Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ctxnVWTV8guqJQXXec9Esgc_9bM.roa
File:                     ctxnVWTV8guqJQXXec9Esgc_9bM.roa (raw, json)
Hash identifier:          5RFSwii/FG3Bo2m8UGnhx5L6hWzPCnIT1/QMi5SVMsw=
Subject key identifier:   72:DC:67:55:64:D5:F2:0B:AA:25:05:D7:79:CF:44:B2:07:3F:F5:B3
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0189646A3CADD11195A9519472AA64535D16
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ctxnVWTV8guqJQXXec9Esgc_9bM.roa
Signing time:             Mon 17 Jul 2023 15:13:51 +0000
ROA not before:           Mon 17 Jul 2023 15:13:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:64:6a:3c:ad:d1:11:95:a9:51:94:72:aa:64:53:5d:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 17 15:13:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=72dc675564d5f20baa2505d779cf44b2073ff5b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:b9:21:ed:65:67:84:dd:c8:52:d9:42:7e:52:
                    f6:cb:0c:e7:25:62:07:a4:93:11:c2:79:9b:1d:72:
                    79:4d:02:48:51:44:a7:28:bb:fb:80:5d:25:cb:fb:
                    dc:56:71:83:46:00:d5:35:d1:80:19:71:5f:fd:a0:
                    3c:8e:b4:90:6d:42:38:74:ca:91:f4:d2:09:f9:98:
                    e4:dc:e5:01:14:b8:77:16:f9:5f:df:1e:bf:85:51:
                    96:fb:c4:68:56:ee:ea:61:3e:f9:90:1a:a3:0e:9b:
                    bf:bd:43:de:f4:23:16:be:52:6c:16:7d:e9:16:fe:
                    0b:fe:2e:b7:c0:3c:87:b9:63:a0:7b:ac:61:8e:8f:
                    90:a6:c9:83:30:44:31:a3:8f:0a:2a:63:ab:34:42:
                    57:c6:c6:9e:84:93:c5:e0:03:81:5c:46:a7:9b:70:
                    f2:29:b2:ad:eb:2f:48:71:d6:c1:93:ae:ca:b8:a1:
                    81:0a:e1:a0:85:3c:8d:72:f7:6d:21:1a:78:d4:30:
                    0d:49:79:e9:2b:30:09:38:f1:d1:07:60:e9:c8:b9:
                    f9:47:8b:50:12:47:c6:0c:0b:cd:2a:32:d9:24:83:
                    34:a1:8b:53:22:6a:c2:71:f0:04:02:27:9e:52:06:
                    b7:da:56:1f:1d:1c:18:f4:00:1c:25:c7:3b:ba:50:
                    c7:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:DC:67:55:64:D5:F2:0B:AA:25:05:D7:79:CF:44:B2:07:3F:F5:B3
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ctxnVWTV8guqJQXXec9Esgc_9bM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         96:09:70:5f:48:cc:0f:e9:be:6b:d6:cf:d2:41:bb:f1:05:10:
         8a:b2:fd:93:51:d6:2a:5a:57:55:39:f3:eb:a4:53:ab:4b:9d:
         4f:9f:06:74:f9:f0:f6:87:43:19:0d:da:b9:a7:c0:a7:16:a9:
         3d:43:af:17:92:c1:25:97:8b:eb:e0:7c:84:d1:bd:8b:53:bc:
         fc:39:3d:07:93:f7:38:ae:86:04:7f:ee:f0:cd:a1:ef:c8:6a:
         f1:74:9b:29:58:e6:23:89:bc:b1:d4:21:f4:32:30:54:20:01:
         58:a2:e6:d2:42:e2:06:5f:29:ca:af:36:ac:d8:05:a4:c0:f6:
         0e:3f:45:22:21:48:00:8c:e7:de:dc:a1:7e:71:62:a9:5c:e1:
         7d:51:f0:ec:c0:8c:18:6d:7d:16:05:88:c5:db:90:bd:87:1b:
         9a:88:48:d9:13:ab:ef:96:70:84:cf:ff:bf:c8:d4:96:31:80:
         d4:12:b0:55:95:79:2a:9f:c9:2e:34:4a:bc:a5:6b:af:21:f8:
         af:03:d4:7a:29:e8:49:51:d4:91:8b:1c:82:06:af:fa:df:54:
         aa:14:71:93:0b:59:f2:e6:40:02:28:77:7f:2b:1e:92:51:97:
         93:35:77:eb:a7:7e:ca:d4:83:6c:54:47:c4:e6:d6:57:e8:95:
         3a:cd:10:1b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlkajyt0RGVqVGUcqpkU10WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzE3MTUxMzUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmRjNjc1NTY0ZDVmMjBiYWEyNTA1ZDc3OWNmNDRiMjA3M2ZmNWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLkh7WVnhN3IUtlCflL2ywznJWIH
pJMRwnmbHXJ5TQJIUUSnKLv7gF0ly/vcVnGDRgDVNdGAGXFf/aA8jrSQbUI4dMqR
9NIJ+Zjk3OUBFLh3Fvlf3x6/hVGW+8RoVu7qYT75kBqjDpu/vUPe9CMWvlJsFn3p
Fv4L/i63wDyHuWOge6xhjo+QpsmDMEQxo48KKmOrNEJXxsaehJPF4AOBXEanm3Dy
KbKt6y9IcdbBk67KuKGBCuGghTyNcvdtIRp41DANSXnpKzAJOPHRB2DpyLn5R4tQ
EkfGDAvNKjLZJIM0oYtTImrCcfAEAieeUga32lYfHRwY9AAcJcc7ulDHdQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHLcZ1Vk1fILqiUF13nPRLIHP/WzMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvY3R4blZXVFY4Z3VxSlFYWGVjOUVzZ2NfOWJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJYJcF9IzA/pvmvWz9JB
u/EFEIqy/ZNR1ipaV1U58+ukU6tLnU+fBnT58PaHQxkN2rmnwKcWqT1DrxeSwSWX
i+vgfITRvYtTvPw5PQeT9ziuhgR/7vDNoe/IavF0mylY5iOJvLHUIfQyMFQgAVii
5tJC4gZfKcqvNqzYBaTA9g4/RSIhSACM597coX5xYqlc4X1R8OzAjBhtfRYFiMXb
kL2HG5qISNkTq++WcITP/7/I1JYxgNQSsFWVeSqfyS40Sryla68h+K8D1Hop6ElR
1JGLHIIGr/rfVKoUcZMLWfLmQAIod38rHpJRl5M1d+unfsrUg2xUR8Tm1lfolTrN
EBs=
-----END CERTIFICATE-----