Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hUXUWM98i2bGds4UmUWWjjdWJRo.roa
File:                     hUXUWM98i2bGds4UmUWWjjdWJRo.roa (raw, json)
Hash identifier:          aahCqRmymbt4+gFHcE8B8TaZEjnijhd3pqntec3u+RE=
Subject key identifier:   85:45:D4:58:CF:7C:8B:66:C6:76:CE:14:99:45:96:8E:37:56:25:1A
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01898317431EA43017E63F6A2D0056684F85
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hUXUWM98i2bGds4UmUWWjjdWJRo.roa
Signing time:             Sun 23 Jul 2023 14:11:26 +0000
ROA not before:           Sun 23 Jul 2023 14:11:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:83:17:43:1e:a4:30:17:e6:3f:6a:2d:00:56:68:4f:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 23 14:11:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8545d458cf7c8b66c676ce149945968e3756251a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b9:59:ce:ba:51:3d:ce:0b:28:b1:09:80:ee:
                    3b:82:4f:78:8e:44:20:25:4b:18:74:cf:5e:eb:01:
                    89:37:c6:d1:f2:57:f7:10:48:18:3d:cc:d1:f4:4a:
                    d8:be:47:14:cd:a6:81:ea:8f:4d:3e:a6:95:84:c6:
                    a6:c6:cb:0a:c3:60:89:04:bf:b0:6d:1e:77:8b:6b:
                    d1:e4:ef:f5:15:41:49:cb:28:90:57:0a:1f:6e:41:
                    77:49:be:f0:a4:8a:3f:cd:67:7e:d5:ea:12:b5:64:
                    8c:77:6e:27:ad:1d:02:25:54:23:5f:58:96:0f:e0:
                    b1:59:b8:d5:c3:f5:f8:74:b0:6e:2d:b7:55:57:dd:
                    66:db:3b:09:e6:49:9b:c0:f2:4c:bc:2c:94:71:75:
                    7f:db:01:a4:f2:53:cb:2e:69:88:4a:d4:e4:d7:86:
                    61:9c:5f:c6:7b:5c:b4:7b:64:a2:35:cb:b8:e3:a2:
                    3c:84:02:d0:81:d1:ef:91:ea:92:a9:45:a2:e6:92:
                    d4:a2:a1:3c:e5:40:ff:50:64:b2:93:61:67:3c:73:
                    38:23:82:e1:62:89:29:86:f4:eb:dc:9a:e2:c7:fe:
                    38:b5:de:f5:a5:5d:3d:02:90:44:86:c4:a7:75:e0:
                    a2:3c:1b:d5:ba:e9:b0:3d:aa:14:9e:07:b4:6b:c3:
                    0a:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:45:D4:58:CF:7C:8B:66:C6:76:CE:14:99:45:96:8E:37:56:25:1A
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hUXUWM98i2bGds4UmUWWjjdWJRo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:48:74:99:fe:df:1c:06:a3:aa:5e:ed:fc:b3:a4:bb:d4:59:
         e3:af:e3:5e:1d:36:b6:64:09:0e:7f:8c:de:a3:af:39:b6:c1:
         d7:90:23:59:98:0b:cc:39:4a:0d:4c:82:6b:1c:42:a6:30:ef:
         45:92:bc:56:4a:e3:35:b6:ae:da:e0:fb:5d:a9:12:95:88:ea:
         3a:e5:14:9c:10:04:9e:17:8c:13:11:7e:af:a5:98:96:0f:14:
         08:87:9f:bc:a1:e0:b7:cc:3c:14:32:a0:37:70:c3:36:17:2e:
         b8:10:5d:d5:f3:57:a9:50:5d:77:36:bc:ce:2d:a2:47:6b:31:
         9f:16:8c:e7:b8:f5:92:4f:13:3b:b9:53:02:38:21:f7:f1:d8:
         5d:f6:d9:64:16:a9:b2:06:00:ac:2a:73:a2:a0:ce:87:0d:1b:
         3c:03:81:ee:c0:5a:ba:bb:36:54:dc:f0:21:3f:4f:b1:ce:39:
         55:39:1c:bc:f2:e0:57:68:61:2a:d7:c3:00:ad:a1:36:c2:59:
         17:01:34:98:65:3a:07:70:1e:c8:5c:30:90:40:0b:66:aa:11:
         2d:31:70:f6:15:f0:75:71:ae:73:71:5d:70:90:58:4b:7d:76:
         33:fa:d9:b4:0a:31:03:53:c8:c4:db:42:1a:f9:e2:16:1e:6f:
         f3:44:39:f1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYmDF0MepDAX5j9qLQBWaE+FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzIzMTQxMTI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTQ1ZDQ1OGNmN2M4YjY2YzY3NmNlMTQ5OTQ1OTY4ZTM3NTYyNTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLlZzrpRPc4LKLEJgO47gk94jkQg
JUsYdM9e6wGJN8bR8lf3EEgYPczR9ErYvkcUzaaB6o9NPqaVhMamxssKw2CJBL+w
bR53i2vR5O/1FUFJyyiQVwofbkF3Sb7wpIo/zWd+1eoStWSMd24nrR0CJVQjX1iW
D+CxWbjVw/X4dLBuLbdVV91m2zsJ5kmbwPJMvCyUcXV/2wGk8lPLLmmIStTk14Zh
nF/Ge1y0e2SiNcu446I8hALQgdHvkeqSqUWi5pLUoqE85UD/UGSyk2FnPHM4I4Lh
YokphvTr3Jrix/44td71pV09ApBEhsSndeCiPBvVuumwPaoUnge0a8MK3wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIVF1FjPfItmxnbOFJlFlo43ViUaMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvaFVYVVdNOThpMmJHZHM0VW1VV1dqamRXSlJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGhIdJn+3xwGo6pe7fyz
pLvUWeOv414dNrZkCQ5/jN6jrzm2wdeQI1mYC8w5Sg1MgmscQqYw70WSvFZK4zW2
rtrg+12pEpWI6jrlFJwQBJ4XjBMRfq+lmJYPFAiHn7yh4LfMPBQyoDdwwzYXLrgQ
XdXzV6lQXXc2vM4tokdrMZ8WjOe49ZJPEzu5UwI4Iffx2F322WQWqbIGAKwqc6Kg
zocNGzwDge7AWrq7NlTc8CE/T7HOOVU5HLzy4FdoYSrXwwCtoTbCWRcBNJhlOgdw
HshcMJBAC2aqES0xcPYV8HVxrnNxXXCQWEt9djP62bQKMQNTyMTbQhr54hYeb/NE
OfE=
-----END CERTIFICATE-----