Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/o6_jShQIel-yYqi551rXMF1-nDM.roa
File:                     o6_jShQIel-yYqi551rXMF1-nDM.roa (raw, json)
Hash identifier:          aCOBfGRG8siPr41bLZ4uAP06O3MpC8O3rgRIq9kAfV0=
Subject key identifier:   A3:AF:E3:4A:14:08:7A:5F:B2:62:A8:B9:E7:5A:D7:30:5D:7E:9C:33
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01895263FF775520987542E80F8913C40A40
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/o6_jShQIel-yYqi551rXMF1-nDM.roa
Signing time:             Fri 14 Jul 2023 03:13:52 +0000
ROA not before:           Fri 14 Jul 2023 03:13:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:52:63:ff:77:55:20:98:75:42:e8:0f:89:13:c4:0a:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 14 03:13:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a3afe34a14087a5fb262a8b9e75ad7305d7e9c33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:d3:e8:4b:07:2e:14:2a:e5:03:c2:c7:e1:be:
                    82:82:49:8a:f4:7a:85:1c:a1:09:6a:54:78:21:2f:
                    bc:39:d9:b3:66:78:fe:f7:0e:a4:9f:f7:ea:e3:67:
                    58:39:f3:e0:93:69:33:00:04:44:fb:cb:b9:55:27:
                    f1:e6:f5:57:21:65:6d:b9:9f:0a:e7:4a:17:cb:c0:
                    4c:35:d6:f9:9d:f1:5c:20:21:c2:5c:6d:64:e2:62:
                    d3:dc:de:87:cc:15:15:c1:6a:66:38:89:6c:89:b2:
                    ba:a9:5e:6c:c4:7d:7b:78:60:a5:35:28:0d:3f:4b:
                    47:6b:69:34:50:10:72:a1:f0:29:be:dd:74:55:d0:
                    82:23:e8:ea:a2:f8:f9:a2:42:1b:22:f2:96:ea:92:
                    6a:44:69:1b:4b:af:82:21:a6:4b:11:fb:04:46:b4:
                    5e:79:75:16:a2:2b:4a:c7:99:0e:fa:da:62:22:6c:
                    5b:f3:76:32:f4:cb:97:2d:74:d8:d2:29:f4:80:cd:
                    ba:91:28:34:9a:55:86:a7:55:91:55:66:67:f5:48:
                    59:b0:56:9b:21:a8:85:d6:70:8d:f8:7c:5c:01:c2:
                    94:44:37:9b:84:fb:8c:ce:76:70:e8:11:16:e3:f5:
                    7f:58:4f:f4:8d:14:84:43:f6:7e:7a:37:e6:31:ff:
                    98:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:AF:E3:4A:14:08:7A:5F:B2:62:A8:B9:E7:5A:D7:30:5D:7E:9C:33
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/o6_jShQIel-yYqi551rXMF1-nDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:be:27:cc:06:46:90:3e:ab:6b:67:10:f4:36:ec:f9:87:00:
         6b:8e:ed:55:22:28:82:39:eb:00:37:df:9e:ae:0c:48:1e:57:
         f8:07:d8:ae:ef:fb:37:4d:a0:97:96:1f:7f:cd:b4:a2:13:b5:
         f6:6e:87:08:36:c5:ef:30:41:84:46:9e:8c:01:5f:e4:c4:9a:
         59:b8:1e:19:26:b4:dc:a1:1c:e4:16:2f:0b:5c:32:42:08:0d:
         b8:df:67:8e:34:ed:62:b1:b0:0e:fa:5f:bc:bc:9d:df:f5:1d:
         19:e8:a3:d0:5a:92:29:dc:6f:60:ee:80:f0:13:92:40:2c:dd:
         19:65:68:7a:ea:21:72:3e:1e:b3:d0:7d:20:c1:10:73:97:ac:
         e8:8c:34:2f:16:35:4a:1b:65:7b:44:89:23:f5:eb:3d:21:5d:
         63:bd:51:d8:c2:03:77:d9:c0:a0:db:9a:2d:e8:b8:71:bf:7c:
         d7:92:c2:83:dd:75:a4:7b:02:60:92:93:9c:0b:01:6f:01:b0:
         94:fa:98:d0:d4:98:c8:72:24:06:cb:26:a7:91:9c:2e:a0:b9:
         d4:4a:77:78:38:5a:7a:38:76:cf:91:95:2a:72:37:fc:9d:6e:
         1b:a0:32:db:73:01:92:bd:89:45:00:63:5e:ec:2d:e5:55:28:
         94:f2:24:8a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlSY/93VSCYdULoD4kTxApAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzE0MDMxMzUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2FmZTM0YTE0MDg3YTVmYjI2MmE4YjllNzVhZDczMDVkN2U5YzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAotPoSwcuFCrlA8LH4b6CgkmK9HqF
HKEJalR4IS+8OdmzZnj+9w6kn/fq42dYOfPgk2kzAARE+8u5VSfx5vVXIWVtuZ8K
50oXy8BMNdb5nfFcICHCXG1k4mLT3N6HzBUVwWpmOIlsibK6qV5sxH17eGClNSgN
P0tHa2k0UBByofApvt10VdCCI+jqovj5okIbIvKW6pJqRGkbS6+CIaZLEfsERrRe
eXUWoitKx5kO+tpiImxb83Yy9MuXLXTY0in0gM26kSg0mlWGp1WRVWZn9UhZsFab
IaiF1nCN+HxcAcKURDebhPuMznZw6BEW4/V/WE/0jRSEQ/Z+ejfmMf+YBwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKOv40oUCHpfsmKoueda1zBdfpwzMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbzZfalNoUUllbC15WXFpNTUxclhNRjEtbkRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGC+J8wGRpA+q2tnEPQ2
7PmHAGuO7VUiKII56wA3356uDEgeV/gH2K7v+zdNoJeWH3/NtKITtfZuhwg2xe8w
QYRGnowBX+TEmlm4HhkmtNyhHOQWLwtcMkIIDbjfZ4407WKxsA76X7y8nd/1HRno
o9Bakincb2DugPATkkAs3RllaHrqIXI+HrPQfSDBEHOXrOiMNC8WNUobZXtEiSP1
6z0hXWO9UdjCA3fZwKDbmi3ouHG/fNeSwoPddaR7AmCSk5wLAW8BsJT6mNDUmMhy
JAbLJqeRnC6gudRKd3g4Wno4ds+RlSpyN/ydbhugMttzAZK9iUUAY17sLeVVKJTy
JIo=
-----END CERTIFICATE-----