Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/XK4nNSoNwbo8b0PXRFRTKIlq3OM.roa
File:                     XK4nNSoNwbo8b0PXRFRTKIlq3OM.roa (raw, json)
Hash identifier:          RELN+yuCmeJNQsv7NYGIcguJgmekMtExfQymjrEtKxQ=
Subject key identifier:   5C:AE:27:35:2A:0D:C1:BA:3C:6F:43:D7:44:54:53:28:89:6A:DC:E3
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188835085C10AF6A3A3217995981AC13AE6
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/XK4nNSoNwbo8b0PXRFRTKIlq3OM.roa
Signing time:             Sat 03 Jun 2023 22:11:12 +0000
ROA not before:           Sat 03 Jun 2023 22:11:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:83:50:85:c1:0a:f6:a3:a3:21:79:95:98:1a:c1:3a:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  3 22:11:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5cae27352a0dc1ba3c6f43d744545328896adce3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:3e:56:8d:cd:1b:4c:b5:d2:4f:4e:a9:6a:f5:
                    5d:aa:c1:34:40:ed:e4:dc:78:ab:cc:da:cd:25:10:
                    62:44:49:a7:36:bb:02:1a:24:d0:47:32:10:98:ef:
                    8c:9e:cd:46:6a:3e:1f:20:b4:c5:ab:03:8a:d3:94:
                    69:28:64:01:ae:c0:6e:e6:63:cb:44:04:14:63:ff:
                    3c:b3:af:d8:fc:59:84:03:13:46:64:97:90:28:2d:
                    c0:2d:86:af:9b:0d:9c:9e:a7:75:a5:b9:57:32:98:
                    67:a5:89:1e:9a:82:1f:87:df:b5:bf:04:41:de:c4:
                    a0:21:b8:42:68:24:77:50:03:fc:18:f6:50:13:d4:
                    80:de:05:9e:c7:bc:2f:5f:11:69:1f:82:08:d1:5a:
                    c5:2b:92:c9:03:a9:c5:30:e3:53:81:80:18:47:fe:
                    b5:53:80:8f:24:4d:f2:d6:d3:03:06:a4:15:ce:de:
                    40:60:33:59:ae:1c:f2:3d:64:1a:c9:ed:6b:44:5e:
                    58:f5:14:99:d2:c9:ac:09:ae:08:39:66:da:ee:64:
                    5e:15:ef:5e:94:33:21:1f:09:ac:28:72:fe:fd:c0:
                    54:80:5b:f8:e3:09:56:c8:db:d3:9c:de:55:50:4d:
                    7b:95:d0:44:b8:42:b0:81:03:04:ec:38:e0:33:0b:
                    66:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:AE:27:35:2A:0D:C1:BA:3C:6F:43:D7:44:54:53:28:89:6A:DC:E3
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/XK4nNSoNwbo8b0PXRFRTKIlq3OM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         5f:6f:0b:c8:f3:b5:52:f4:b8:95:30:18:c4:b1:7c:9d:6a:48:
         eb:ea:86:71:0b:a7:4f:5e:be:48:d3:15:1f:a0:11:1f:d1:bc:
         3b:b6:aa:20:a7:6b:74:d5:d7:8b:c7:d4:19:b9:63:41:83:f9:
         4b:33:6c:42:b9:fd:5d:9f:3d:30:bd:92:3c:a7:15:e1:98:ab:
         1d:40:b5:eb:c5:be:37:9c:2c:fa:83:ed:44:d5:f4:3a:79:91:
         9d:11:09:07:90:9b:59:d6:4e:06:9f:a0:44:b2:ce:13:9e:e6:
         e9:8d:c9:5e:9d:63:d5:d0:d6:7c:cb:a7:3a:00:3b:03:72:fe:
         5a:68:41:99:da:c9:a4:6f:1d:18:97:90:19:a8:3e:15:dc:03:
         f3:c3:29:21:ce:21:a4:94:b3:e5:e7:15:ce:7d:cd:30:7d:dd:
         c3:a4:d0:28:40:a5:93:40:f4:58:d2:14:cc:5e:42:c0:05:0e:
         a2:a5:80:00:f7:ee:d0:f8:78:57:e4:80:82:d4:d9:13:45:86:
         a0:ec:ae:e1:49:0a:89:90:0b:7e:6b:a7:80:04:04:47:93:ed:
         50:6e:ae:b1:99:1c:c4:3a:e3:35:a4:de:f3:4f:51:dd:e5:26:
         d9:7b:3a:7b:9e:42:cc:98:f8:9a:22:4e:31:fe:39:6a:d4:81:
         9c:fd:da:a9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiDUIXBCvajoyF5lZgawTrmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjAzMjIxMTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2FlMjczNTJhMGRjMWJhM2M2ZjQzZDc0NDU0NTMyODg5NmFkY2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnj5Wjc0bTLXST06pavVdqsE0QO3k
3HirzNrNJRBiREmnNrsCGiTQRzIQmO+Mns1Gaj4fILTFqwOK05RpKGQBrsBu5mPL
RAQUY/88s6/Y/FmEAxNGZJeQKC3ALYavmw2cnqd1pblXMphnpYkemoIfh9+1vwRB
3sSgIbhCaCR3UAP8GPZQE9SA3gWex7wvXxFpH4II0VrFK5LJA6nFMONTgYAYR/61
U4CPJE3y1tMDBqQVzt5AYDNZrhzyPWQaye1rRF5Y9RSZ0smsCa4IOWba7mReFe9e
lDMhHwmsKHL+/cBUgFv44wlWyNvTnN5VUE17ldBEuEKwgQME7DjgMwtmtQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFyuJzUqDcG6PG9D10RUUyiJatzjMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvWEs0bk5Tb053Ym84YjBQWFJGUlRLSWxxM09NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAF9vC8jztVL0uJUwGMSx
fJ1qSOvqhnELp09evkjTFR+gER/RvDu2qiCna3TV14vH1Bm5Y0GD+UszbEK5/V2f
PTC9kjynFeGYqx1AtevFvjecLPqD7UTV9Dp5kZ0RCQeQm1nWTgafoESyzhOe5umN
yV6dY9XQ1nzLpzoAOwNy/lpoQZnayaRvHRiXkBmoPhXcA/PDKSHOIaSUs+XnFc59
zTB93cOk0ChApZNA9FjSFMxeQsAFDqKlgAD37tD4eFfkgILU2RNFhqDsruFJComQ
C35rp4AEBEeT7VBurrGZHMQ64zWk3vNPUd3lJtl7OnueQsyY+JoiTjH+OWrUgZz9
2qk=
-----END CERTIFICATE-----