Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Nf4q8RSJYUIji92Aqg_k84ldio8.roa
File:                     Nf4q8RSJYUIji92Aqg_k84ldio8.roa (raw, json)
Hash identifier:          QD1Z86o0klFX5LJVIiSno48kvam59CjYfmVeOtzhtYg=
Subject key identifier:   35:FE:2A:F1:14:89:61:42:23:8B:DD:80:AA:0F:E4:F3:89:5D:8A:8F
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188533E32A41C2BA500D0D7B8191CAD2F99
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Nf4q8RSJYUIji92Aqg_k84ldio8.roa
Signing time:             Thu 25 May 2023 14:09:25 +0000
ROA not before:           Thu 25 May 2023 14:09:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:53:3e:32:a4:1c:2b:a5:00:d0:d7:b8:19:1c:ad:2f:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 25 14:09:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=35fe2af114896142238bdd80aa0fe4f3895d8a8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:ab:56:02:1a:07:99:16:a9:44:97:3e:c4:ac:
                    4c:c3:52:06:63:33:88:7b:19:54:da:cc:fd:08:39:
                    40:56:e2:b6:f7:9f:7e:82:b1:63:20:ad:e1:8a:24:
                    46:95:9d:9c:08:0d:cc:6f:2f:a5:dc:45:a2:fd:d4:
                    5c:49:7b:ea:76:0b:cc:17:30:a7:fe:45:72:42:07:
                    96:50:c4:74:c6:2a:82:a9:d4:93:42:13:1f:8e:95:
                    4d:99:0e:c9:71:8c:5c:f0:2b:7a:33:e7:c6:d2:d8:
                    c8:65:16:3b:9e:e8:65:5b:6f:ef:e8:ac:a5:22:2e:
                    41:bb:bf:30:b4:c8:98:cc:19:57:54:c7:0c:5c:07:
                    cc:92:01:d7:af:6e:56:02:14:d7:9c:79:b0:3b:d2:
                    3d:bd:2e:eb:54:ac:2e:66:56:94:ff:ac:c7:09:32:
                    41:30:01:af:be:09:0a:da:86:b9:56:ae:b4:ba:75:
                    cd:76:85:22:6e:42:9d:4f:43:75:eb:5f:a9:8c:cd:
                    8d:62:39:15:21:46:51:58:8a:1f:35:7b:6c:a1:7e:
                    09:74:9a:c8:0f:a1:61:06:26:b4:45:aa:c1:22:c1:
                    ab:7f:e2:43:ca:72:a4:0b:30:bf:48:0b:41:ca:44:
                    d2:be:7b:0f:d8:6a:42:ec:39:53:55:8c:ab:ae:a7:
                    d6:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:FE:2A:F1:14:89:61:42:23:8B:DD:80:AA:0F:E4:F3:89:5D:8A:8F
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Nf4q8RSJYUIji92Aqg_k84ldio8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         34:88:ee:9d:98:6a:47:cf:41:2b:02:91:f7:a2:2f:4b:0f:33:
         c1:e6:6a:ff:ea:b9:60:b4:61:84:c2:95:c5:09:ff:25:af:fd:
         41:7d:fe:e3:65:eb:f4:63:a6:c3:e1:19:58:27:9b:96:8e:21:
         2f:7d:85:32:5c:1c:42:9b:35:fe:24:30:cb:ca:67:6b:68:1a:
         48:39:21:76:0d:f5:f7:3d:37:da:98:0c:86:ac:7d:f1:d8:c7:
         2d:23:a0:3c:6c:61:cc:31:ae:c5:91:4f:8b:78:9b:a6:e8:bb:
         16:85:e4:a1:f1:8d:cc:83:2d:d2:68:c6:39:d9:0f:e8:0f:9b:
         90:c2:ab:24:cb:72:eb:d0:51:a1:ee:6e:1c:dc:4e:e6:75:f4:
         67:3d:82:12:15:29:b2:07:d8:7f:a0:a9:d6:e7:ea:35:f8:49:
         43:1d:86:51:cf:c3:ff:6b:b1:b6:dd:88:30:2b:f8:4f:5f:33:
         07:c5:7a:cb:a9:18:3a:2a:20:b4:5d:7f:65:51:e2:a0:c5:50:
         a5:b8:92:5c:74:7c:cb:ea:6a:7a:31:64:af:1d:2e:a2:f6:3e:
         e6:d3:f0:f0:5b:f0:f9:51:6a:0d:0b:22:84:93:dc:50:93:67:
         96:34:cf:ff:15:df:14:5a:ad:0d:b9:8c:d0:fb:9e:a5:fe:fb:
         3d:74:68:5d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhTPjKkHCulANDXuBkcrS+ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTI1MTQwOTI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWZlMmFmMTE0ODk2MTQyMjM4YmRkODBhYTBmZTRmMzg5NWQ4YThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl6tWAhoHmRapRJc+xKxMw1IGYzOI
exlU2sz9CDlAVuK2959+grFjIK3hiiRGlZ2cCA3Mby+l3EWi/dRcSXvqdgvMFzCn
/kVyQgeWUMR0xiqCqdSTQhMfjpVNmQ7JcYxc8Ct6M+fG0tjIZRY7nuhlW2/v6Kyl
Ii5Bu78wtMiYzBlXVMcMXAfMkgHXr25WAhTXnHmwO9I9vS7rVKwuZlaU/6zHCTJB
MAGvvgkK2oa5Vq60unXNdoUibkKdT0N161+pjM2NYjkVIUZRWIofNXtsoX4JdJrI
D6FhBia0RarBIsGrf+JDynKkCzC/SAtBykTSvnsP2GpC7DlTVYyrrqfWoQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDX+KvEUiWFCI4vdgKoP5POJXYqPMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvTmY0cThSU0pZVUlqaTkyQXFnX2s4NGxkaW84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADSI7p2YakfPQSsCkfei
L0sPM8Hmav/quWC0YYTClcUJ/yWv/UF9/uNl6/RjpsPhGVgnm5aOIS99hTJcHEKb
Nf4kMMvKZ2toGkg5IXYN9fc9N9qYDIasffHYxy0joDxsYcwxrsWRT4t4m6bouxaF
5KHxjcyDLdJoxjnZD+gPm5DCqyTLcuvQUaHubhzcTuZ19Gc9ghIVKbIH2H+gqdbn
6jX4SUMdhlHPw/9rsbbdiDAr+E9fMwfFesupGDoqILRdf2VR4qDFUKW4klx0fMvq
anoxZK8dLqL2PubT8PBb8PlRag0LIoST3FCTZ5Y0z/8V3xRarQ25jND7nqX++z10
aF0=
-----END CERTIFICATE-----