Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/XJ9P5PIp8kv7BkPBGnJVJi7iFbo.roa
File:                     XJ9P5PIp8kv7BkPBGnJVJi7iFbo.roa (raw, json)
Hash identifier:          wybHybxOgC1BUoJ+qu6dInx+BXqzf8lT55P+zO9j30s=
Subject key identifier:   5C:9F:4F:E4:F2:29:F2:4B:FB:06:43:C1:1A:72:55:26:2E:E2:15:BA
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188C60B37B6EBA66CB7F680A755FF218714
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/XJ9P5PIp8kv7BkPBGnJVJi7iFbo.roa
Signing time:             Fri 16 Jun 2023 21:10:03 +0000
ROA not before:           Fri 16 Jun 2023 21:10:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:c6:0b:37:b6:eb:a6:6c:b7:f6:80:a7:55:ff:21:87:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 16 21:10:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5c9f4fe4f229f24bfb0643c11a7255262ee215ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c0:99:34:92:0b:92:b5:18:42:05:98:1e:da:
                    66:0a:2e:ab:c5:97:86:5d:3f:1c:92:fe:0b:74:11:
                    8c:b6:9d:74:d8:03:c4:61:8a:06:68:61:11:c3:b7:
                    c5:f4:ec:74:39:da:ba:21:a0:53:19:02:54:29:8a:
                    88:41:9a:2d:6f:6d:5c:2a:d7:cc:af:0f:f4:77:82:
                    85:38:bc:a0:32:fd:d3:74:49:d9:e3:5b:d0:86:71:
                    ff:6f:38:04:9b:eb:81:77:1b:4a:80:d4:96:df:6f:
                    de:e5:45:7d:d2:09:33:0e:0a:fe:ee:2b:2c:ad:48:
                    49:a5:fe:5d:9c:e2:42:2e:8f:c4:df:76:88:08:1f:
                    46:9f:90:9c:a5:a9:f2:7e:ee:0f:a1:d1:0b:9f:37:
                    ad:f5:c4:5b:35:37:63:2e:6a:08:18:5e:2f:49:a1:
                    26:52:3f:99:cd:e3:6f:ee:9c:ef:c4:a4:4c:c7:98:
                    76:f2:9e:cc:cf:61:5a:ed:95:d2:e8:ab:65:79:c1:
                    c7:d2:1b:50:c1:be:99:31:3f:59:b6:5b:2d:0b:71:
                    4b:06:e2:b9:21:d8:32:5a:70:b6:ea:b8:10:c4:6e:
                    74:3d:4c:59:46:77:48:bf:fa:be:a6:a1:5e:70:fa:
                    17:44:60:4f:27:94:44:38:ee:ba:03:19:dc:38:56:
                    ed:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:9F:4F:E4:F2:29:F2:4B:FB:06:43:C1:1A:72:55:26:2E:E2:15:BA
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/XJ9P5PIp8kv7BkPBGnJVJi7iFbo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:f3:85:3e:b7:5c:7e:a5:52:f0:a9:e9:ef:02:c8:fc:6b:c7:
         56:4a:b4:1a:ca:75:7f:27:cc:0f:52:ad:01:00:f8:95:e8:52:
         63:86:8c:a4:17:9c:4a:ae:21:71:0f:d6:37:13:c3:2d:02:09:
         4c:eb:27:bd:a6:06:ae:11:ad:7c:50:64:e9:91:55:73:7c:21:
         5f:12:42:87:13:2c:60:6a:a5:f1:08:c3:70:aa:01:2d:35:34:
         de:59:41:b2:b2:f6:9e:09:d8:9b:06:7a:84:0b:d5:b0:18:6e:
         0d:fe:fe:42:a0:da:05:3c:4a:c8:70:cc:e7:aa:f1:8e:76:38:
         fa:45:33:04:25:fd:5a:cc:c1:51:ca:82:09:22:b3:a9:cd:31:
         66:d5:63:c5:a5:75:84:a1:44:b0:70:60:de:c5:34:39:0a:31:
         f9:38:80:cc:f6:5e:91:56:3e:3d:07:50:32:1b:b2:43:fd:9f:
         4f:fa:5b:72:5c:55:df:32:74:53:7b:f8:b8:82:db:73:5f:0f:
         9c:bb:35:68:12:68:be:a4:ef:97:22:8c:14:33:68:73:07:30:
         8b:d0:bc:f8:47:ec:9d:1b:17:4e:77:31:de:5c:01:b3:33:2a:
         03:db:db:82:30:43:be:80:50:dd:a2:ee:6d:60:4f:ae:de:bb:
         db:06:16:72
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYjGCze266Zst/aAp1X/IYcUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjE2MjExMDAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzlmNGZlNGYyMjlmMjRiZmIwNjQzYzExYTcyNTUyNjJlZTIxNWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMCZNJILkrUYQgWYHtpmCi6rxZeG
XT8ckv4LdBGMtp102APEYYoGaGERw7fF9Ox0Odq6IaBTGQJUKYqIQZotb21cKtfM
rw/0d4KFOLygMv3TdEnZ41vQhnH/bzgEm+uBdxtKgNSW32/e5UV90gkzDgr+7iss
rUhJpf5dnOJCLo/E33aICB9Gn5Ccpanyfu4PodELnzet9cRbNTdjLmoIGF4vSaEm
Uj+ZzeNv7pzvxKRMx5h28p7Mz2Fa7ZXS6KtlecHH0htQwb6ZMT9ZtlstC3FLBuK5
IdgyWnC26rgQxG50PUxZRndIv/q+pqFecPoXRGBPJ5REOO66AxncOFbt2QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFyfT+TyKfJL+wZDwRpyVSYu4hW6MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvWEo5UDVQSXA4a3Y3QmtQQkduSlZKaTdpRmJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACLzhT63XH6lUvCp6e8C
yPxrx1ZKtBrKdX8nzA9SrQEA+JXoUmOGjKQXnEquIXEP1jcTwy0CCUzrJ72mBq4R
rXxQZOmRVXN8IV8SQocTLGBqpfEIw3CqAS01NN5ZQbKy9p4J2JsGeoQL1bAYbg3+
/kKg2gU8SshwzOeq8Y52OPpFMwQl/VrMwVHKggkis6nNMWbVY8WldYShRLBwYN7F
NDkKMfk4gMz2XpFWPj0HUDIbskP9n0/6W3JcVd8ydFN7+LiC23NfD5y7NWgSaL6k
75cijBQzaHMHMIvQvPhH7J0bF053Md5cAbMzKgPb24IwQ76AUN2i7m1gT67eu9sG
FnI=
-----END CERTIFICATE-----