Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/LBpMFXhA3FHUx5tA5ZbSO53nOhE.roa
File:                     LBpMFXhA3FHUx5tA5ZbSO53nOhE.roa (raw, json)
Hash identifier:          ahQOUURShTYAO4zI5jZ8kBSDzTPdbxVstT5cvM5RhUs=
Subject key identifier:   2C:1A:4C:15:78:40:DC:51:D4:C7:9B:40:E5:96:D2:3B:9D:E7:3A:11
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188BA743CBB5665D9BD311FB4D300BA1B9F
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/LBpMFXhA3FHUx5tA5ZbSO53nOhE.roa
Signing time:             Wed 14 Jun 2023 15:09:19 +0000
ROA not before:           Wed 14 Jun 2023 15:09:19 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:ba:74:3c:bb:56:65:d9:bd:31:1f:b4:d3:00:ba:1b:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 14 15:09:19 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2c1a4c157840dc51d4c79b40e596d23b9de73a11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ff:a1:da:42:91:a5:c5:de:01:b1:f9:2a:7b:
                    1b:32:b7:30:ea:e3:71:c5:36:08:ae:ce:71:c1:2e:
                    c4:7a:64:91:47:be:69:fa:05:a7:d9:36:3c:04:e1:
                    b3:7d:a5:73:a5:77:ee:5d:5d:a9:bc:f3:8d:80:ef:
                    58:89:d9:83:b6:c7:fd:7b:9e:d1:bc:64:31:fe:74:
                    86:2e:d6:d1:a2:b0:d0:f9:c8:67:9c:36:40:4c:72:
                    fc:3a:04:42:84:8f:43:ca:35:11:9d:95:0d:bb:47:
                    21:9c:f7:fa:b5:50:f1:bb:87:cd:3a:f1:7a:dd:9c:
                    65:4c:97:75:ec:9e:5d:b0:d2:80:cc:ba:6b:d2:dc:
                    1d:48:f8:95:ed:10:38:73:0a:f1:ee:2a:be:d4:d8:
                    f7:92:cb:c0:bc:22:43:c5:93:09:d6:d4:08:5f:05:
                    e3:9c:69:d5:14:84:2b:24:08:53:16:e8:b8:d3:fe:
                    38:bc:4f:87:74:27:75:10:eb:12:e1:31:04:1c:4d:
                    75:a7:56:e7:bc:3c:9d:e1:68:a4:00:78:2d:e9:15:
                    61:ae:67:2f:fc:28:c4:d8:30:9e:cb:6d:51:05:b7:
                    1b:dd:a4:84:22:3f:a4:ab:2c:9a:e5:41:6e:6c:fb:
                    6f:60:f2:78:02:38:7f:9b:d8:3d:df:21:53:e8:14:
                    53:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:1A:4C:15:78:40:DC:51:D4:C7:9B:40:E5:96:D2:3B:9D:E7:3A:11
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/LBpMFXhA3FHUx5tA5ZbSO53nOhE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:0a:ed:ec:b6:66:b0:48:8c:0c:c9:09:ce:c3:98:72:c9:03:
         ca:ef:10:65:1d:7e:ae:76:89:a3:a4:ab:cb:fd:b0:62:61:f5:
         be:34:c6:5b:c7:b0:db:af:44:33:94:9c:64:a5:ff:1b:d1:6a:
         9a:0a:ec:dc:a6:8f:2e:b7:2d:79:22:69:c5:48:67:7d:e9:ca:
         54:46:2d:4b:f4:10:1c:f7:79:8c:d8:57:29:5a:e2:30:53:30:
         1d:19:a9:15:1d:a9:8b:37:52:07:32:d1:0d:7c:06:17:9e:f3:
         47:e6:3f:06:cb:da:0c:5d:b3:fa:cd:b5:a7:97:f7:aa:27:eb:
         ad:78:3f:f1:f3:06:a5:03:83:ce:cf:0b:5f:b2:d3:ff:e2:fd:
         67:62:2a:b4:10:0f:9e:7d:5f:04:fa:d2:ae:36:12:42:95:dd:
         8a:57:46:bc:79:6f:50:b3:7e:da:75:10:2f:07:9f:4d:e6:f9:
         39:28:ea:09:9a:c0:d0:ef:91:a2:9b:8a:7b:9a:c0:68:fc:90:
         eb:36:c0:5c:96:ab:be:e6:f9:5e:db:24:d8:a0:8b:2f:b2:4a:
         8f:1d:84:2c:83:97:b2:8b:9c:24:3d:dc:69:ec:1a:8e:0f:3e:
         39:63:47:79:fa:bb:0f:fb:24:45:d7:d6:9e:12:d5:f6:4d:00:
         79:c9:62:89
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYi6dDy7VmXZvTEftNMAuhufMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjE0MTUwOTE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzFhNGMxNTc4NDBkYzUxZDRjNzliNDBlNTk2ZDIzYjlkZTczYTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsP+h2kKRpcXeAbH5KnsbMrcw6uNx
xTYIrs5xwS7EemSRR75p+gWn2TY8BOGzfaVzpXfuXV2pvPONgO9YidmDtsf9e57R
vGQx/nSGLtbRorDQ+chnnDZATHL8OgRChI9DyjURnZUNu0chnPf6tVDxu4fNOvF6
3ZxlTJd17J5dsNKAzLpr0twdSPiV7RA4cwrx7iq+1Nj3ksvAvCJDxZMJ1tQIXwXj
nGnVFIQrJAhTFui40/44vE+HdCd1EOsS4TEEHE11p1bnvDyd4WikAHgt6RVhrmcv
/CjE2DCey21RBbcb3aSEIj+kqyya5UFubPtvYPJ4Ajh/m9g93yFT6BRTuwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCwaTBV4QNxR1MebQOWW0jud5zoRMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvTEJwTUZYaEEzRkhVeDV0QTVaYlNPNTNuT2hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAG0K7ey2ZrBIjAzJCc7D
mHLJA8rvEGUdfq52iaOkq8v9sGJh9b40xlvHsNuvRDOUnGSl/xvRapoK7Nymjy63
LXkiacVIZ33pylRGLUv0EBz3eYzYVyla4jBTMB0ZqRUdqYs3Ugcy0Q18Bhee80fm
PwbL2gxds/rNtaeX96on6614P/HzBqUDg87PC1+y0//i/WdiKrQQD559XwT60q42
EkKV3YpXRrx5b1Czftp1EC8Hn03m+Tko6gmawNDvkaKbinuawGj8kOs2wFyWq77m
+V7bJNigiy+ySo8dhCyDl7KLnCQ93GnsGo4PPjljR3n6uw/7JEXX1p4S1fZNAHnJ
Yok=
-----END CERTIFICATE-----