Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ov_NkcVARD7yjekWD0aTqwoZmNE.roa
File:                     ov_NkcVARD7yjekWD0aTqwoZmNE.roa (raw, json)
Hash identifier:          BEVQBAWP0O2TjJwj+0ua+P4IroPybUs9RGzxujNTKYg=
Subject key identifier:   A2:FF:CD:91:C5:40:44:3E:F2:8D:E9:16:0F:46:93:AB:0A:19:98:D1
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01898203AF1C426799FFB2F069FD8E9D9987
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ov_NkcVARD7yjekWD0aTqwoZmNE.roa
Signing time:             Sun 23 Jul 2023 09:10:26 +0000
ROA not before:           Sun 23 Jul 2023 09:10:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:82:03:af:1c:42:67:99:ff:b2:f0:69:fd:8e:9d:99:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 23 09:10:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a2ffcd91c540443ef28de9160f4693ab0a1998d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:e9:f1:96:49:d2:3a:a7:3e:1c:2c:c1:ca:27:
                    11:5e:34:b4:91:5e:6d:33:94:4d:0c:92:5b:0f:57:
                    6c:2c:9b:80:34:e0:6c:bb:76:3c:25:d7:e9:97:39:
                    17:4e:a5:9c:6b:ed:0a:6e:d9:e7:49:b6:cf:92:47:
                    b5:ad:b8:3a:98:b4:7b:52:c7:57:14:e0:d2:44:b2:
                    e1:0c:eb:e0:59:65:78:a4:51:3d:16:f8:da:cf:85:
                    95:22:99:f1:c6:c1:1c:d5:c6:a0:69:a1:0b:bb:17:
                    11:01:78:5e:88:d2:81:24:70:c4:0a:f2:af:1a:fc:
                    41:b8:60:7f:10:fa:83:58:97:f4:11:ba:e0:d4:ba:
                    c9:9f:64:e1:26:36:b9:25:95:46:90:92:c6:85:40:
                    f8:de:7a:96:5f:f5:7e:5a:6c:dd:29:61:cf:64:84:
                    21:f7:a5:0d:09:35:7c:ae:23:7b:ba:53:52:ee:bd:
                    e4:b7:d3:28:7d:5a:2e:c4:32:4f:9f:33:b7:c2:e3:
                    fa:43:76:58:8e:97:c1:2a:81:e5:27:a3:c3:fe:a2:
                    ba:89:09:7a:e5:7e:f0:87:41:12:77:08:f3:2c:52:
                    5f:6b:75:f2:d4:81:78:77:3c:28:ab:a2:bd:65:4f:
                    ec:cf:60:67:7b:32:30:0f:82:2f:f4:6d:7f:0c:c4:
                    5e:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:FF:CD:91:C5:40:44:3E:F2:8D:E9:16:0F:46:93:AB:0A:19:98:D1
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ov_NkcVARD7yjekWD0aTqwoZmNE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         88:00:81:35:b9:c7:4e:70:0c:ed:db:ba:89:0d:cc:ce:5a:5c:
         b1:e6:c3:c4:06:17:e3:c0:15:4c:4d:76:27:e1:b8:9f:a2:e3:
         e3:c8:e8:92:64:34:4f:0c:e3:0d:f4:ae:25:c4:ac:12:c1:28:
         d8:c2:fb:2d:e5:52:d8:cc:5a:86:f9:99:6d:f3:ca:b6:5b:93:
         aa:c3:14:31:5d:b3:5c:8d:75:9d:40:da:dd:65:19:ee:9a:ba:
         a2:2f:1b:3d:16:b8:9b:a7:40:99:41:2c:21:16:2f:b3:ac:df:
         22:81:b2:e2:49:e6:85:06:eb:7a:a7:40:32:07:e2:dd:1a:fc:
         1a:94:d8:01:d8:06:2d:e4:e2:7e:fb:c2:3e:9b:24:fe:ac:94:
         d3:4e:57:e1:ab:df:20:bf:63:44:2a:55:f8:be:f1:0c:7d:a1:
         de:d6:26:39:0b:69:cf:21:c9:99:db:1a:f1:1a:de:e3:7d:14:
         96:59:72:28:95:da:bb:0b:ae:c9:b6:0c:b0:4a:d2:f5:66:ba:
         ef:2e:a0:05:60:24:35:9a:24:1a:ac:6d:32:78:f4:e8:be:65:
         88:b2:4f:7d:b9:42:d4:29:69:6a:83:23:05:6e:e7:d8:e6:36:
         d9:6c:f3:22:6b:52:bd:18:1a:3c:2a:df:70:f3:11:30:d5:3d:
         37:14:87:40
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYmCA68cQmeZ/7Lwaf2OnZmHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzIzMDkxMDI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmZmY2Q5MWM1NDA0NDNlZjI4ZGU5MTYwZjQ2OTNhYjBhMTk5OGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmunxlknSOqc+HCzByicRXjS0kV5t
M5RNDJJbD1dsLJuANOBsu3Y8JdfplzkXTqWca+0KbtnnSbbPkke1rbg6mLR7UsdX
FODSRLLhDOvgWWV4pFE9Fvjaz4WVIpnxxsEc1cagaaELuxcRAXheiNKBJHDECvKv
GvxBuGB/EPqDWJf0Ebrg1LrJn2ThJja5JZVGkJLGhUD43nqWX/V+WmzdKWHPZIQh
96UNCTV8riN7ulNS7r3kt9MofVouxDJPnzO3wuP6Q3ZYjpfBKoHlJ6PD/qK6iQl6
5X7wh0ESdwjzLFJfa3Xy1IF4dzwoq6K9ZU/sz2BnezIwD4Iv9G1/DMReaQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKL/zZHFQEQ+8o3pFg9Gk6sKGZjRMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvb3ZfTmtjVkFSRDd5amVrV0QwYVRxd29abU5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIgAgTW5x05wDO3buokN
zM5aXLHmw8QGF+PAFUxNdifhuJ+i4+PI6JJkNE8M4w30riXErBLBKNjC+y3lUtjM
Wob5mW3zyrZbk6rDFDFds1yNdZ1A2t1lGe6auqIvGz0WuJunQJlBLCEWL7Os3yKB
suJJ5oUG63qnQDIH4t0a/BqU2AHYBi3k4n77wj6bJP6slNNOV+Gr3yC/Y0QqVfi+
8Qx9od7WJjkLac8hyZnbGvEa3uN9FJZZciiV2rsLrsm2DLBK0vVmuu8uoAVgJDWa
JBqsbTJ49Oi+ZYiyT325QtQpaWqDIwVu59jmNtls8yJrUr0YGjwq33DzETDVPTcU
h0A=
-----END CERTIFICATE-----