce:
                    f8:b0:e5:f0:24:9e:dd:f5:62:3d:df:aa:13:ec:cc:
                    56:2f:7e:3b:57:62:ec:7e:a7:6c:fd:60:b9:9e:0b:
                    72:71:90:9f:81:33:52:73:1c:e7:c6:9b:c6:ba:ef:
                    7e:5b:6e:ca:b0:02:1a:4d:ff:4f:c6:9b:82:3c:97:
                    82:90:46:4d:59:66:3d:10:bc:7c:61:d1:45:63:04:
                    a8:8a:9e:a2:e6:1a:71:3b:6f:31:19:fb:04:a6:70:
                    1c:ba:c5:e0:1b:e7:94:24:d5:66:26:7f:b9:d6:f4:
                    d0:5c:1c:c6:7d:f6:6c:60:f7:8f:28:df:44:21:b4:
                    e9:ef:c8:a5:7c:33:f4:01:cd:35:93:b1:ca:83:1f:
                    99:07:a5:95:80:64:25:08:a2:bd:0e:b6:f0:a8:39:
                    e8:a9:0a:b9:e3:2f:99:c7:23:40:91:87:66:9b:0a:
                    21:e5:cb:b3:6a:b2:84:39:50:d9:ce:fe:37:78:80:
                    b4:af:de:36:b7:33:1e:23:a7:97:0b:4b:0c:3b:4d:
                    ce:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:10:97:32:48:AE:8E:AA:88:43:64:E9:AB:FE:86:ED:9E:82:2C:8C
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ABCXMkiujqqIQ2Tpq_6G7Z6CLIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         97:fd:43:72:f6:6b:ea:0c:ae:84:55:4d:bb:25:d8:5d:12:94:
         37:df:1c:13:fe:79:bc:35:56:ff:33:2a:81:67:34:50:f0:70:
         ae:76:90:08:4e:d9:00:e4:74:2f:b0:4b:1b:ba:5f:f2:04:ab:
         ad:cd:cb:88:49:e8:cb:85:d0:ca:a7:75:1d:08:87:86:7a:f1:
         7e:12:75:b3:65:d3:1c:e7:7b:8d:f3:9f:18:cc:1b:84:1a:cb:
         81:03:fb:52:41:82:1f:3b:bf:03:9b:1e:c1:2e:ce:2b:84:07:
         26:af:91:14:74:92:67:48:4b:1d:5e:c5:bc:0a:69:d1:6e:16:
         41:81:c8:7f:f9:d5:6e:91:ba:19:65:78:48:ef:6c:d9:07:c2:
         35:09:fd:f8:ab:40:a0:b9:96:cf:77:e4:b7:c2:42:bb:e2:d4:
         de:3d:03:d8:09:8d:f7:bf:65:c2:22:2e:b4:cf:52:09:a0:36:
         7a:27:66:f8:7d:6b:01:85:b7:5c:bb:3d:28:dc:86:78:5b:64:
         12:a3:30:64:19:f0:e2:90:0e:4a:fa:ea:9c:69:46:cc:0d:90:
         5b:9f:19:8b:83:4b:5d:44:72:e6:bd:59:e7:03:37:85:fb:aa:
         03:61:f2:2c:78:02:2f:d8:07:19:76:4b:1f:82:e4:70:c8:2f:
         44:a2:c6:5e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYjgayB5Y6i+J0ZZUcPdp2ZOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjIyMDAwNDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDEwOTczMjQ4YWU4ZWFhODg0MzY0ZTlhYmZlODZlZDllODIyYzhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAja6CWAsjmwPMtMqm2nVo1+3+9xVk
eABPTP4sTf/W7piJdUUh8G5jly30Mn6qzNRE9qWTprAhHNwLzc74sOXwJJ7d9WI9
36oT7MxWL347V2Lsfqds/WC5ngtycZCfgTNScxznxpvGuu9+W27KsAIaTf9PxpuC
PJeCkEZNWWY9ELx8YdFFYwSoip6i5hpxO28xGfsEpnAcusXgG+eUJNVmJn+51vTQ
XBzGffZsYPePKN9EIbTp78ilfDP0Ac01k7HKgx+ZB6WVgGQlCKK9DrbwqDnoqQq5
4y+ZxyNAkYdmmwoh5cuzarKEOVDZzv43eIC0r942tzMeI6eXC0sMO03OYQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAAQlzJIro6qiENk6av+hu2egiyMMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQUJDWE1raXVqcXFJUTJUcHFfNkc3WjZDTEl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJf9Q3L2a+oMroRVTbsl
2F0SlDffHBP+ebw1Vv8zKoFnNFDwcK52kAhO2QDkdC+wSxu6X/IEq63Ny4hJ6MuF
0MqndR0Ih4Z68X4SdbNl0xzne43znxjMG4Qay4ED+1JBgh87vwObHsEuziuEByav
kRR0kmdISx1exbwKadFuFkGByH/51W6RuhlleEjvbNkHwjUJ/firQKC5ls935LfC
Qrvi1N49A9gJjfe/ZcIiLrTPUgmgNnonZvh9awGFt1y7PSjchnhbZBKjMGQZ8OKQ
Dkr66pxpRswNkFufGYuDS11Ecua9WecDN4X7qgNh8ix4Ai/YBxl2Sx+C5HDIL0Si
xl4=
-----END CERTIFICATE-----