Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Fh8zw2ANGylxhzmnNgEI1_u_CWs.roa
File:                     Fh8zw2ANGylxhzmnNgEI1_u_CWs.roa (raw, json)
Hash identifier:          pBVOC/vql0yUtfr7CKaLUvcfOscINriOLfR319I0fgE=
Subject key identifier:   16:1F:33:C3:60:0D:1B:29:71:87:39:A7:36:01:08:D7:FB:BF:09:6B
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0189781F570828382954A37063B8DBAFA3AD
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Fh8zw2ANGylxhzmnNgEI1_u_CWs.roa
Signing time:             Fri 21 Jul 2023 11:04:27 +0000
ROA not before:           Fri 21 Jul 2023 11:04:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:189:781f:1f3f/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:78:1f:57:08:28:38:29:54:a3:70:63:b8:db:af:a3:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 21 11:04:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=161f33c3600d1b29718739a7360108d7fbbf096b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:48:8d:f9:5f:41:39:4a:6e:e8:aa:e0:f7:1b:
                    ad:11:16:84:47:4c:aa:1c:25:ba:0b:81:86:90:fb:
                    71:00:69:9c:78:04:e0:5f:6e:cc:82:14:0d:bb:e0:
                    ab:da:4b:df:4b:df:a2:68:3a:cf:9e:f7:37:a7:dc:
                    2c:2f:f6:6e:8c:43:10:9c:bc:24:61:ef:4c:23:ee:
                    4a:f4:e8:50:ac:39:28:09:f0:27:e7:7b:c3:c0:59:
                    18:63:7c:e5:68:11:42:ed:1d:d0:e5:8b:29:ac:a4:
                    51:da:ae:51:2b:c4:42:51:99:71:6d:d4:fb:8b:e7:
                    78:ff:55:5a:92:8e:2b:4c:d4:05:49:ef:0a:ad:9f:
                    57:68:96:7a:cd:df:97:fe:6d:da:a1:35:18:2d:df:
                    ca:35:a5:55:e7:5e:f2:4f:18:bb:46:93:61:8e:ed:
                    63:8d:93:09:44:bd:0e:e1:0f:93:5d:4c:08:37:84:
                    b6:1d:e5:19:57:03:2d:5b:67:02:dd:17:54:44:78:
                    b6:75:25:5d:83:fb:45:86:ca:12:28:c6:28:54:57:
                    d1:ff:d7:34:71:1e:e8:08:46:e2:9d:cd:95:c4:83:
                    37:e0:25:fd:f1:c0:2d:7a:e9:b4:12:1b:d4:c2:e3:
                    04:62:68:dc:32:5c:d9:59:d9:4e:32:d8:0b:04:1b:
                    44:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:1F:33:C3:60:0D:1B:29:71:87:39:A7:36:01:08:D7:FB:BF:09:6B
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Fh8zw2ANGylxhzmnNgEI1_u_CWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:a5:68:9a:cd:b3:c8:fa:16:48:f8:74:af:28:27:51:9d:25:
         82:98:50:eb:52:f5:77:fb:3f:18:48:a9:5b:d4:8f:cc:6d:67:
         5d:a1:62:a9:75:47:6e:6e:d0:c5:06:9f:29:14:fb:6a:e1:a8:
         10:1d:13:a9:82:70:34:f4:a2:74:a8:cd:fc:6d:a5:88:3f:7a:
         01:65:a6:97:6d:82:e5:ae:26:ce:ec:e2:10:cf:0a:00:88:be:
         3b:9b:2b:39:94:66:a3:09:d0:aa:fc:e5:ec:a4:57:fe:39:2f:
         46:e8:f6:46:34:e0:55:83:bf:bc:df:40:07:9f:1c:bf:1e:0d:
         c2:47:3d:97:c1:61:fc:04:60:e2:54:87:5c:ff:60:1e:75:c1:
         73:8f:43:4e:d0:07:31:24:ff:b7:a4:72:c6:b6:cc:38:a4:25:
         40:dc:e8:3d:d1:c6:27:32:79:d7:5a:82:39:be:81:66:3e:74:
         50:03:73:fa:60:60:56:25:ef:96:57:8e:0f:da:56:a4:28:39:
         14:e0:c8:17:c5:83:66:79:1e:44:19:77:a1:a4:e7:79:2b:c3:
         a2:e7:ad:fa:e1:6f:30:b6:03:bd:c8:8a:c3:eb:26:5b:86:d5:
         38:08:bd:cb:54:ab:bf:f5:81:58:0f:3d:fb:52:1f:17:66:1f:
         bf:8d:06:b1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYl4H1cIKDgpVKNwY7jbr6OtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzIxMTEwNDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjFmMzNjMzYwMGQxYjI5NzE4NzM5YTczNjAxMDhkN2ZiYmYwOTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1kiN+V9BOUpu6Krg9xutERaER0yq
HCW6C4GGkPtxAGmceATgX27MghQNu+Cr2kvfS9+iaDrPnvc3p9wsL/ZujEMQnLwk
Ye9MI+5K9OhQrDkoCfAn53vDwFkYY3zlaBFC7R3Q5YsprKRR2q5RK8RCUZlxbdT7
i+d4/1Vako4rTNQFSe8KrZ9XaJZ6zd+X/m3aoTUYLd/KNaVV517yTxi7RpNhju1j
jZMJRL0O4Q+TXUwIN4S2HeUZVwMtW2cC3RdURHi2dSVdg/tFhsoSKMYoVFfR/9c0
cR7oCEbinc2VxIM34CX98cAteum0EhvUwuMEYmjcMlzZWdlOMtgLBBtEsQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBYfM8NgDRspcYc5pzYBCNf7vwlrMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvRmg4encyQU5HeWx4aHptbk5nRUkxX3VfQ1dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAC2laJrNs8j6Fkj4dK8o
J1GdJYKYUOtS9Xf7PxhIqVvUj8xtZ12hYql1R25u0MUGnykU+2rhqBAdE6mCcDT0
onSozfxtpYg/egFlppdtguWuJs7s4hDPCgCIvjubKzmUZqMJ0Kr85eykV/45L0bo
9kY04FWDv7zfQAefHL8eDcJHPZfBYfwEYOJUh1z/YB51wXOPQ07QBzEk/7ekcsa2
zDikJUDc6D3Rxicyeddagjm+gWY+dFADc/pgYFYl75ZXjg/aVqQoORTgyBfFg2Z5
HkQZd6Gk53krw6LnrfrhbzC2A73IisPrJluG1TgIvctUq7/1gVgPPftSHxdmH7+N
BrE=
-----END CERTIFICATE-----