Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/NS5zdzD_Ohr6DCRSO2dmBxZsxHw.roa
File:                     NS5zdzD_Ohr6DCRSO2dmBxZsxHw.roa (raw, json)
Hash identifier:          NcVghXJQATqMeWJEIgJwjwkHsk6ZzpUUdluAioS99oc=
Subject key identifier:   35:2E:73:77:30:FF:3A:1A:FA:0C:24:52:3B:67:66:07:16:6C:C4:7C
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01897F3A801BCF43D2795023C9D3CA4C72CA
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/NS5zdzD_Ohr6DCRSO2dmBxZsxHw.roa
Signing time:             Sat 22 Jul 2023 20:11:27 +0000
ROA not before:           Sat 22 Jul 2023 20:11:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:7f:3a:80:1b:cf:43:d2:79:50:23:c9:d3:ca:4c:72:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 22 20:11:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=352e737730ff3a1afa0c24523b676607166cc47c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:d3:22:b0:9f:a3:94:b7:0f:83:88:1f:10:a4:
                    51:44:8a:92:c7:dd:2e:92:a4:16:be:ca:ed:32:14:
                    8c:08:1f:c2:e8:0c:f6:35:9f:1f:bb:ff:ec:dc:49:
                    cd:22:7a:d1:e7:a3:18:9b:d3:26:c6:55:81:a9:98:
                    ee:4b:42:41:e8:3e:49:61:c5:51:6e:e2:4e:52:19:
                    0e:38:0d:e0:44:6a:ac:15:b1:49:41:a9:c6:97:60:
                    7a:59:cf:03:b5:4c:8b:f9:42:8e:7c:ac:7b:fd:cd:
                    93:ae:2b:21:92:b5:8b:2e:25:28:08:9e:57:66:bd:
                    22:e5:79:3f:50:fd:52:e2:e9:24:6a:69:49:34:e7:
                    41:bb:cb:a7:97:22:7d:46:6b:2e:1a:57:4a:37:0e:
                    cf:60:c5:36:ad:7d:32:c8:e3:08:b1:c2:73:51:5a:
                    cb:ac:0d:51:0b:40:a6:e1:9d:0a:68:68:7c:56:5e:
                    5b:42:62:52:aa:d9:96:4f:df:04:0c:5b:5d:66:de:
                    c1:4c:1b:f5:c2:4a:e4:c3:8a:a4:58:4c:c4:90:a4:
                    f0:95:79:b2:ba:83:1b:8b:6d:37:e6:c9:72:71:0b:
                    f5:2c:91:71:ec:8a:b4:e0:6c:40:e4:cc:b9:64:3e:
                    c1:fa:01:64:0a:76:93:3f:70:b5:99:f5:f1:63:4e:
                    63:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:2E:73:77:30:FF:3A:1A:FA:0C:24:52:3B:67:66:07:16:6C:C4:7C
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/NS5zdzD_Ohr6DCRSO2dmBxZsxHw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         3a:29:e9:1b:1a:60:f5:bf:bd:19:e5:84:b7:d9:e8:b2:1c:9d:
         25:d4:2b:b4:d6:0c:60:76:77:40:ad:ac:d3:25:19:e9:19:4a:
         f2:23:d8:de:b1:41:2b:c1:b1:0e:e2:ae:c2:bb:fb:dc:9d:5d:
         67:30:b0:a5:cb:36:e3:c7:6d:8d:ad:6f:80:07:d5:8f:34:1c:
         a1:e8:10:23:93:32:db:55:4a:ef:75:82:73:4f:d5:e8:00:fb:
         41:3f:80:ec:2f:45:96:ae:25:2c:b3:df:20:11:aa:62:e5:56:
         fb:a7:ec:2a:74:3c:da:67:e2:32:f9:22:78:d5:9a:fd:da:8f:
         69:6e:43:63:6b:b7:33:a1:19:fa:d7:fb:6c:85:fd:91:d5:30:
         b1:93:4a:5e:4f:65:cf:40:89:00:96:13:ba:92:48:12:9a:a5:
         cc:2f:ce:c9:7c:39:c1:ff:74:7e:fb:a6:30:cf:f3:33:bf:f4:
         cb:cb:aa:58:55:34:0a:1c:aa:4c:6d:51:93:cf:c7:8e:e1:06:
         e7:ae:d0:0c:0c:2c:7a:1a:6f:7c:c7:4c:82:bb:f9:04:6c:b9:
         98:33:47:67:f2:8a:a4:94:b3:51:64:d7:02:c4:5c:22:ef:56:
         68:04:65:92:91:9a:79:bc:64:6b:44:b2:d4:84:50:c7:19:e9:
         19:cb:ea:13
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYl/OoAbz0PSeVAjydPKTHLKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzIyMjAxMTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTJlNzM3NzMwZmYzYTFhZmEwYzI0NTIzYjY3NjYwNzE2NmNjNDdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAitMisJ+jlLcPg4gfEKRRRIqSx90u
kqQWvsrtMhSMCB/C6Az2NZ8fu//s3EnNInrR56MYm9MmxlWBqZjuS0JB6D5JYcVR
buJOUhkOOA3gRGqsFbFJQanGl2B6Wc8DtUyL+UKOfKx7/c2TrishkrWLLiUoCJ5X
Zr0i5Xk/UP1S4ukkamlJNOdBu8unlyJ9RmsuGldKNw7PYMU2rX0yyOMIscJzUVrL
rA1RC0Cm4Z0KaGh8Vl5bQmJSqtmWT98EDFtdZt7BTBv1wkrkw4qkWEzEkKTwlXmy
uoMbi2035slycQv1LJFx7Iq04GxA5My5ZD7B+gFkCnaTP3C1mfXxY05j3QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDUuc3cw/zoa+gwkUjtnZgcWbMR8MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvTlM1emR6RF9PaHI2RENSU08yZG1CeFpzeEh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADop6RsaYPW/vRnlhLfZ
6LIcnSXUK7TWDGB2d0CtrNMlGekZSvIj2N6xQSvBsQ7irsK7+9ydXWcwsKXLNuPH
bY2tb4AH1Y80HKHoECOTMttVSu91gnNP1egA+0E/gOwvRZauJSyz3yARqmLlVvun
7Cp0PNpn4jL5InjVmv3aj2luQ2NrtzOhGfrX+2yF/ZHVMLGTSl5PZc9AiQCWE7qS
SBKapcwvzsl8OcH/dH77pjDP8zO/9MvLqlhVNAocqkxtUZPPx47hBueu0AwMLHoa
b3zHTIK7+QRsuZgzR2fyiqSUs1Fk1wLEXCLvVmgEZZKRmnm8ZGtEstSEUMcZ6RnL
6hM=
-----END CERTIFICATE-----