Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/nImcftkyAnqeMjRwspibqTwotZU.roa
File:                     nImcftkyAnqeMjRwspibqTwotZU.roa (raw, json)
Hash identifier:          KSHEvEslCCoX6O/zODFuLpIxJYzK9UwOm4vFULtYAKI=
Subject key identifier:   9C:89:9C:7E:D9:32:02:7A:9E:32:34:70:B2:98:9B:A9:3C:28:B5:95
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01889FDA6D2B5CCF83D090DEA3F71798CDF8
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/nImcftkyAnqeMjRwspibqTwotZU.roa
Signing time:             Fri 09 Jun 2023 11:11:12 +0000
ROA not before:           Fri 09 Jun 2023 11:11:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:9f:da:6d:2b:5c:cf:83:d0:90:de:a3:f7:17:98:cd:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  9 11:11:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9c899c7ed932027a9e323470b2989ba93c28b595
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:7c:de:8e:a7:87:09:d8:1d:49:fc:0e:23:24:
                    4c:9a:7d:f7:9b:54:94:66:cc:a0:33:95:c1:96:28:
                    b4:d2:64:8c:5b:f7:93:cb:b2:dd:4b:43:36:de:bc:
                    c1:8b:56:36:0a:07:e1:81:fd:97:c8:d3:c3:fc:c3:
                    f5:9c:14:54:a8:04:45:8d:99:0e:73:6d:83:ea:9f:
                    bf:b0:7f:e1:3e:7a:12:38:8e:da:ca:9d:3a:10:ff:
                    8c:2e:14:48:28:0b:4a:e6:94:b4:9a:3c:da:06:13:
                    18:c4:ea:ef:f2:0a:77:31:3b:f1:0a:02:ac:80:b4:
                    0e:e4:52:17:3a:e6:db:d6:b2:31:26:eb:a4:41:1a:
                    65:6e:15:dd:97:1b:37:27:08:69:47:49:4b:49:e7:
                    f2:be:76:95:03:6d:1b:7d:e5:7a:14:b9:64:f9:69:
                    e8:fd:61:8b:56:bb:b1:6d:2e:15:87:e8:ad:b9:ff:
                    86:e4:73:4c:ef:bc:d9:d0:98:5c:13:fb:34:c2:28:
                    92:36:fa:37:bc:3c:ee:82:2a:6a:13:f0:7a:dc:cd:
                    d4:67:73:30:23:e4:e9:37:d6:ca:c5:88:5c:8a:9d:
                    f1:14:1b:b3:8e:bb:ce:5d:b1:6c:b0:85:cd:2f:ce:
                    74:18:24:e0:43:ae:77:9a:f6:0a:d6:8c:e2:cb:b6:
                    13:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:89:9C:7E:D9:32:02:7A:9E:32:34:70:B2:98:9B:A9:3C:28:B5:95
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/nImcftkyAnqeMjRwspibqTwotZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         69:c9:3d:73:b6:d4:3f:1c:66:cc:e6:b0:c8:98:d9:59:e7:51:
         47:80:4e:b3:6e:4f:6a:04:a9:4e:c4:9f:91:4c:b3:90:56:58:
         57:78:87:c8:a5:af:e7:c9:42:f4:a9:4f:27:39:88:a7:c0:37:
         7d:45:dc:ea:ed:15:39:aa:88:19:28:55:fc:b5:67:57:38:a5:
         8c:02:0a:25:b0:a9:b8:34:e7:a7:d7:c7:b4:2a:86:57:16:ad:
         1b:7f:0b:d6:5d:ad:c4:46:0c:7f:d1:5e:b7:b6:92:d9:4c:62:
         6c:24:44:79:5b:84:d1:ae:12:69:05:12:4d:c0:2b:0a:f1:08:
         f7:5b:f1:4a:ff:97:d6:bc:38:e6:b1:8b:85:ef:1d:7d:f2:7e:
         2d:6b:f0:dd:3e:d6:61:23:a6:93:63:94:a4:c9:8f:2e:d8:2b:
         d4:f1:a3:1c:f6:e0:3e:f3:87:3d:5f:84:84:dd:fd:51:ab:19:
         b0:66:ee:b4:a0:9a:50:2c:d1:24:e5:fd:69:0b:7e:ff:96:99:
         22:49:fc:d6:a0:3b:91:d1:e0:4f:71:35:49:51:e8:61:94:05:
         af:3a:d9:2c:a7:01:db:7a:be:d5:75:27:f3:95:9d:b5:3e:32:
         93:9f:dc:73:8f:d7:50:25:ae:63:90:36:72:48:22:67:32:e5:
         53:cb:da:dd
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYif2m0rXM+D0JDeo/cXmM34MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA5MTExMTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Yzg5OWM3ZWQ5MzIwMjdhOWUzMjM0NzBiMjk4OWJhOTNjMjhiNTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmXzejqeHCdgdSfwOIyRMmn33m1SU
ZsygM5XBlii00mSMW/eTy7LdS0M23rzBi1Y2Cgfhgf2XyNPD/MP1nBRUqARFjZkO
c22D6p+/sH/hPnoSOI7ayp06EP+MLhRIKAtK5pS0mjzaBhMYxOrv8gp3MTvxCgKs
gLQO5FIXOubb1rIxJuukQRplbhXdlxs3JwhpR0lLSefyvnaVA20bfeV6FLlk+Wno
/WGLVruxbS4Vh+ituf+G5HNM77zZ0JhcE/s0wiiSNvo3vDzugipqE/B63M3UZ3Mw
I+TpN9bKxYhcip3xFBuzjrvOXbFssIXNL850GCTgQ653mvYK1oziy7YTNQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJyJnH7ZMgJ6njI0cLKYm6k8KLWVMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbkltY2Z0a3lBbnFlTWpSd3NwaWJxVHdvdFpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGnJPXO21D8cZszmsMiY
2VnnUUeATrNuT2oEqU7En5FMs5BWWFd4h8ilr+fJQvSpTyc5iKfAN31F3OrtFTmq
iBkoVfy1Z1c4pYwCCiWwqbg056fXx7QqhlcWrRt/C9ZdrcRGDH/RXre2ktlMYmwk
RHlbhNGuEmkFEk3AKwrxCPdb8Ur/l9a8OOaxi4XvHX3yfi1r8N0+1mEjppNjlKTJ
jy7YK9Txoxz24D7zhz1fhITd/VGrGbBm7rSgmlAs0STl/WkLfv+WmSJJ/NagO5HR
4E9xNUlR6GGUBa862SynAdt6vtV1J/OVnbU+MpOf3HOP11AlrmOQNnJIImcy5VPL
2t0=
-----END CERTIFICATE-----