Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Kk3OYy1uoSm3w2zZ-30FLAprJ0g.roa
File:                     Kk3OYy1uoSm3w2zZ-30FLAprJ0g.roa (raw, json)
Hash identifier:          P84eR3vGXSca52+H0Hb/3dEGaR4ac6aUmotx5KLQkhs=
Subject key identifier:   2A:4D:CE:63:2D:6E:A1:29:B7:C3:6C:D9:FB:7D:05:2C:0A:6B:27:48
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188CFB325DB5047462A33276682C5E31755
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Kk3OYy1uoSm3w2zZ-30FLAprJ0g.roa
Signing time:             Sun 18 Jun 2023 18:10:04 +0000
ROA not before:           Sun 18 Jun 2023 18:10:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:cf:b3:25:db:50:47:46:2a:33:27:66:82:c5:e3:17:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 18 18:10:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2a4dce632d6ea129b7c36cd9fb7d052c0a6b2748
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:77:08:f6:bb:d3:6d:6c:b4:eb:7e:70:92:75:
                    74:0c:0f:64:65:60:3c:3f:37:d8:8f:49:cb:51:11:
                    0e:ca:ab:00:3e:a5:f2:c6:8c:d9:fd:fc:a2:da:8c:
                    ef:9d:ca:9d:54:6d:16:8e:f0:da:41:79:13:bb:88:
                    64:68:4f:a3:8d:78:40:4f:5c:7b:30:b4:63:70:bc:
                    13:a4:6a:40:53:b9:c3:0c:5b:e7:d0:fb:0b:ad:24:
                    b0:08:18:9a:83:f4:da:96:24:06:e6:2c:ff:46:2e:
                    24:b2:d7:9d:54:17:43:ed:02:5d:23:ba:e4:19:3f:
                    90:b0:e6:e9:04:22:9f:ea:60:1f:1d:f4:d7:50:51:
                    e4:f4:fc:02:3c:07:30:08:b3:12:59:66:74:a8:e7:
                    4d:7c:66:9b:5e:d0:08:88:ba:6e:18:f5:8d:bc:11:
                    99:d4:9d:0f:fb:c9:80:0a:31:45:b8:f4:40:a2:34:
                    2d:16:3f:c3:c0:18:67:7f:27:68:e3:d6:29:0d:a3:
                    6a:54:bd:04:33:94:44:3f:cf:67:83:74:d9:6d:8e:
                    ba:19:0c:48:89:da:55:50:0b:77:42:32:d3:56:ee:
                    f8:ab:ea:ba:05:70:b7:8d:f3:ea:f9:ab:87:82:de:
                    df:dc:2c:f3:a0:48:04:9d:d5:dc:64:95:0e:e1:67:
                    4d:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:4D:CE:63:2D:6E:A1:29:B7:C3:6C:D9:FB:7D:05:2C:0A:6B:27:48
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Kk3OYy1uoSm3w2zZ-30FLAprJ0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         aa:7c:a3:cd:63:97:74:4f:d0:a2:55:8f:c9:7c:90:2b:ee:55:
         dd:88:b6:97:e6:96:7d:01:5b:0a:dd:eb:42:d9:95:47:8f:5e:
         14:33:50:9b:c8:ea:3a:74:c9:a1:19:14:d2:92:51:82:6c:44:
         b4:49:05:cd:92:3a:93:e9:67:ef:39:ed:06:90:50:e5:fc:bb:
         a9:20:64:e4:aa:93:27:00:70:b8:a8:39:94:99:cb:8c:20:0c:
         05:bc:d2:47:25:81:c3:28:eb:c2:00:d2:40:d1:38:2c:8c:9a:
         5c:7e:34:74:bb:60:1c:f8:52:d3:dd:95:79:7d:2b:8c:4f:ba:
         6e:4e:1e:0b:95:df:d5:f1:37:f0:7b:1b:6e:99:d8:d1:79:14:
         44:ab:ab:c8:f0:6f:e0:37:fd:a3:09:30:2d:6a:a6:09:7f:b4:
         4c:45:4c:3b:53:60:06:98:46:8e:3b:59:dc:47:29:34:11:43:
         02:8c:f3:40:e2:d0:48:b8:85:fc:94:cf:f3:e3:02:a3:cf:89:
         41:a3:ba:75:f1:18:c7:f7:aa:4f:62:8f:ca:00:21:2d:0a:8a:
         43:1b:22:94:a6:c5:bf:c1:6d:4b:12:7d:60:0a:4b:fd:84:8a:
         18:c5:bb:a6:9f:12:87:cf:23:5b:62:ac:2e:5e:60:3a:74:74:
         23:2d:60:e0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYjPsyXbUEdGKjMnZoLF4xdVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjE4MTgxMDA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTRkY2U2MzJkNmVhMTI5YjdjMzZjZDlmYjdkMDUyYzBhNmIyNzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHcI9rvTbWy0635wknV0DA9kZWA8
PzfYj0nLUREOyqsAPqXyxozZ/fyi2ozvncqdVG0WjvDaQXkTu4hkaE+jjXhAT1x7
MLRjcLwTpGpAU7nDDFvn0PsLrSSwCBiag/TaliQG5iz/Ri4kstedVBdD7QJdI7rk
GT+QsObpBCKf6mAfHfTXUFHk9PwCPAcwCLMSWWZ0qOdNfGabXtAIiLpuGPWNvBGZ
1J0P+8mACjFFuPRAojQtFj/DwBhnfydo49YpDaNqVL0EM5REP89ng3TZbY66GQxI
idpVUAt3QjLTVu74q+q6BXC3jfPq+auHgt7f3CzzoEgEndXcZJUO4WdNrwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCpNzmMtbqEpt8Ns2ft9BSwKaydIMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvS2szT1l5MXVvU20zdzJ6Wi0zMEZMQXBySjBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKp8o81jl3RP0KJVj8l8
kCvuVd2Itpfmln0BWwrd60LZlUePXhQzUJvI6jp0yaEZFNKSUYJsRLRJBc2SOpPp
Z+857QaQUOX8u6kgZOSqkycAcLioOZSZy4wgDAW80kclgcMo68IA0kDROCyMmlx+
NHS7YBz4UtPdlXl9K4xPum5OHguV39XxN/B7G26Z2NF5FESrq8jwb+A3/aMJMC1q
pgl/tExFTDtTYAaYRo47WdxHKTQRQwKM80Di0Ei4hfyUz/PjAqPPiUGjunXxGMf3
qk9ij8oAIS0KikMbIpSmxb/BbUsSfWAKS/2EihjFu6afEofPI1tirC5eYDp0dCMt
YOA=
-----END CERTIFICATE-----