Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/RSwO0XOHWtYyBDGSo5KKHCkIMm0.roa
File:                     RSwO0XOHWtYyBDGSo5KKHCkIMm0.roa (raw, json)
Hash identifier:          tVSzBfuCreP+AnYNZTeG6xv3cRkyyRNTpsKwnLLbiWY=
Subject key identifier:   45:2C:0E:D1:73:87:5A:D6:32:04:31:92:A3:92:8A:1C:29:08:32:6D
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01898084FEAFD951511E7E51E73E92C8E92D
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/RSwO0XOHWtYyBDGSo5KKHCkIMm0.roa
Signing time:             Sun 23 Jul 2023 02:12:26 +0000
ROA not before:           Sun 23 Jul 2023 02:12:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:80:84:fe:af:d9:51:51:1e:7e:51:e7:3e:92:c8:e9:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 23 02:12:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=452c0ed173875ad632043192a3928a1c2908326d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:46:69:29:f2:a8:d8:f0:c8:97:1f:be:ae:83:
                    d6:2d:af:ad:e5:4e:a0:82:f4:51:a6:fc:94:7b:5a:
                    90:f9:08:a3:cd:77:36:37:9e:0f:56:fa:e7:e1:ef:
                    05:b2:95:7c:42:b6:34:52:c3:d0:00:bd:34:dc:9a:
                    9b:13:2c:fc:95:68:76:a0:95:db:e0:c2:23:ae:0e:
                    2b:8f:8e:93:65:d7:9b:5f:f3:b9:22:7c:f7:0f:94:
                    df:19:10:44:26:f1:c6:7c:0a:6a:47:64:66:29:0b:
                    f5:72:db:07:98:ee:df:91:d4:1c:35:a4:ad:e0:43:
                    dc:9f:09:fa:46:64:0e:2e:9a:2c:2b:98:f0:6e:9c:
                    88:da:cb:9e:7c:ac:70:ba:96:89:09:ae:c6:85:34:
                    ac:79:7e:c4:70:16:75:aa:e9:69:ca:f8:39:29:05:
                    b3:21:81:4a:0a:c5:da:36:19:b6:a8:19:ee:68:d1:
                    15:90:3c:be:0a:51:f4:fa:a9:33:47:cd:19:7c:07:
                    cd:f0:b8:2a:b1:2c:7b:28:5b:60:c8:4f:ff:5b:59:
                    fc:e9:42:f5:d7:4d:49:06:5e:6a:f2:50:2c:e8:ad:
                    1b:98:bb:b6:04:6c:02:77:ff:d4:73:4a:95:84:f4:
                    63:bf:30:57:12:77:15:53:7e:93:80:d6:e4:37:3e:
                    04:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:2C:0E:D1:73:87:5A:D6:32:04:31:92:A3:92:8A:1C:29:08:32:6D
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/RSwO0XOHWtYyBDGSo5KKHCkIMm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         b3:85:ec:54:11:bf:2e:eb:fa:c6:53:74:70:96:0e:1d:07:19:
         f7:77:e8:e7:98:04:1c:5e:4a:7d:64:5c:14:ab:b7:d4:76:b6:
         d7:eb:4a:0a:2e:00:1d:49:04:3c:a6:67:14:d6:43:f9:1b:46:
         2d:a8:20:25:fb:3f:98:69:2b:3d:9f:48:2d:71:69:9b:66:a1:
         86:79:26:fb:a7:14:4b:04:c3:5a:74:c9:a5:91:3c:44:0f:ad:
         a3:4a:a2:df:72:92:29:63:50:25:f9:f7:66:e3:6c:94:0f:89:
         04:e5:bf:95:22:3d:3a:ea:33:8e:3b:14:26:58:66:b5:d9:12:
         59:99:70:f0:4c:7a:0f:0c:24:bc:e3:e9:96:9a:5b:20:90:75:
         74:60:d8:e7:99:73:bc:d5:bc:1a:f1:0f:85:93:52:a1:40:d5:
         09:36:c6:5f:96:1b:42:fb:81:42:f6:d6:9d:87:1a:22:c2:ee:
         b0:45:e9:f8:27:68:63:dc:7c:99:ac:72:e4:4f:8f:1c:8a:25:
         26:74:56:a7:05:71:5a:4b:d8:d2:87:83:77:b5:c3:9b:06:a3:
         5a:62:ee:0c:b4:b5:6b:2c:4e:d2:35:37:55:d2:f7:6f:85:78:
         9d:c0:ac:cd:c0:f3:ea:e3:b7:11:ba:03:4f:10:22:7f:2e:59:
         fa:aa:79:60
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYmAhP6v2VFRHn5R5z6SyOktMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzIzMDIxMjI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTJjMGVkMTczODc1YWQ2MzIwNDMxOTJhMzkyOGExYzI5MDgzMjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAokZpKfKo2PDIlx++roPWLa+t5U6g
gvRRpvyUe1qQ+QijzXc2N54PVvrn4e8FspV8QrY0UsPQAL003JqbEyz8lWh2oJXb
4MIjrg4rj46TZdebX/O5Inz3D5TfGRBEJvHGfApqR2RmKQv1ctsHmO7fkdQcNaSt
4EPcnwn6RmQOLposK5jwbpyI2suefKxwupaJCa7GhTSseX7EcBZ1qulpyvg5KQWz
IYFKCsXaNhm2qBnuaNEVkDy+ClH0+qkzR80ZfAfN8LgqsSx7KFtgyE//W1n86UL1
101JBl5q8lAs6K0bmLu2BGwCd//Uc0qVhPRjvzBXEncVU36TgNbkNz4EgwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEUsDtFzh1rWMgQxkqOSihwpCDJtMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUlN3TzBYT0hXdFl5QkRHU281S0tIQ2tJTW0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBALOF7FQRvy7r+sZTdHCW
Dh0HGfd36OeYBBxeSn1kXBSrt9R2ttfrSgouAB1JBDymZxTWQ/kbRi2oICX7P5hp
Kz2fSC1xaZtmoYZ5JvunFEsEw1p0yaWRPEQPraNKot9ykiljUCX592bjbJQPiQTl
v5UiPTrqM447FCZYZrXZElmZcPBMeg8MJLzj6ZaaWyCQdXRg2OeZc7zVvBrxD4WT
UqFA1Qk2xl+WG0L7gUL21p2HGiLC7rBF6fgnaGPcfJmscuRPjxyKJSZ0VqcFcVpL
2NKHg3e1w5sGo1pi7gy0tWssTtI1N1XS92+FeJ3ArM3A8+rjtxG6A08QIn8uWfqq
eWA=
-----END CERTIFICATE-----