Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KY_Rfj0Oqu2H0ot-rjD-baP1WEI.roa
File:                     KY_Rfj0Oqu2H0ot-rjD-baP1WEI.roa (raw, json)
Hash identifier:          +CxWvEzHjTmMCRju4BKI9Q/sekK0CS/sSVn1yMitRNE=
Subject key identifier:   29:8F:D1:7E:3D:0E:AA:ED:87:D2:8B:7E:AE:30:FE:6D:A3:F5:58:42
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187F0543D75455FB1865A42CBDAE9A69F66
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KY_Rfj0Oqu2H0ot-rjD-baP1WEI.roa
Signing time:             Sat 06 May 2023 09:11:05 +0000
ROA not before:           Sat 06 May 2023 09:11:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:f0:54:3d:75:45:5f:b1:86:5a:42:cb:da:e9:a6:9f:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  6 09:11:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=298fd17e3d0eaaed87d28b7eae30fe6da3f55842
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:de:f3:8e:da:a6:8a:06:1e:e4:4f:9e:01:82:
                    85:f1:f9:8b:7d:43:a6:9d:bc:3f:f4:92:29:bc:3b:
                    48:86:ca:46:b8:d4:07:0c:f2:65:59:60:83:d1:2d:
                    aa:db:74:5d:62:a9:a3:00:00:19:ab:a8:ba:fc:db:
                    ff:12:d5:93:23:16:4d:fa:59:f9:56:13:b5:5a:b1:
                    63:28:3d:2f:54:5a:30:98:af:c8:9b:5d:0b:68:8c:
                    1d:23:20:19:0c:1a:d6:93:2e:30:39:c6:b1:31:69:
                    ff:89:ab:95:6a:65:eb:05:4e:db:18:2c:83:af:1a:
                    ac:ea:d7:9d:3c:e3:e8:8a:fd:20:cb:2e:e5:68:bb:
                    05:a9:19:ec:0e:d9:74:92:76:6c:21:78:fe:2e:9e:
                    b4:c2:e4:05:74:c7:99:64:34:6d:4a:ca:e8:06:f1:
                    9a:35:06:52:d4:97:97:df:15:bb:00:bd:95:60:a3:
                    d8:5b:de:54:b3:95:9e:e3:bd:56:37:16:a1:71:93:
                    62:2f:20:22:24:89:fe:a7:98:ba:43:fe:d5:41:00:
                    1c:0d:65:8d:0e:88:7d:8f:e4:8d:ba:3b:25:04:81:
                    5a:1d:8e:0e:d6:3d:d1:49:f2:62:c8:3e:91:e0:06:
                    fe:3c:ea:53:94:cc:fe:00:d2:de:7c:f4:82:73:1f:
                    02:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:8F:D1:7E:3D:0E:AA:ED:87:D2:8B:7E:AE:30:FE:6D:A3:F5:58:42
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KY_Rfj0Oqu2H0ot-rjD-baP1WEI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         44:36:61:29:2c:34:ee:18:d4:cd:31:60:7e:92:66:08:a9:3b:
         49:40:a6:cb:6c:51:fe:df:bf:c1:9d:45:d4:7f:32:ae:c9:7b:
         a6:fb:e6:39:dd:a0:42:5b:df:16:e2:62:b1:f7:8d:24:1f:43:
         34:48:d1:dc:62:45:7a:b2:bc:5a:30:85:0e:15:8e:95:25:75:
         7f:b6:78:8c:b2:c0:e4:c1:a6:b5:7e:c2:9f:70:cf:f4:98:e2:
         19:50:ec:99:5e:93:99:42:26:79:bb:50:7f:26:a7:da:78:50:
         0d:7d:86:7f:46:9e:02:e0:f7:b5:6e:29:d9:d6:c1:31:ff:d5:
         38:6c:8d:05:99:7b:d9:c2:0a:da:11:51:f8:61:ca:e3:83:bc:
         e3:ec:c6:d8:45:3c:0b:c3:37:74:23:cc:de:05:85:0e:f2:fe:
         f4:82:25:a3:ba:d8:93:49:a0:a8:f8:b6:54:57:47:9a:33:0f:
         9a:a7:01:b2:c5:8b:60:cd:46:2a:e1:f4:dc:91:19:8e:d4:04:
         bf:45:c9:f7:7c:ea:53:54:b3:2b:52:cf:f5:63:33:fe:48:a1:
         83:1b:a0:a3:9f:f7:a7:9c:10:a6:0f:dd:8c:6d:54:d3:fc:28:
         bf:39:0c:7d:29:35:88:95:e8:19:58:21:18:5c:48:17:22:75:
         bc:1a:a0:56
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfwVD11RV+xhlpCy9rppp9mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA2MDkxMTA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOThmZDE3ZTNkMGVhYWVkODdkMjhiN2VhZTMwZmU2ZGEzZjU1ODQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw97zjtqmigYe5E+eAYKF8fmLfUOm
nbw/9JIpvDtIhspGuNQHDPJlWWCD0S2q23RdYqmjAAAZq6i6/Nv/EtWTIxZN+ln5
VhO1WrFjKD0vVFowmK/Im10LaIwdIyAZDBrWky4wOcaxMWn/iauVamXrBU7bGCyD
rxqs6tedPOPoiv0gyy7laLsFqRnsDtl0knZsIXj+Lp60wuQFdMeZZDRtSsroBvGa
NQZS1JeX3xW7AL2VYKPYW95Us5We471WNxahcZNiLyAiJIn+p5i6Q/7VQQAcDWWN
Doh9j+SNujslBIFaHY4O1j3RSfJiyD6R4Ab+POpTlMz+ANLefPSCcx8CcwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCmP0X49Dqrth9KLfq4w/m2j9VhCMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvS1lfUmZqME9xdTJIMG90LXJqRC1iYVAxV0VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEQ2YSksNO4Y1M0xYH6S
ZgipO0lApstsUf7fv8GdRdR/Mq7Je6b75jndoEJb3xbiYrH3jSQfQzRI0dxiRXqy
vFowhQ4VjpUldX+2eIyywOTBprV+wp9wz/SY4hlQ7Jlek5lCJnm7UH8mp9p4UA19
hn9GngLg97VuKdnWwTH/1ThsjQWZe9nCCtoRUfhhyuODvOPsxthFPAvDN3QjzN4F
hQ7y/vSCJaO62JNJoKj4tlRXR5ozD5qnAbLFi2DNRirh9NyRGY7UBL9Fyfd86lNU
sytSz/VjM/5IoYMboKOf96ecEKYP3YxtVNP8KL85DH0pNYiV6BlYIRhcSBcidbwa
oFY=
-----END CERTIFICATE-----