Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/YGeVQTm-PeOjD_nmuikS4covA5g.roa
File:                     YGeVQTm-PeOjD_nmuikS4covA5g.roa (raw, json)
Hash identifier:          nhLuHJFJAEtSipHjKKsmmYzjGbq7rPMqBC2Vv9w27os=
Subject key identifier:   60:67:95:41:39:BE:3D:E3:A3:0F:F9:E6:BA:29:12:E1:CA:2F:03:98
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188BFD18C3CEA1A40994FF72F7A2BBB35A4
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/YGeVQTm-PeOjD_nmuikS4covA5g.roa
Signing time:             Thu 15 Jun 2023 16:09:21 +0000
ROA not before:           Thu 15 Jun 2023 16:09:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:bf:d1:8c:3c:ea:1a:40:99:4f:f7:2f:7a:2b:bb:35:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 15 16:09:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6067954139be3de3a30ff9e6ba2912e1ca2f0398
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:a1:d6:9c:84:99:9f:6f:37:f0:4f:41:8b:00:
                    22:71:c1:3d:5d:35:9a:6c:57:ef:f5:80:c0:6c:88:
                    d7:e9:37:7f:e9:33:68:88:c6:f9:d3:d7:bd:f9:db:
                    d3:72:60:88:51:66:db:e9:6b:8f:ea:c2:d4:d2:33:
                    3b:08:e6:d0:c5:20:92:c5:5f:24:7c:31:25:58:69:
                    92:c5:96:4b:90:54:9b:21:bb:59:d6:c9:dd:41:cf:
                    e2:d4:60:59:9a:a5:19:66:7b:e3:bd:16:ff:4e:b1:
                    57:f9:40:da:b1:8a:64:b6:27:29:5c:09:ea:98:d4:
                    1e:f7:fb:a8:31:ca:79:19:3d:d0:3d:66:d1:bb:51:
                    65:61:25:d1:3a:8d:ec:ca:f4:51:7a:26:4d:a2:a2:
                    2c:cf:36:21:72:65:4f:28:6b:7f:14:ff:ea:51:9b:
                    3a:5a:8c:58:fd:1d:97:1d:29:4d:4e:c3:e8:5a:27:
                    cc:be:c7:29:10:7a:f9:a5:87:08:6a:e2:b5:ba:36:
                    03:cc:d2:cb:59:24:82:99:05:1e:89:18:98:cb:64:
                    0f:e0:6c:91:43:10:74:21:3b:0e:4e:f2:2c:72:73:
                    1b:d9:4c:08:ad:8f:74:9b:e5:73:10:ba:6d:47:ad:
                    a2:e5:49:12:3a:43:35:fb:24:bd:52:7e:a2:e1:5b:
                    f6:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:67:95:41:39:BE:3D:E3:A3:0F:F9:E6:BA:29:12:E1:CA:2F:03:98
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/YGeVQTm-PeOjD_nmuikS4covA5g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         3a:2b:61:63:56:fd:68:69:97:e5:04:41:56:92:32:37:81:b2:
         ce:b7:7b:61:cc:dc:bd:84:76:aa:9f:f5:59:f6:07:bb:c6:ca:
         52:9f:ee:9b:de:40:8c:72:30:35:b1:18:0a:7d:6d:05:73:98:
         47:f5:0b:43:b4:2d:80:de:fd:0d:57:bf:f4:29:cf:fa:53:54:
         da:ca:86:fc:76:9a:98:52:af:34:c7:3a:80:3f:ed:93:a7:a9:
         5d:3a:7b:2d:73:8b:e4:6b:d7:6b:6f:0b:40:81:7b:02:22:42:
         e9:aa:fb:b9:6f:3a:27:d2:8c:24:3f:06:d4:fd:88:89:0d:85:
         07:35:c0:d6:c4:d4:bc:1a:10:6e:9e:94:14:f8:63:66:0c:af:
         e1:ef:a1:70:a5:68:d4:15:d1:4f:09:71:80:f3:33:67:77:e9:
         21:71:40:5d:b6:8c:49:20:bf:7f:3b:ef:93:b3:dc:eb:a2:b1:
         55:9e:39:90:78:f4:fb:f7:26:b3:59:ee:2c:24:01:38:25:aa:
         79:af:aa:99:d7:2a:64:f4:20:cc:48:30:17:fa:da:ac:cd:12:
         cc:69:99:51:18:47:65:38:70:73:42:ad:f0:f8:77:09:49:1c:
         dc:e9:ed:23:fe:8f:a4:7a:b0:78:e3:5a:6d:37:11:09:c3:03:
         f5:a4:4d:fb
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYi/0Yw86hpAmU/3L3oruzWkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjE1MTYwOTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDY3OTU0MTM5YmUzZGUzYTMwZmY5ZTZiYTI5MTJlMWNhMmYwMzk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtqHWnISZn2838E9BiwAiccE9XTWa
bFfv9YDAbIjX6Td/6TNoiMb509e9+dvTcmCIUWbb6WuP6sLU0jM7CObQxSCSxV8k
fDElWGmSxZZLkFSbIbtZ1sndQc/i1GBZmqUZZnvjvRb/TrFX+UDasYpkticpXAnq
mNQe9/uoMcp5GT3QPWbRu1FlYSXROo3syvRReiZNoqIszzYhcmVPKGt/FP/qUZs6
WoxY/R2XHSlNTsPoWifMvscpEHr5pYcIauK1ujYDzNLLWSSCmQUeiRiYy2QP4GyR
QxB0ITsOTvIscnMb2UwIrY90m+VzELptR62i5UkSOkM1+yS9Un6i4Vv2VQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGBnlUE5vj3jow/55ropEuHKLwOYMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvWUdlVlFUbS1QZU9qRF9ubXVpa1M0Y292QTVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADorYWNW/Whpl+UEQVaS
MjeBss63e2HM3L2Edqqf9Vn2B7vGylKf7pveQIxyMDWxGAp9bQVzmEf1C0O0LYDe
/Q1Xv/Qpz/pTVNrKhvx2mphSrzTHOoA/7ZOnqV06ey1zi+Rr12tvC0CBewIiQumq
+7lvOifSjCQ/BtT9iIkNhQc1wNbE1LwaEG6elBT4Y2YMr+HvoXClaNQV0U8JcYDz
M2d36SFxQF22jEkgv38775Oz3OuisVWeOZB49Pv3JrNZ7iwkATglqnmvqpnXKmT0
IMxIMBf62qzNEsxpmVEYR2U4cHNCrfD4dwlJHNzp7SP+j6R6sHjjWm03EQnDA/Wk
Tfs=
-----END CERTIFICATE-----