Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hmixvtcl1zKxI5DakVQZRbvjaqQ.roa
File:                     hmixvtcl1zKxI5DakVQZRbvjaqQ.roa (raw, json)
Hash identifier:          mxFAj3RXijw/IRoekbKrc+7rA8dlvz2DxFLIAJf8CIA=
Subject key identifier:   86:68:B1:BE:D7:25:D7:32:B1:23:90:DA:91:54:19:45:BB:E3:6A:A4
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01895F04B51BD280EEE3E955B6295BA1A553
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hmixvtcl1zKxI5DakVQZRbvjaqQ.roa
Signing time:             Sun 16 Jul 2023 14:04:51 +0000
ROA not before:           Sun 16 Jul 2023 14:04:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:189:5f04:16b0/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:5f:04:b5:1b:d2:80:ee:e3:e9:55:b6:29:5b:a1:a5:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 16 14:04:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8668b1bed725d732b12390da91541945bbe36aa4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:d3:75:05:b9:29:87:ea:70:a5:cf:98:33:cc:
                    85:1d:bd:d4:53:e4:2a:1e:d3:e1:29:99:27:a4:0f:
                    d9:f6:c2:dc:a5:06:a4:29:8e:3d:12:7c:f3:75:f9:
                    01:89:ab:84:17:1d:50:c7:24:50:59:7e:b9:a9:61:
                    65:ba:1f:91:4a:a7:c7:e6:20:e2:d3:03:c6:a5:8e:
                    ba:ef:2d:85:96:6a:c0:40:97:2a:e4:0a:a6:b7:fe:
                    81:f6:8a:a0:80:31:d1:aa:db:b4:ec:c2:9f:06:d2:
                    aa:e0:47:52:c2:9f:f9:04:a7:70:d6:34:b1:fd:74:
                    63:8e:8a:a7:19:e1:c5:2d:a4:60:c5:8c:c9:d6:1b:
                    cc:a1:94:de:1f:cd:81:bf:2a:7e:53:f4:54:a0:04:
                    8b:c1:ad:d9:22:1a:76:6f:c9:f3:7b:0f:92:d4:a2:
                    31:6e:14:b6:bc:d5:4d:72:f1:c9:ae:67:d5:67:fa:
                    86:5a:e1:ed:ba:5d:74:8f:50:37:64:ba:bb:95:1e:
                    25:54:26:4b:d0:17:b0:7e:ed:1e:cb:4a:a2:9f:cb:
                    e2:ae:ed:dd:47:eb:35:9d:48:6d:f4:2f:10:98:e0:
                    90:ac:ad:a9:d8:b5:ce:dd:2a:65:ee:d5:5e:f8:76:
                    69:f2:4d:90:8f:7d:83:8f:b1:e7:17:ca:9f:18:5f:
                    92:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:68:B1:BE:D7:25:D7:32:B1:23:90:DA:91:54:19:45:BB:E3:6A:A4
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hmixvtcl1zKxI5DakVQZRbvjaqQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         af:85:0e:d2:5b:78:87:d8:d9:bd:df:7e:bd:cc:5c:da:7b:ec:
         b8:71:59:90:a2:25:92:c5:37:91:86:bf:06:cb:d2:8d:a3:e4:
         2c:28:66:59:96:12:9d:ca:45:da:ec:91:a1:92:fe:b8:4d:dc:
         32:03:59:4b:29:d5:f3:f1:76:ce:81:d2:21:ff:33:b4:6e:06:
         b8:59:c3:1e:fe:bf:4e:d1:7b:1b:f1:9d:ef:93:fb:d4:83:15:
         be:4f:46:cb:cf:f1:43:a7:d9:7b:9b:74:5c:0c:06:76:03:30:
         d5:cd:63:42:4a:b5:d2:47:43:14:cd:3f:c3:bd:aa:25:00:08:
         c4:69:01:66:e5:94:4c:07:32:e1:5b:e1:7e:bb:89:63:8b:41:
         47:de:aa:bd:85:de:74:a4:54:4b:d7:14:c4:9c:19:26:ca:79:
         56:5a:86:91:45:5d:d8:e4:81:22:71:e2:ef:91:ef:6c:04:98:
         1d:26:63:24:4d:a1:0e:82:3f:d0:28:65:6d:86:c4:f9:fb:80:
         7a:87:13:19:c9:af:4d:6a:dc:b4:4b:19:e6:b8:1f:26:49:b3:
         65:6c:7a:49:73:23:70:f5:94:9b:b6:46:95:5e:81:2d:9b:7f:
         bf:b6:ac:92:11:05:bb:4c:8b:56:22:37:36:bd:5b:ea:52:3b:
         e6:bd:7c:94
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlfBLUb0oDu4+lVtilboaVTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzE2MTQwNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjY4YjFiZWQ3MjVkNzMyYjEyMzkwZGE5MTU0MTk0NWJiZTM2YWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztN1Bbkph+pwpc+YM8yFHb3UU+Qq
HtPhKZknpA/Z9sLcpQakKY49EnzzdfkBiauEFx1QxyRQWX65qWFluh+RSqfH5iDi
0wPGpY667y2FlmrAQJcq5Aqmt/6B9oqggDHRqtu07MKfBtKq4EdSwp/5BKdw1jSx
/XRjjoqnGeHFLaRgxYzJ1hvMoZTeH82Bvyp+U/RUoASLwa3ZIhp2b8nzew+S1KIx
bhS2vNVNcvHJrmfVZ/qGWuHtul10j1A3ZLq7lR4lVCZL0Bewfu0ey0qin8viru3d
R+s1nUht9C8QmOCQrK2p2LXO3Spl7tVe+HZp8k2Qj32Dj7HnF8qfGF+SRQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIZosb7XJdcysSOQ2pFUGUW742qkMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvaG1peHZ0Y2wxekt4STVEYWtWUVpSYnZqYXFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAK+FDtJbeIfY2b3ffr3M
XNp77LhxWZCiJZLFN5GGvwbL0o2j5CwoZlmWEp3KRdrskaGS/rhN3DIDWUsp1fPx
ds6B0iH/M7RuBrhZwx7+v07Rexvxne+T+9SDFb5PRsvP8UOn2XubdFwMBnYDMNXN
Y0JKtdJHQxTNP8O9qiUACMRpAWbllEwHMuFb4X67iWOLQUfeqr2F3nSkVEvXFMSc
GSbKeVZahpFFXdjkgSJx4u+R72wEmB0mYyRNoQ6CP9AoZW2GxPn7gHqHExnJr01q
3LRLGea4HyZJs2VseklzI3D1lJu2RpVegS2bf7+2rJIRBbtMi1YiNza9W+pSO+a9
fJQ=
-----END CERTIFICATE-----