Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/YXKEFid73DPp7wcBw83j2rbrC8k.roa
File:                     YXKEFid73DPp7wcBw83j2rbrC8k.roa (raw, json)
Hash identifier:          hhqjE3/gUCetvJH8uYxqW7WsSr4/uvCnpN9ji9/XaNs=
Subject key identifier:   61:72:84:16:27:7B:DC:33:E9:EF:07:01:C3:CD:E3:DA:B6:EB:0B:C9
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018886BD9747236DED61B366D5410B1B8BAF
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/YXKEFid73DPp7wcBw83j2rbrC8k.roa
Signing time:             Sun 04 Jun 2023 14:09:11 +0000
ROA not before:           Sun 04 Jun 2023 14:09:11 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:86:bd:97:47:23:6d:ed:61:b3:66:d5:41:0b:1b:8b:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  4 14:09:11 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=61728416277bdc33e9ef0701c3cde3dab6eb0bc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:99:6c:99:14:2f:3b:77:01:d6:90:2e:8d:f3:
                    ca:27:97:50:1a:78:7b:15:55:6d:11:9b:7c:07:ca:
                    29:a6:b9:2d:4a:eb:4e:01:f2:03:16:72:13:8e:d1:
                    d1:40:e0:ed:8c:7b:c2:24:2b:b2:38:79:57:cf:7d:
                    bc:ba:02:d7:42:e0:8b:b7:c6:61:b6:19:af:94:e6:
                    bb:dd:23:8e:85:70:7a:48:86:dd:55:40:38:2a:51:
                    56:82:d3:ee:53:b2:7c:b2:f0:a5:87:02:f7:1a:7d:
                    a1:67:3e:0e:6e:57:bd:ec:23:c5:76:35:85:82:82:
                    77:64:ca:43:bd:74:58:a4:30:5e:c0:c4:a1:a4:f2:
                    8b:7f:13:96:3e:d5:2b:a3:46:94:04:38:c9:8b:a1:
                    1e:9c:71:3c:30:c1:32:2b:63:6a:20:f2:1c:cf:63:
                    61:b7:3d:b4:83:e4:56:5d:03:49:e9:d7:e1:00:dd:
                    f4:42:95:8e:44:04:4a:64:63:42:84:48:a8:58:4c:
                    3d:0d:94:7d:8d:82:2f:dc:85:4f:b5:47:10:39:a7:
                    8e:b8:b4:08:1c:32:53:27:a8:29:4a:cf:3e:78:71:
                    fa:62:1a:ff:8a:d9:7a:1a:3d:23:ed:8c:68:8a:21:
                    3d:c7:76:14:11:17:f5:19:f4:f8:9b:2e:32:5e:e4:
                    a6:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:72:84:16:27:7B:DC:33:E9:EF:07:01:C3:CD:E3:DA:B6:EB:0B:C9
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/YXKEFid73DPp7wcBw83j2rbrC8k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         08:d2:55:f5:f5:86:8e:f6:a7:2f:f2:70:73:4f:c2:fc:30:f4:
         a9:91:a0:c4:b0:25:12:bc:21:b7:77:fe:24:0f:76:42:f4:c9:
         f1:33:09:55:22:3d:fd:a2:e6:e5:4f:e1:08:00:b1:1a:24:e9:
         93:77:b5:b5:f6:a6:f0:e7:7d:89:c0:c3:30:be:4a:3e:99:86:
         c2:26:61:39:ea:c9:7b:e8:09:13:97:4b:7e:ff:8d:ec:34:28:
         6f:c3:a9:99:17:e9:10:c8:21:d6:85:98:11:0b:7c:28:33:2f:
         89:2b:d5:c2:45:5a:12:d5:b7:f5:fb:e8:c0:e8:52:d6:8d:4b:
         94:b3:68:4b:0c:96:39:bb:92:34:cc:27:5d:5d:e2:2c:87:07:
         14:b2:85:3c:95:78:de:d1:cf:2d:f5:15:cc:04:cf:38:b5:f7:
         71:04:93:20:28:2f:37:50:58:11:38:10:89:cc:96:9d:82:8e:
         d9:e2:17:20:22:3b:dc:42:17:7c:d6:9e:96:19:eb:b4:69:04:
         63:69:1f:c0:c1:df:af:e3:9f:5a:1b:07:18:1d:7a:23:db:9a:
         0a:53:9b:77:86:5d:10:3c:ab:f0:93:1f:eb:9d:ab:43:70:91:
         5a:5c:ca:cd:d8:32:91:cc:a9:0d:50:01:12:64:07:55:39:a8:
         ea:a1:dc:18
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiGvZdHI23tYbNm1UELG4uvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA0MTQwOTExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTcyODQxNjI3N2JkYzMzZTllZjA3MDFjM2NkZTNkYWI2ZWIwYmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5lsmRQvO3cB1pAujfPKJ5dQGnh7
FVVtEZt8B8opprktSutOAfIDFnITjtHRQODtjHvCJCuyOHlXz328ugLXQuCLt8Zh
thmvlOa73SOOhXB6SIbdVUA4KlFWgtPuU7J8svClhwL3Gn2hZz4Oble97CPFdjWF
goJ3ZMpDvXRYpDBewMShpPKLfxOWPtUro0aUBDjJi6EenHE8MMEyK2NqIPIcz2Nh
tz20g+RWXQNJ6dfhAN30QpWORARKZGNChEioWEw9DZR9jYIv3IVPtUcQOaeOuLQI
HDJTJ6gpSs8+eHH6Yhr/itl6Gj0j7YxoiiE9x3YUERf1GfT4my4yXuSmVwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGFyhBYne9wz6e8HAcPN49q26wvJMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvWVhLRUZpZDczRFBwN3djQnc4M2oycmJyQzhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAjSVfX1ho72py/ycHNP
wvww9KmRoMSwJRK8Ibd3/iQPdkL0yfEzCVUiPf2i5uVP4QgAsRok6ZN3tbX2pvDn
fYnAwzC+Sj6ZhsImYTnqyXvoCROXS37/jew0KG/DqZkX6RDIIdaFmBELfCgzL4kr
1cJFWhLVt/X76MDoUtaNS5SzaEsMljm7kjTMJ11d4iyHBxSyhTyVeN7Rzy31FcwE
zzi193EEkyAoLzdQWBE4EInMlp2CjtniFyAiO9xCF3zWnpYZ67RpBGNpH8DB36/j
n1obBxgdeiPbmgpTm3eGXRA8q/CTH+udq0NwkVpcys3YMpHMqQ1QARJkB1U5qOqh
3Bg=
-----END CERTIFICATE-----