Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/k3cjdd5rxRY3IvWv8fsVbmut7SE.roa
File:                     k3cjdd5rxRY3IvWv8fsVbmut7SE.roa (raw, json)
Hash identifier:          PcDuQMPk+h8qxQaPiYI15Zxl+/1VcDZTD1awzfflvOY=
Subject key identifier:   93:77:23:75:DE:6B:C5:16:37:22:F5:AF:F1:FB:15:6E:6B:AD:ED:21
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01896B46C2AA4D182435FD132EF58B8F89EC
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/k3cjdd5rxRY3IvWv8fsVbmut7SE.roa
Signing time:             Tue 18 Jul 2023 23:12:26 +0000
ROA not before:           Tue 18 Jul 2023 23:12:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:6b:46:c2:aa:4d:18:24:35:fd:13:2e:f5:8b:8f:89:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 18 23:12:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=93772375de6bc5163722f5aff1fb156e6baded21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:b4:b4:cb:d3:30:4b:d4:33:5e:05:e9:63:5d:
                    bf:da:ea:bb:c1:4b:ba:1a:34:a6:22:a7:b2:a6:95:
                    fd:1a:44:82:65:ba:67:a9:df:e9:ab:d6:a2:29:44:
                    87:13:d2:29:37:23:56:bb:32:3e:06:17:1a:60:40:
                    c6:3f:0d:6a:8e:c3:7e:01:df:85:09:99:a8:81:4a:
                    2d:66:d6:6c:be:41:55:13:2c:4e:01:d8:fc:14:61:
                    60:4e:e6:91:26:f9:ac:14:ee:13:7b:f2:66:b9:ca:
                    5d:42:68:e4:69:e1:34:92:8f:fa:05:dc:6f:5b:04:
                    be:29:bb:81:99:f9:ca:f3:63:2e:97:98:cb:16:8f:
                    f5:25:8c:9a:b4:54:12:e0:18:66:75:41:6d:0c:7d:
                    8b:74:61:4f:85:0a:22:2f:2a:83:86:e3:50:8a:6f:
                    60:0c:c7:80:19:a1:b1:02:35:c0:87:c2:77:dd:6a:
                    b0:4c:cd:e5:59:18:3a:cf:a9:02:e7:6f:ab:de:9c:
                    54:6e:b3:db:66:b7:5f:00:11:9d:dc:d3:0f:a0:de:
                    a7:e8:7a:34:64:55:c2:99:b3:e4:fb:cb:78:68:c2:
                    e8:de:f2:ee:1e:19:0e:c2:f2:60:76:66:d2:a4:d7:
                    9b:2f:35:d4:c1:5c:24:69:4a:74:a0:e3:ed:09:3f:
                    d7:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:77:23:75:DE:6B:C5:16:37:22:F5:AF:F1:FB:15:6E:6B:AD:ED:21
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/k3cjdd5rxRY3IvWv8fsVbmut7SE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         88:ba:8d:61:ff:82:8c:c4:06:e3:f4:f5:a2:ed:71:9d:7f:12:
         b0:3d:59:b7:ea:aa:2a:f8:c6:84:85:d3:fd:e7:1e:b4:0e:a6:
         50:14:e3:36:21:ee:c1:91:4d:ef:c4:c9:36:a5:76:16:86:44:
         0d:55:d1:33:6a:c9:02:7c:4b:07:72:42:dc:ae:f3:21:2e:5e:
         86:bc:6f:70:89:2d:0e:84:09:55:a1:ec:eb:42:9e:8a:9e:ec:
         66:db:da:f4:70:7f:0a:10:9d:a7:5c:3c:5a:bf:db:87:8e:3c:
         b3:ad:7a:07:1a:d9:e2:43:2a:8d:e5:56:32:d5:a9:5e:8f:c9:
         e7:67:96:84:28:d4:3c:2c:70:88:8e:8a:4a:af:e3:07:72:4d:
         38:4c:d6:89:a6:77:ce:a5:31:21:18:f3:6c:67:a3:0e:f4:8a:
         79:82:dc:76:8c:5b:9a:84:6e:6a:e7:27:f1:46:4d:a1:c0:08:
         e2:00:a2:aa:0c:34:5a:95:72:c2:a1:70:b7:fe:cc:26:af:1d:
         1a:2c:14:8f:4e:a7:f2:e6:3d:7d:24:3b:2e:2d:b5:dd:7c:32:
         5d:cb:46:1d:06:7b:3a:2d:4b:75:fe:a4:14:f0:bd:25:3e:6a:
         48:f5:73:ee:8f:77:0d:d9:75:57:9a:dd:07:f8:06:a7:24:19:
         31:a7:c6:3d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlrRsKqTRgkNf0TLvWLj4nsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzE4MjMxMjI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mzc3MjM3NWRlNmJjNTE2MzcyMmY1YWZmMWZiMTU2ZTZiYWRlZDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7S0y9MwS9QzXgXpY12/2uq7wUu6
GjSmIqeyppX9GkSCZbpnqd/pq9aiKUSHE9IpNyNWuzI+BhcaYEDGPw1qjsN+Ad+F
CZmogUotZtZsvkFVEyxOAdj8FGFgTuaRJvmsFO4Te/JmucpdQmjkaeE0ko/6Bdxv
WwS+KbuBmfnK82Mul5jLFo/1JYyatFQS4BhmdUFtDH2LdGFPhQoiLyqDhuNQim9g
DMeAGaGxAjXAh8J33WqwTM3lWRg6z6kC52+r3pxUbrPbZrdfABGd3NMPoN6n6Ho0
ZFXCmbPk+8t4aMLo3vLuHhkOwvJgdmbSpNebLzXUwVwkaUp0oOPtCT/XBwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJN3I3Xea8UWNyL1r/H7FW5rre0hMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvazNjamRkNXJ4UlkzSXZXdjhmc1ZibXV0N1NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIi6jWH/gozEBuP09aLt
cZ1/ErA9Wbfqqir4xoSF0/3nHrQOplAU4zYh7sGRTe/EyTaldhaGRA1V0TNqyQJ8
SwdyQtyu8yEuXoa8b3CJLQ6ECVWh7OtCnoqe7Gbb2vRwfwoQnadcPFq/24eOPLOt
egca2eJDKo3lVjLVqV6PyednloQo1DwscIiOikqv4wdyTThM1ommd86lMSEY82xn
ow70inmC3HaMW5qEbmrnJ/FGTaHACOIAoqoMNFqVcsKhcLf+zCavHRosFI9Op/Lm
PX0kOy4ttd18Ml3LRh0GezotS3X+pBTwvSU+akj1c+6Pdw3ZdVea3Qf4BqckGTGn
xj0=
-----END CERTIFICATE-----