Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OPjXWjVDxT3n1CE1cE_pGgtRCJg.roa
File:                     OPjXWjVDxT3n1CE1cE_pGgtRCJg.roa (raw, json)
Hash identifier:          Nwgu7E1Gnza96pgrM28+EfnTGKQZxoTRdalYecGR1Zc=
Subject key identifier:   38:F8:D7:5A:35:43:C5:3D:E7:D4:21:35:70:4F:E9:1A:0B:51:08:98
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018873A103892A02AAC52A3A3E9FAFEAC0B5
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OPjXWjVDxT3n1CE1cE_pGgtRCJg.roa
Signing time:             Wed 31 May 2023 21:05:12 +0000
ROA not before:           Wed 31 May 2023 21:05:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:188:73a0:3d68/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:73:a1:03:89:2a:02:aa:c5:2a:3a:3e:9f:af:ea:c0:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 31 21:05:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=38f8d75a3543c53de7d42135704fe91a0b510898
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:5f:86:4d:6e:4d:18:7a:30:53:8c:da:17:48:
                    8c:33:bd:14:df:48:29:02:de:9f:5e:f4:0e:c2:11:
                    e6:6d:99:23:94:e9:84:8f:c3:a9:39:f8:47:27:df:
                    c7:c7:3f:25:90:be:31:6a:56:d7:7c:8f:f5:7c:9e:
                    fa:95:3e:94:52:6f:75:fc:08:bf:bb:3b:ea:16:7a:
                    62:67:38:e7:e5:ba:ab:17:e7:39:1e:d2:a3:9c:11:
                    b0:09:60:79:be:61:3f:e5:9c:ce:51:9b:06:96:de:
                    a1:75:ea:98:cd:53:2a:e9:c0:f3:36:1c:39:fb:83:
                    95:a7:9d:e4:99:50:53:04:29:64:cc:53:1b:c8:46:
                    00:12:ea:84:51:e4:89:b4:55:73:e3:37:d2:e8:e5:
                    1a:5b:08:a0:fc:b9:74:2d:44:5c:81:15:aa:cf:94:
                    7a:ef:81:e7:ef:52:5c:67:5a:85:f7:08:99:eb:e2:
                    cc:aa:13:5c:d4:a9:8c:2c:ef:3f:26:55:bd:bc:72:
                    d6:6e:88:50:87:af:b3:c0:9b:28:8a:1b:1c:94:71:
                    6d:28:ef:d6:df:d1:6a:00:11:21:f6:fb:6e:94:6c:
                    35:53:db:08:3a:93:3b:77:5a:23:0c:3a:61:dd:f3:
                    98:07:95:19:35:2f:7c:76:dc:6b:21:da:3b:11:a6:
                    02:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:F8:D7:5A:35:43:C5:3D:E7:D4:21:35:70:4F:E9:1A:0B:51:08:98
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OPjXWjVDxT3n1CE1cE_pGgtRCJg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:53:4e:15:cc:f3:c5:2d:13:01:58:9a:0b:53:d1:12:4a:02:
         5d:d0:d1:48:cd:f8:91:96:ea:fd:73:ea:60:b7:fa:59:c0:0a:
         c8:b4:44:c8:e6:14:7c:14:c4:0e:2b:fc:a1:a8:1c:63:3e:02:
         8f:9a:e6:ff:db:44:ea:cc:f4:b6:cd:42:3b:d8:6c:7e:3e:20:
         5d:73:1d:a3:0c:9d:d3:49:3f:0a:4b:ba:ac:06:95:75:82:0f:
         d9:d1:6b:ef:d2:1c:b9:2c:d5:3b:3e:df:fa:6a:1b:01:f3:fe:
         14:22:a5:c2:70:2f:d9:b0:4e:77:1b:32:76:9b:ea:52:66:21:
         be:bd:6d:99:99:0d:f9:1d:f3:63:64:db:00:42:46:12:24:0a:
         8a:25:63:4a:ea:49:3b:1c:8e:07:02:70:67:93:2e:2e:bd:34:
         2f:ac:7f:f6:62:90:83:0f:55:90:f1:af:cc:ba:a7:21:42:65:
         23:eb:b6:c5:24:fd:f8:d8:36:05:19:80:0b:75:2f:a6:52:d8:
         36:70:5c:d4:af:ee:38:63:de:cf:a8:04:ef:c8:00:fc:53:87:
         b5:2b:b1:96:f9:00:80:9d:aa:75:47:05:cf:0f:50:f4:34:c6:
         e2:f9:37:b2:1d:a4:42:1f:9a:85:cf:c0:48:1c:94:e0:32:2c:
         12:10:c1:18
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhzoQOJKgKqxSo6Pp+v6sC1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTMxMjEwNTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGY4ZDc1YTM1NDNjNTNkZTdkNDIxMzU3MDRmZTkxYTBiNTEwODk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhV+GTW5NGHowU4zaF0iMM70U30gp
At6fXvQOwhHmbZkjlOmEj8OpOfhHJ9/Hxz8lkL4xalbXfI/1fJ76lT6UUm91/Ai/
uzvqFnpiZzjn5bqrF+c5HtKjnBGwCWB5vmE/5ZzOUZsGlt6hdeqYzVMq6cDzNhw5
+4OVp53kmVBTBClkzFMbyEYAEuqEUeSJtFVz4zfS6OUaWwig/Ll0LURcgRWqz5R6
74Hn71JcZ1qF9wiZ6+LMqhNc1KmMLO8/JlW9vHLWbohQh6+zwJsoihsclHFtKO/W
39FqABEh9vtulGw1U9sIOpM7d1ojDDph3fOYB5UZNS98dtxrIdo7EaYCuwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDj411o1Q8U959QhNXBP6RoLUQiYMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvT1BqWFdqVkR4VDNuMUNFMWNFX3BHZ3RSQ0pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFJTThXM88UtEwFYmgtT
0RJKAl3Q0UjN+JGW6v1z6mC3+lnACsi0RMjmFHwUxA4r/KGoHGM+Ao+a5v/bROrM
9LbNQjvYbH4+IF1zHaMMndNJPwpLuqwGlXWCD9nRa+/SHLks1Ts+3/pqGwHz/hQi
pcJwL9mwTncbMnab6lJmIb69bZmZDfkd82Nk2wBCRhIkCoolY0rqSTscjgcCcGeT
Li69NC+sf/ZikIMPVZDxr8y6pyFCZSPrtsUk/fjYNgUZgAt1L6ZS2DZwXNSv7jhj
3s+oBO/IAPxTh7UrsZb5AICdqnVHBc8PUPQ0xuL5N7IdpEIfmoXPwEgclOAyLBIQ
wRg=
-----END CERTIFICATE-----