Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/RhXpwm8yjduZUVolNbfDUTxH2RU.roa
File:                     RhXpwm8yjduZUVolNbfDUTxH2RU.roa (raw, json)
Hash identifier:          oMhBIbOKy9Qd9nd89ebJxnMAf2vPqeSst4odLmzAGbw=
Subject key identifier:   46:15:E9:C2:6F:32:8D:DB:99:51:5A:25:35:B7:C3:51:3C:47:D9:15
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01894DA33F6EBBBD27183151245C74199529
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/RhXpwm8yjduZUVolNbfDUTxH2RU.roa
Signing time:             Thu 13 Jul 2023 05:04:51 +0000
ROA not before:           Thu 13 Jul 2023 05:04:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:189:4da2:dd78/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:4d:a3:3f:6e:bb:bd:27:18:31:51:24:5c:74:19:95:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 13 05:04:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4615e9c26f328ddb99515a2535b7c3513c47d915
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:ec:08:6c:1f:f5:58:c8:73:49:40:c4:fe:1c:
                    b1:22:21:da:64:75:f3:25:83:b3:93:a6:a6:d8:86:
                    45:17:5e:d2:6f:99:a0:bb:42:2c:21:9b:51:90:c5:
                    95:54:2b:16:9f:3b:ba:c8:55:31:e1:b8:1c:2d:60:
                    7f:80:bb:a1:bc:92:3f:26:71:c7:1b:9f:d4:c7:d0:
                    e6:64:70:a4:bf:8a:74:bc:45:de:83:8c:d7:93:99:
                    1d:a4:bb:3d:fe:32:7c:58:df:6d:c4:3d:c9:dc:ec:
                    65:45:d8:0d:8d:dd:3d:4b:4d:c0:dc:f5:f2:19:be:
                    8d:d3:81:41:40:18:ca:a9:eb:01:3f:38:b7:c5:5b:
                    a5:a7:c4:85:47:71:aa:20:bb:9d:20:a2:f6:c7:98:
                    51:23:41:a7:88:ac:78:1f:c7:47:ca:ce:a9:49:63:
                    91:cc:18:35:2c:cd:cc:d5:e4:59:8a:a1:90:5e:74:
                    c7:1f:1e:ae:48:51:67:98:eb:20:05:28:1a:4c:84:
                    5b:ef:dc:58:dd:3f:53:e9:d1:5d:f6:13:fb:fa:d9:
                    04:25:82:38:dc:bd:5d:4b:0b:f8:86:61:29:89:bb:
                    29:14:87:cf:39:04:49:31:fe:45:33:d3:2f:39:e0:
                    86:7f:54:fa:38:f0:a6:91:87:76:45:82:9e:d1:5a:
                    c6:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:15:E9:C2:6F:32:8D:DB:99:51:5A:25:35:B7:C3:51:3C:47:D9:15
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/RhXpwm8yjduZUVolNbfDUTxH2RU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         08:a1:3f:7a:f5:d1:d9:71:1a:91:04:b5:7a:3e:e1:de:81:37:
         01:f7:41:d5:33:b0:fa:06:78:ef:94:83:f4:43:48:c5:63:c2:
         3c:52:39:1e:3f:f4:b2:b5:a3:d5:b2:82:15:0a:57:9b:50:c9:
         64:68:62:e0:8a:69:01:97:73:d2:b1:f9:38:b0:6d:bf:61:7d:
         e9:ee:28:11:30:ef:93:ed:d8:c0:6e:2a:fb:b7:f7:39:8f:c5:
         31:3f:a9:05:b3:95:6e:71:03:c6:61:b3:56:7a:74:ee:7f:0c:
         e1:7e:57:cc:b2:62:3d:f9:7c:8e:ac:58:ad:5f:4f:32:43:98:
         73:d6:6d:9d:46:cf:2c:c1:98:6b:5b:9e:05:f2:92:0b:0d:9f:
         d6:eb:96:2e:03:38:87:38:19:f7:15:a4:10:5a:f7:12:56:5a:
         61:47:28:ba:f8:4e:03:57:be:df:81:36:3c:7f:b7:3f:be:71:
         5e:ec:bc:b6:c1:b6:be:5b:61:25:c9:11:e3:0a:d3:1b:d1:90:
         d7:fc:3d:42:11:ee:0f:86:0f:46:ea:85:eb:d0:dc:29:75:9e:
         cc:1b:33:eb:ad:6e:06:b4:e9:69:e0:b5:40:33:8f:3a:84:47:
         b7:74:6b:e5:76:74:e3:3a:1f:ba:7c:3b:3a:5c:e9:16:77:3b:
         fc:04:70:b1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlNoz9uu70nGDFRJFx0GZUpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzEzMDUwNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjE1ZTljMjZmMzI4ZGRiOTk1MTVhMjUzNWI3YzM1MTNjNDdkOTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAluwIbB/1WMhzSUDE/hyxIiHaZHXz
JYOzk6am2IZFF17Sb5mgu0IsIZtRkMWVVCsWnzu6yFUx4bgcLWB/gLuhvJI/JnHH
G5/Ux9DmZHCkv4p0vEXeg4zXk5kdpLs9/jJ8WN9txD3J3OxlRdgNjd09S03A3PXy
Gb6N04FBQBjKqesBPzi3xVulp8SFR3GqILudIKL2x5hRI0GniKx4H8dHys6pSWOR
zBg1LM3M1eRZiqGQXnTHHx6uSFFnmOsgBSgaTIRb79xY3T9T6dFd9hP7+tkEJYI4
3L1dSwv4hmEpibspFIfPOQRJMf5FM9MvOeCGf1T6OPCmkYd2RYKe0VrG/QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEYV6cJvMo3bmVFaJTW3w1E8R9kVMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUmhYcHdtOHlqZHVaVVZvbE5iZkRVVHhIMlJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAihP3r10dlxGpEEtXo+
4d6BNwH3QdUzsPoGeO+Ug/RDSMVjwjxSOR4/9LK1o9WyghUKV5tQyWRoYuCKaQGX
c9Kx+Tiwbb9hfenuKBEw75Pt2MBuKvu39zmPxTE/qQWzlW5xA8Zhs1Z6dO5/DOF+
V8yyYj35fI6sWK1fTzJDmHPWbZ1GzyzBmGtbngXykgsNn9brli4DOIc4GfcVpBBa
9xJWWmFHKLr4TgNXvt+BNjx/tz++cV7svLbBtr5bYSXJEeMK0xvRkNf8PUIR7g+G
D0bqhevQ3Cl1nswbM+utbga06WngtUAzjzqER7d0a+V2dOM6H7p8Ozpc6RZ3O/wE
cLE=
-----END CERTIFICATE-----