Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/FU1xPZTZHHS3oeoW20sWHLtDq1g.roa
File:                     FU1xPZTZHHS3oeoW20sWHLtDq1g.roa (raw, json)
Hash identifier:          qRlTsqoQouIXcw3rri5ZFdmTHUWr73iD6UtCOdDB570=
Subject key identifier:   15:4D:71:3D:94:D9:1C:74:B7:A1:EA:16:DB:4B:16:1C:BB:43:AB:58
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188620C7AE7B09D8CE55DE1751B64EA9D9A
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/FU1xPZTZHHS3oeoW20sWHLtDq1g.roa
Signing time:             Sun 28 May 2023 11:09:25 +0000
ROA not before:           Sun 28 May 2023 11:09:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:62:0c:7a:e7:b0:9d:8c:e5:5d:e1:75:1b:64:ea:9d:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 28 11:09:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=154d713d94d91c74b7a1ea16db4b161cbb43ab58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:32:61:b1:46:0b:e2:a4:54:3e:82:53:99:e2:
                    72:22:f3:12:a9:17:3a:e2:1c:96:75:f2:73:4b:76:
                    f1:e4:a3:6f:20:8f:af:77:bf:ce:36:0f:af:65:36:
                    3c:b1:03:e5:ed:db:e3:b6:b0:13:55:08:fd:0b:80:
                    ba:3a:72:ec:93:5a:90:3c:ef:e3:e8:d4:b5:ce:3a:
                    cd:03:ba:43:b7:65:88:d9:e4:52:e1:29:6e:9c:78:
                    42:1b:06:13:a6:66:28:75:ea:07:aa:34:16:5d:a5:
                    02:0b:59:5e:1e:bd:b3:00:02:2c:ce:11:f8:95:8b:
                    18:12:dd:4b:70:d3:b6:da:ed:15:c3:34:55:03:dd:
                    7a:26:ee:fc:60:ae:cd:8b:47:28:41:36:53:b6:cc:
                    66:30:9a:da:99:ca:2a:2b:25:4d:e6:c6:5c:d2:9b:
                    fa:5b:ee:f3:e4:b6:f6:aa:ae:25:ba:de:39:ab:11:
                    56:0f:92:72:f7:7a:f4:b6:13:50:2c:87:fc:3a:5f:
                    04:d7:a0:72:16:9e:5b:5f:ef:42:8b:f5:a0:dd:ee:
                    26:5b:2c:0b:db:cb:6a:0a:d5:12:f5:b6:93:32:83:
                    3f:5d:60:75:37:30:76:d3:f0:0c:9d:9a:75:3d:d1:
                    d4:7f:4a:91:1f:c8:80:05:c3:4c:6d:16:c6:1a:02:
                    3e:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:4D:71:3D:94:D9:1C:74:B7:A1:EA:16:DB:4B:16:1C:BB:43:AB:58
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/FU1xPZTZHHS3oeoW20sWHLtDq1g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         30:c1:d4:c1:db:64:dd:64:17:dc:4c:31:9e:7d:a9:97:2b:8b:
         6a:74:08:33:b2:81:69:35:ce:93:82:d9:c0:72:6f:12:2a:9c:
         56:bf:0f:f5:49:25:58:11:df:c2:7a:f8:da:7c:79:b8:d0:36:
         81:29:3e:99:48:01:6d:d5:3a:b7:7d:b7:71:f1:c1:8c:a6:bb:
         1f:8a:ec:ae:4b:a1:25:8d:2c:21:f8:8f:a4:f2:4f:fa:6f:91:
         fb:a4:18:4d:7e:f2:22:fb:5f:a9:08:94:b8:33:ae:0a:f4:90:
         d8:50:58:94:9c:be:b5:a3:8f:86:b4:13:e1:a6:bc:a7:bb:aa:
         bd:46:e1:04:b6:eb:9d:8a:af:8e:b7:78:8a:39:0f:b9:44:d7:
         58:4c:66:2a:1e:98:50:2e:52:79:f0:bc:cc:72:c9:b9:11:a5:
         03:0e:f4:44:d7:a0:87:cb:9b:5c:43:ee:ce:0a:1c:34:b1:96:
         a6:75:24:6c:5c:54:87:24:2c:94:cb:4c:7e:40:f0:f8:e3:5e:
         e2:78:33:f4:e6:60:03:83:88:de:07:db:4b:da:83:52:7f:63:
         33:7a:98:1d:f2:7e:39:40:02:51:4e:8f:f6:d2:8c:4f:bc:50:
         dc:ba:08:bd:13:47:ae:18:c1:a6:e1:a0:ee:73:5b:73:37:31:
         e1:b9:30:4a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhiDHrnsJ2M5V3hdRtk6p2aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTI4MTEwOTI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTRkNzEzZDk0ZDkxYzc0YjdhMWVhMTZkYjRiMTYxY2JiNDNhYjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3DJhsUYL4qRUPoJTmeJyIvMSqRc6
4hyWdfJzS3bx5KNvII+vd7/ONg+vZTY8sQPl7dvjtrATVQj9C4C6OnLsk1qQPO/j
6NS1zjrNA7pDt2WI2eRS4SlunHhCGwYTpmYodeoHqjQWXaUCC1leHr2zAAIszhH4
lYsYEt1LcNO22u0VwzRVA916Ju78YK7Ni0coQTZTtsxmMJramcoqKyVN5sZc0pv6
W+7z5Lb2qq4lut45qxFWD5Jy93r0thNQLIf8Ol8E16ByFp5bX+9Ci/Wg3e4mWywL
28tqCtUS9baTMoM/XWB1NzB20/AMnZp1PdHUf0qRH8iABcNMbRbGGgI+cQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBVNcT2U2Rx0t6HqFttLFhy7Q6tYMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvRlUxeFBaVFpISFMzb2VvVzIwc1dITHREcTFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADDB1MHbZN1kF9xMMZ59
qZcri2p0CDOygWk1zpOC2cBybxIqnFa/D/VJJVgR38J6+Np8ebjQNoEpPplIAW3V
Ord9t3HxwYymux+K7K5LoSWNLCH4j6TyT/pvkfukGE1+8iL7X6kIlLgzrgr0kNhQ
WJScvrWjj4a0E+GmvKe7qr1G4QS2652Kr463eIo5D7lE11hMZioemFAuUnnwvMxy
ybkRpQMO9ETXoIfLm1xD7s4KHDSxlqZ1JGxcVIckLJTLTH5A8PjjXuJ4M/TmYAOD
iN4H20vag1J/YzN6mB3yfjlAAlFOj/bSjE+8UNy6CL0TR64YwabhoO5zW3M3MeG5
MEo=
-----END CERTIFICATE-----