Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/_ym1G0tjDP5G8-m0_-FKKdDhJ2Y.roa
File:                     _ym1G0tjDP5G8-m0_-FKKdDhJ2Y.roa (raw, json)
Hash identifier:          6RkoCUGTLcQokzovmmDjcyBvzlVX0yNcXiwI15CwLXk=
Subject key identifier:   FF:29:B5:1B:4B:63:0C:FE:46:F3:E9:B4:FF:E1:4A:29:D0:E1:27:66
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188C59D59FD281CD0AD60FA3BAA296ACFF4
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/_ym1G0tjDP5G8-m0_-FKKdDhJ2Y.roa
Signing time:             Fri 16 Jun 2023 19:10:03 +0000
ROA not before:           Fri 16 Jun 2023 19:10:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:c5:9d:59:fd:28:1c:d0:ad:60:fa:3b:aa:29:6a:cf:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 16 19:10:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ff29b51b4b630cfe46f3e9b4ffe14a29d0e12766
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:9d:3a:6e:af:bd:36:fb:c0:c8:ec:0f:91:aa:
                    90:c0:43:88:c8:bc:16:24:a8:c3:e6:43:19:55:5e:
                    fc:db:74:dd:45:9a:e0:1f:fd:c1:ac:f2:3c:ba:01:
                    81:1a:7f:e6:dd:49:d2:23:51:f3:91:ed:63:08:ed:
                    59:72:4c:30:5a:4d:3c:80:f6:f2:83:b6:40:6a:82:
                    f0:46:17:a2:1b:09:f6:de:4d:de:cf:da:a0:2e:58:
                    19:fb:67:96:fa:1f:22:d6:1b:09:3b:5f:f9:07:af:
                    b9:67:31:87:bf:cb:3e:13:0f:cb:75:c8:14:45:ff:
                    c2:15:b0:5f:56:95:5a:db:89:3d:0d:de:0f:12:e3:
                    17:b2:6a:66:45:d1:b1:d1:b9:19:c6:5f:6b:d3:1c:
                    b1:10:e5:55:3d:9a:4b:84:72:62:ae:c7:48:1c:22:
                    eb:e2:c4:d2:d2:7e:78:cf:f8:04:91:6c:92:0a:6d:
                    08:f8:62:0a:de:38:2d:55:85:be:65:8f:a8:64:22:
                    5c:78:66:99:b2:de:df:96:94:ca:26:98:f9:e8:3f:
                    fc:af:86:28:58:92:ec:70:5d:9c:7a:60:5f:7e:8e:
                    53:77:78:00:89:01:7f:40:8b:57:c5:19:54:8d:e1:
                    ea:d5:20:1e:58:19:b1:3f:0b:cf:15:b9:b7:c6:00:
                    d4:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:29:B5:1B:4B:63:0C:FE:46:F3:E9:B4:FF:E1:4A:29:D0:E1:27:66
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/_ym1G0tjDP5G8-m0_-FKKdDhJ2Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         33:65:20:6a:c8:78:d5:4a:e9:af:3e:3c:56:fe:ce:6c:c9:56:
         60:d9:a3:41:f2:a0:8e:cb:6c:8c:85:f0:7b:c5:8f:9a:80:ae:
         52:08:3c:f9:db:22:f5:8d:47:96:bd:6a:00:2e:16:86:e4:f4:
         88:ad:83:ca:f3:32:ad:d6:8b:d3:f3:9b:f7:15:1a:0d:a9:1f:
         74:1c:2b:80:58:e8:7a:f3:73:e2:ae:ad:dd:52:1d:a0:af:df:
         f9:4e:d0:db:47:ee:aa:17:02:7d:2b:d6:5a:e3:3f:21:0a:45:
         5b:54:29:e9:00:97:65:7d:3e:d8:2f:d7:cd:0b:72:41:3d:56:
         29:8a:02:6f:7b:66:22:19:97:08:ce:69:4a:c9:ac:e7:a3:f1:
         8c:90:35:40:82:dd:26:56:53:1d:90:b0:14:24:f4:2e:24:9e:
         bf:3a:4d:c4:bb:b3:1b:28:8b:28:33:70:25:4d:0a:c3:e2:d6:
         f7:0e:ae:c0:7b:8d:ab:d8:ec:ad:7b:aa:4c:2d:bb:4a:e2:58:
         1f:8e:e6:c0:93:41:c5:27:d5:79:03:1c:d6:e5:32:74:70:7d:
         25:5b:df:32:c4:c6:c2:2e:8c:16:a5:bb:54:39:49:17:a1:87:
         79:ce:ca:86:c7:25:f1:d0:5d:1d:72:04:d1:b6:f8:90:be:22:
         33:b4:27:de
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYjFnVn9KBzQrWD6O6opas/0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjE2MTkxMDAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjI5YjUxYjRiNjMwY2ZlNDZmM2U5YjRmZmUxNGEyOWQwZTEyNzY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjJ06bq+9NvvAyOwPkaqQwEOIyLwW
JKjD5kMZVV7823TdRZrgH/3BrPI8ugGBGn/m3UnSI1Hzke1jCO1ZckwwWk08gPby
g7ZAaoLwRheiGwn23k3ez9qgLlgZ+2eW+h8i1hsJO1/5B6+5ZzGHv8s+Ew/LdcgU
Rf/CFbBfVpVa24k9Dd4PEuMXsmpmRdGx0bkZxl9r0xyxEOVVPZpLhHJirsdIHCLr
4sTS0n54z/gEkWySCm0I+GIK3jgtVYW+ZY+oZCJceGaZst7flpTKJpj56D/8r4Yo
WJLscF2cemBffo5Td3gAiQF/QItXxRlUjeHq1SAeWBmxPwvPFbm3xgDUNQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFP8ptRtLYwz+RvPptP/hSinQ4SdmMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvX3ltMUcwdGpEUDVHOC1tMF8tRktLZERoSjJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADNlIGrIeNVK6a8+PFb+
zmzJVmDZo0HyoI7LbIyF8HvFj5qArlIIPPnbIvWNR5a9agAuFobk9Iitg8rzMq3W
i9Pzm/cVGg2pH3QcK4BY6Hrzc+Kurd1SHaCv3/lO0NtH7qoXAn0r1lrjPyEKRVtU
KekAl2V9Ptgv180LckE9VimKAm97ZiIZlwjOaUrJrOej8YyQNUCC3SZWUx2QsBQk
9C4knr86TcS7sxsoiygzcCVNCsPi1vcOrsB7javY7K17qkwtu0riWB+O5sCTQcUn
1XkDHNblMnRwfSVb3zLExsIujBalu1Q5SRehh3nOyobHJfHQXR1yBNG2+JC+IjO0
J94=
-----END CERTIFICATE-----