Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/lu2HON0zXeES2uXQNY51x_DeG6k.roa
File:                     lu2HON0zXeES2uXQNY51x_DeG6k.roa (raw, json)
Hash identifier:          tf0mcWJr9CeIrdGilRxADMj2riKuOjEABdRqmJIlTZY=
Subject key identifier:   96:ED:87:38:DD:33:5D:E1:12:DA:E5:D0:35:8E:75:C7:F0:DE:1B:A9
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018958661476A6F0FD217E106CB3DF504E20
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/lu2HON0zXeES2uXQNY51x_DeG6k.roa
Signing time:             Sat 15 Jul 2023 07:13:52 +0000
ROA not before:           Sat 15 Jul 2023 07:13:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:58:66:14:76:a6:f0:fd:21:7e:10:6c:b3:df:50:4e:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 15 07:13:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=96ed8738dd335de112dae5d0358e75c7f0de1ba9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:45:1a:19:39:23:74:1b:be:e2:ff:e2:fc:8a:
                    ee:78:22:01:ca:50:a1:ef:29:12:de:38:16:b9:14:
                    86:c1:e4:4f:03:b0:1b:cf:68:35:31:67:a4:55:03:
                    e4:0c:d8:4f:36:24:27:33:15:f6:9f:17:f0:46:a0:
                    f9:5f:53:33:c2:63:6b:69:f5:3b:40:b7:f6:52:3c:
                    1c:69:ab:37:b1:a5:8c:c7:f5:8c:46:05:a3:a6:5c:
                    87:b4:f3:d1:00:a2:b6:4e:2a:f4:8c:fa:2b:0b:a2:
                    bd:bf:83:59:74:74:7b:19:bb:7b:f8:7e:32:8e:d3:
                    6c:5c:c9:80:72:b3:b1:0b:23:59:df:b6:8c:6d:15:
                    9f:53:63:02:ae:d5:a2:d7:bb:f0:35:8e:b2:87:40:
                    b6:dc:59:07:52:89:ae:a5:48:a1:fc:30:a5:c3:d4:
                    ad:34:8a:80:ca:89:97:1d:9b:98:53:94:c1:77:e5:
                    4c:f4:98:c8:40:cf:80:9b:10:bc:23:01:d1:b2:1b:
                    6f:d3:b2:15:8c:88:23:90:e5:21:ac:20:3f:be:93:
                    1b:0c:c1:81:89:d3:e6:f6:19:4d:d8:20:5c:4a:f7:
                    7a:fa:7f:82:bc:99:d8:5c:0e:b5:79:54:f4:10:3b:
                    5d:5f:81:d1:c9:45:88:2e:75:80:f7:16:a0:82:69:
                    64:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:ED:87:38:DD:33:5D:E1:12:DA:E5:D0:35:8E:75:C7:F0:DE:1B:A9
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/lu2HON0zXeES2uXQNY51x_DeG6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         33:c9:47:92:46:5e:18:d1:73:95:ba:14:25:88:76:1d:fe:dd:
         72:f9:cb:61:66:64:c8:2a:28:e7:77:f5:24:f2:4e:2a:fd:fc:
         ae:c7:0f:29:de:26:a5:2b:3b:75:71:b0:d7:15:43:26:09:e3:
         66:36:92:9c:77:58:b3:00:5c:e8:ac:fe:de:b3:5a:82:7e:c9:
         e8:2e:a8:bb:92:92:08:12:0c:4e:38:c5:48:c9:6b:f9:b5:8c:
         f3:b3:95:08:b3:20:ee:ac:b7:b3:e2:ad:a5:79:20:d9:67:20:
         06:cb:13:fa:3d:00:70:cc:4a:5e:d6:14:78:40:b2:ce:d7:9e:
         f0:72:7c:c6:9c:1c:8b:92:2f:47:c8:41:ac:8b:f6:c7:a8:a5:
         3a:86:d0:c1:2c:a2:cf:ac:1c:b6:80:53:ff:18:c8:74:43:42:
         23:b8:28:37:08:0a:5e:11:1b:59:d1:3a:f3:49:c9:2b:8c:76:
         09:3f:14:62:74:df:73:8b:04:e8:7e:00:7d:01:f3:20:11:ab:
         fa:e7:64:af:9c:6f:b8:1b:2b:78:63:b6:a5:3d:1d:b5:1f:79:
         7d:96:53:99:b1:19:b7:67:66:c4:2d:5d:33:3a:5d:a1:39:c4:
         86:f3:0a:55:0c:e5:1a:ff:4e:b4:06:0d:a0:ea:be:0c:b1:1c:
         26:a1:4c:90
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlYZhR2pvD9IX4QbLPfUE4gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzE1MDcxMzUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmVkODczOGRkMzM1ZGUxMTJkYWU1ZDAzNThlNzVjN2YwZGUxYmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA10UaGTkjdBu+4v/i/IrueCIBylCh
7ykS3jgWuRSGweRPA7Abz2g1MWekVQPkDNhPNiQnMxX2nxfwRqD5X1MzwmNrafU7
QLf2Ujwcaas3saWMx/WMRgWjplyHtPPRAKK2Tir0jPorC6K9v4NZdHR7Gbt7+H4y
jtNsXMmAcrOxCyNZ37aMbRWfU2MCrtWi17vwNY6yh0C23FkHUomupUih/DClw9St
NIqAyomXHZuYU5TBd+VM9JjIQM+AmxC8IwHRshtv07IVjIgjkOUhrCA/vpMbDMGB
idPm9hlN2CBcSvd6+n+CvJnYXA61eVT0EDtdX4HRyUWILnWA9xaggmlkGQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJbthzjdM13hEtrl0DWOdcfw3hupMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbHUySE9OMHpYZUVTMnVYUU5ZNTF4X0RlRzZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADPJR5JGXhjRc5W6FCWI
dh3+3XL5y2FmZMgqKOd39STyTir9/K7HDyneJqUrO3VxsNcVQyYJ42Y2kpx3WLMA
XOis/t6zWoJ+yeguqLuSkggSDE44xUjJa/m1jPOzlQizIO6st7PiraV5INlnIAbL
E/o9AHDMSl7WFHhAss7XnvByfMacHIuSL0fIQayL9seopTqG0MEsos+sHLaAU/8Y
yHRDQiO4KDcICl4RG1nROvNJySuMdgk/FGJ033OLBOh+AH0B8yARq/rnZK+cb7gb
K3hjtqU9HbUfeX2WU5mxGbdnZsQtXTM6XaE5xIbzClUM5Rr/TrQGDaDqvgyxHCah
TJA=
-----END CERTIFICATE-----