Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/lrHXmWP0NDLet3WXHOp2jCtjuFg.roa
File:                     lrHXmWP0NDLet3WXHOp2jCtjuFg.roa (raw, json)
Hash identifier:          d7VJvXzTJ3eN9IfIf6pvHxf6r2q+Qd8HjsZOmQmGeQY=
Subject key identifier:   96:B1:D7:99:63:F4:34:32:DE:B7:75:97:1C:EA:76:8C:2B:63:B8:58
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188A86DDD4003F0002ACACE2A881AD1C93D
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/lrHXmWP0NDLet3WXHOp2jCtjuFg.roa
Signing time:             Sun 11 Jun 2023 03:09:12 +0000
ROA not before:           Sun 11 Jun 2023 03:09:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:a8:6d:dd:40:03:f0:00:2a:ca:ce:2a:88:1a:d1:c9:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 11 03:09:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=96b1d79963f43432deb775971cea768c2b63b858
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:d7:71:a0:b2:1e:91:32:ec:aa:cc:a7:09:f0:
                    98:2f:9f:a6:0c:67:e5:40:00:83:42:1c:1b:1e:ee:
                    8e:c4:81:4b:09:9c:d0:2e:46:fa:b6:6c:5e:9f:e9:
                    22:af:e8:fc:f6:83:d7:21:50:f5:5d:65:b5:ba:48:
                    1a:28:0c:74:b4:e8:9a:c6:d5:45:43:01:eb:71:05:
                    b2:a5:bc:ed:0c:7d:d0:9f:92:2d:19:3b:cd:7c:79:
                    48:e9:85:ee:38:23:97:87:dd:35:c8:2f:b3:d7:9f:
                    ac:0d:02:28:fb:d3:7b:d9:d8:61:3d:8f:ed:1f:b7:
                    04:37:79:9a:11:c5:1d:42:22:ea:fa:fe:df:65:0d:
                    e4:4e:99:25:d2:e0:73:72:d2:82:34:1f:5f:96:b9:
                    a3:46:cf:dc:b2:0b:44:8e:4d:d8:f9:6e:fe:67:c3:
                    92:95:a0:4e:89:73:f9:80:ba:18:1e:21:d8:60:3a:
                    1f:c7:45:e9:8d:02:99:3a:b7:a6:34:3e:4e:be:79:
                    6f:5b:d3:e2:92:e9:fa:17:0e:59:fb:a5:c6:92:85:
                    97:9b:2e:85:c0:41:cb:e1:88:17:c7:d8:12:a4:97:
                    ff:d2:c9:1e:04:db:ca:b7:2c:ba:99:9b:97:f9:1b:
                    07:39:0b:81:5a:0b:51:59:4d:b6:64:9d:59:d1:66:
                    40:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:B1:D7:99:63:F4:34:32:DE:B7:75:97:1C:EA:76:8C:2B:63:B8:58
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/lrHXmWP0NDLet3WXHOp2jCtjuFg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         08:4c:7d:84:8a:69:30:07:03:78:7a:1c:a5:05:81:e3:bc:ad:
         6c:19:19:84:a6:61:42:04:f5:a8:a1:7b:5d:0c:9a:f1:67:59:
         17:c6:3a:86:36:2c:b3:fe:3c:6a:ad:59:90:9a:3d:39:1c:c6:
         97:ab:98:12:7c:1d:99:7c:04:38:a9:13:bc:27:b2:65:29:14:
         95:98:d5:8c:92:b6:78:7d:3c:2c:92:f9:c9:df:2e:76:4f:fa:
         92:f6:b0:c1:20:14:a7:91:71:bd:68:29:9d:28:1e:52:fe:90:
         07:57:3b:3f:e6:3d:c8:75:e4:f7:9f:c8:44:79:ed:70:ba:14:
         59:5b:21:92:7f:0f:f8:57:76:c8:a5:a8:a0:01:38:29:a4:6e:
         a1:86:79:be:61:35:fe:59:3e:c5:11:19:05:8a:c0:a9:0a:56:
         6e:b7:d9:ad:d0:22:84:77:74:c3:c8:e7:e6:8b:15:a7:3f:c5:
         e9:9a:24:da:cb:1d:e5:9a:36:05:8b:1c:a6:0c:2d:52:a6:ec:
         fe:48:28:a3:3a:16:97:99:f4:ad:38:56:2c:48:44:88:d2:ad:
         61:0e:1c:70:5e:d3:43:4b:79:e2:29:4e:c2:ac:f4:5a:5d:9b:
         df:25:e4:16:c3:73:11:4c:92:90:7b:bb:36:b7:86:35:f8:f0:
         aa:d6:21:73
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiobd1AA/AAKsrOKoga0ck9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjExMDMwOTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmIxZDc5OTYzZjQzNDMyZGViNzc1OTcxY2VhNzY4YzJiNjNiODU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9dxoLIekTLsqsynCfCYL5+mDGfl
QACDQhwbHu6OxIFLCZzQLkb6tmxen+kir+j89oPXIVD1XWW1ukgaKAx0tOiaxtVF
QwHrcQWypbztDH3Qn5ItGTvNfHlI6YXuOCOXh901yC+z15+sDQIo+9N72dhhPY/t
H7cEN3maEcUdQiLq+v7fZQ3kTpkl0uBzctKCNB9flrmjRs/csgtEjk3Y+W7+Z8OS
laBOiXP5gLoYHiHYYDofx0XpjQKZOremND5OvnlvW9Pikun6Fw5Z+6XGkoWXmy6F
wEHL4YgXx9gSpJf/0skeBNvKtyy6mZuX+RsHOQuBWgtRWU22ZJ1Z0WZAaQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJax15lj9DQy3rd1lxzqdowrY7hYMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbHJIWG1XUDBORExldDNXWEhPcDJqQ3RqdUZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAhMfYSKaTAHA3h6HKUF
geO8rWwZGYSmYUIE9aihe10MmvFnWRfGOoY2LLP+PGqtWZCaPTkcxpermBJ8HZl8
BDipE7wnsmUpFJWY1YyStnh9PCyS+cnfLnZP+pL2sMEgFKeRcb1oKZ0oHlL+kAdX
Oz/mPch15PefyER57XC6FFlbIZJ/D/hXdsilqKABOCmkbqGGeb5hNf5ZPsURGQWK
wKkKVm632a3QIoR3dMPI5+aLFac/xemaJNrLHeWaNgWLHKYMLVKm7P5IKKM6FpeZ
9K04VixIRIjSrWEOHHBe00NLeeIpTsKs9Fpdm98l5BbDcxFMkpB7uza3hjX48KrW
IXM=
-----END CERTIFICATE-----