Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/H_9v43zOI-wzTl95fIEN9vwkXKE.roa
File:                     H_9v43zOI-wzTl95fIEN9vwkXKE.roa (raw, json)
Hash identifier:          Ol5JC2dXy8rNDWU83IrXupy+gwwGXqQgvn413MJq53U=
Subject key identifier:   1F:FF:6F:E3:7C:CE:23:EC:33:4E:5F:79:7C:81:0D:F6:FC:24:5C:A1
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018891AB73764B7A8AA6FA14E13821CB03C3
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/H_9v43zOI-wzTl95fIEN9vwkXKE.roa
Signing time:             Tue 06 Jun 2023 17:05:12 +0000
ROA not before:           Tue 06 Jun 2023 17:05:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:188:91aa:b901/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:91:ab:73:76:4b:7a:8a:a6:fa:14:e1:38:21:cb:03:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  6 17:05:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1fff6fe37cce23ec334e5f797c810df6fc245ca1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:fd:7a:6c:49:50:d2:c1:ec:a5:89:65:83:36:
                    5f:05:cc:7c:b9:b2:29:f9:66:e4:52:47:fe:2e:30:
                    46:12:53:9d:8c:91:60:a9:c5:fa:b4:51:d4:a8:1c:
                    db:8d:1b:bb:15:df:0a:37:af:6d:96:59:da:aa:47:
                    ec:74:2c:f6:29:04:38:b1:7e:5a:f1:c9:dc:93:96:
                    93:ae:8b:75:c4:05:dd:8a:53:10:cc:17:10:49:cb:
                    c5:03:e1:16:47:e8:1f:e3:d8:08:ae:7f:9e:8c:27:
                    47:7b:36:ad:96:4a:08:88:8f:f5:fe:11:ac:11:b3:
                    7a:57:69:02:de:c9:31:9b:32:dd:bf:8e:d9:97:06:
                    0c:e2:69:c9:4d:91:71:01:29:b0:65:8f:35:4a:0a:
                    0e:34:fa:d4:a6:ec:1f:98:b7:cb:f1:d9:8d:84:b9:
                    bd:22:40:56:85:d7:03:a4:fa:22:56:02:f5:0d:09:
                    32:c3:a8:f3:b4:57:79:6e:35:0d:53:28:95:a4:fa:
                    0d:33:88:b7:c8:ad:9f:c9:69:e7:9d:51:64:21:a1:
                    2b:49:7a:04:fa:66:46:08:3c:d4:2e:d0:12:7a:8d:
                    09:b3:15:81:e3:0f:5e:00:6b:66:b3:9b:64:94:3f:
                    2f:c2:10:8b:0d:5f:44:bb:fa:38:0d:94:9c:3b:86:
                    8c:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:FF:6F:E3:7C:CE:23:EC:33:4E:5F:79:7C:81:0D:F6:FC:24:5C:A1
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/H_9v43zOI-wzTl95fIEN9vwkXKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         33:44:b6:f6:6d:15:73:e2:33:e9:d5:9a:e0:9e:2b:89:18:d7:
         10:96:94:88:7a:39:6b:8c:2d:4b:f8:69:35:f9:fd:44:20:b1:
         24:f1:94:c7:60:a5:31:42:fc:6b:81:81:28:71:d9:d7:c3:a8:
         08:bc:7d:7a:da:93:7d:43:a0:26:16:70:24:5e:bb:1a:28:fc:
         21:15:33:8d:4e:38:e1:df:63:e6:52:63:6b:c6:d7:ab:4f:67:
         d1:63:03:35:a2:45:b4:e5:51:1c:08:d6:e3:2a:53:3f:e9:bf:
         0c:b1:26:6a:29:db:d3:65:b2:3b:a2:de:2e:ab:4a:17:ae:86:
         c9:2a:33:ab:78:93:29:b7:e3:dd:99:c5:52:2e:3f:af:5b:f7:
         78:fd:75:85:2e:b6:65:d7:8d:9d:26:e5:c4:d9:55:51:1c:d8:
         d7:c9:26:fe:8a:16:ce:d2:1c:96:a4:19:5c:11:14:d7:12:71:
         03:00:10:9d:a8:35:55:5e:84:62:57:67:cb:e4:fc:38:31:4c:
         cc:00:4e:87:2b:14:c2:fa:b4:14:8c:4c:7e:fe:6d:d7:87:f2:
         c6:bb:fa:03:32:e6:5d:dc:60:e6:8d:26:67:92:9b:2a:25:de:
         be:2a:ef:85:e8:8c:7f:c9:e6:11:32:1b:92:b7:aa:e2:35:b3:
         26:7b:b0:e6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiRq3N2S3qKpvoU4TghywPDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA2MTcwNTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmZmNmZlMzdjY2UyM2VjMzM0ZTVmNzk3YzgxMGRmNmZjMjQ1Y2ExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkv16bElQ0sHspYllgzZfBcx8ubIp
+WbkUkf+LjBGElOdjJFgqcX6tFHUqBzbjRu7Fd8KN69tllnaqkfsdCz2KQQ4sX5a
8cnck5aTrot1xAXdilMQzBcQScvFA+EWR+gf49gIrn+ejCdHezatlkoIiI/1/hGs
EbN6V2kC3skxmzLdv47ZlwYM4mnJTZFxASmwZY81SgoONPrUpuwfmLfL8dmNhLm9
IkBWhdcDpPoiVgL1DQkyw6jztFd5bjUNUyiVpPoNM4i3yK2fyWnnnVFkIaErSXoE
+mZGCDzULtASeo0JsxWB4w9eAGtms5tklD8vwhCLDV9Eu/o4DZScO4aM3wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFB//b+N8ziPsM05feXyBDfb8JFyhMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSF85djQzek9JLXd6VGw5NWZJRU45dndrWEtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADNEtvZtFXPiM+nVmuCe
K4kY1xCWlIh6OWuMLUv4aTX5/UQgsSTxlMdgpTFC/GuBgShx2dfDqAi8fXrak31D
oCYWcCReuxoo/CEVM41OOOHfY+ZSY2vG16tPZ9FjAzWiRbTlURwI1uMqUz/pvwyx
Jmop29Nlsjui3i6rSheuhskqM6t4kym3492ZxVIuP69b93j9dYUutmXXjZ0m5cTZ
VVEc2NfJJv6KFs7SHJakGVwRFNcScQMAEJ2oNVVehGJXZ8vk/DgxTMwATocrFML6
tBSMTH7+bdeH8sa7+gMy5l3cYOaNJmeSmyol3r4q74XojH/J5hEyG5K3quI1syZ7
sOY=
-----END CERTIFICATE-----