Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/pKESI-co5gHt4dwSeQ433hexbik.roa
File:                     pKESI-co5gHt4dwSeQ433hexbik.roa (raw, json)
Hash identifier:          xYUOdjSbTf6r7II8KBsMwXxFR989Lsx5pq8dQDZkPbk=
Subject key identifier:   A4:A1:12:23:E7:28:E6:01:ED:E1:DC:12:79:0E:37:DE:17:B1:6E:29
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01882442DF9E423A9C289F8387FF1D755E23
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/pKESI-co5gHt4dwSeQ433hexbik.roa
Signing time:             Tue 16 May 2023 11:12:22 +0000
ROA not before:           Tue 16 May 2023 11:12:22 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:24:42:df:9e:42:3a:9c:28:9f:83:87:ff:1d:75:5e:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 16 11:12:22 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a4a11223e728e601ede1dc12790e37de17b16e29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:73:ee:a6:e8:a4:cc:37:e1:1c:a5:40:af:1e:
                    ef:45:7a:cd:7e:fa:54:30:7e:55:36:01:a7:e4:68:
                    d9:64:fe:8b:d3:0d:f9:53:5e:20:0b:f6:5e:ad:37:
                    57:ce:ea:8f:62:fe:56:73:39:ad:45:1f:4f:9d:f3:
                    cc:9c:74:a5:c9:51:5d:28:0b:50:37:1b:fe:d6:c2:
                    21:81:23:ba:55:cf:24:9f:c3:32:a7:40:07:04:35:
                    57:20:8a:43:40:5b:15:52:5f:b9:4d:84:5c:23:bb:
                    fd:e4:f0:9e:69:3c:ee:9e:25:58:6b:18:b0:30:59:
                    a1:c1:70:b4:8a:54:ae:dc:b0:4a:b8:4f:17:c8:47:
                    d3:40:30:04:7b:19:65:67:3d:51:f7:41:30:2b:0e:
                    42:fd:f7:5a:81:f5:7b:4d:fa:57:86:ec:bf:a1:58:
                    1e:e2:1c:a9:39:73:dd:eb:88:da:bb:25:42:b3:57:
                    ce:d7:30:b8:6b:ae:4b:52:1e:4f:11:bc:3d:11:ea:
                    23:3e:0f:fc:82:37:5a:a4:0a:dc:56:0c:43:6a:00:
                    1e:2b:3c:f8:cb:16:a9:93:8f:f5:ed:5d:6f:bc:9e:
                    c0:b2:e9:e2:36:43:02:f5:31:06:2d:76:19:fb:04:
                    45:3d:14:ce:37:e2:60:79:33:71:4e:e5:a0:0e:a6:
                    35:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:A1:12:23:E7:28:E6:01:ED:E1:DC:12:79:0E:37:DE:17:B1:6E:29
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/pKESI-co5gHt4dwSeQ433hexbik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a0:08:9c:97:36:57:46:d4:5b:ce:da:24:8b:85:a0:a8:c0:1d:
         9d:1e:28:bd:0e:4b:52:ad:fe:00:7d:0a:a5:cf:e5:2a:8f:89:
         58:df:c3:78:5f:14:71:8d:c7:13:21:63:5a:c0:44:db:7e:8c:
         b0:2b:97:23:07:39:15:62:1e:e8:56:e5:59:f7:8e:03:c2:7f:
         11:1c:fb:7f:6c:a5:2a:b4:8e:b9:d0:e4:d4:6f:d6:0e:ad:f2:
         e2:55:c7:14:7b:f8:06:96:7e:3d:f6:3c:55:6d:e4:4e:64:5c:
         0f:13:2e:d4:47:cc:3e:7f:81:44:b6:c7:bc:90:6d:26:27:c6:
         af:97:e4:e3:d5:c8:f2:dc:11:90:6d:75:21:ef:25:fb:06:b1:
         7b:33:75:54:4e:b8:0c:73:1e:56:ac:0c:48:00:8e:96:85:34:
         78:99:e2:73:50:1d:4d:30:79:55:e1:c0:fc:00:00:bc:f7:2f:
         21:27:68:ab:c2:6f:67:36:1f:09:4c:85:1c:14:c7:2f:e4:c7:
         32:ad:45:9a:a0:74:f9:71:3e:aa:74:90:c7:5a:40:cd:5a:1f:
         6a:b8:69:b2:d1:71:56:1d:20:d8:3a:76:4d:69:db:5b:e5:d1:
         0e:8b:81:9e:16:a8:b4:60:c5:f0:8b:e9:b8:d6:ed:54:a4:05:
         54:3c:8a:d2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgkQt+eQjqcKJ+Dh/8ddV4jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTE2MTExMjIyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGExMTIyM2U3MjhlNjAxZWRlMWRjMTI3OTBlMzdkZTE3YjE2ZTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmXPupuikzDfhHKVArx7vRXrNfvpU
MH5VNgGn5GjZZP6L0w35U14gC/ZerTdXzuqPYv5WczmtRR9PnfPMnHSlyVFdKAtQ
Nxv+1sIhgSO6Vc8kn8Myp0AHBDVXIIpDQFsVUl+5TYRcI7v95PCeaTzuniVYaxiw
MFmhwXC0ilSu3LBKuE8XyEfTQDAEexllZz1R90EwKw5C/fdagfV7TfpXhuy/oVge
4hypOXPd64jauyVCs1fO1zC4a65LUh5PEbw9EeojPg/8gjdapArcVgxDagAeKzz4
yxapk4/17V1vvJ7AsuniNkMC9TEGLXYZ+wRFPRTON+JgeTNxTuWgDqY1UQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKShEiPnKOYB7eHcEnkON94XsW4pMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcEtFU0ktY281Z0h0NGR3U2VRNDMzaGV4YmlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKAInJc2V0bUW87aJIuF
oKjAHZ0eKL0OS1Kt/gB9CqXP5SqPiVjfw3hfFHGNxxMhY1rARNt+jLArlyMHORVi
HuhW5Vn3jgPCfxEc+39spSq0jrnQ5NRv1g6t8uJVxxR7+AaWfj32PFVt5E5kXA8T
LtRHzD5/gUS2x7yQbSYnxq+X5OPVyPLcEZBtdSHvJfsGsXszdVROuAxzHlasDEgA
jpaFNHiZ4nNQHU0weVXhwPwAALz3LyEnaKvCb2c2HwlMhRwUxy/kxzKtRZqgdPlx
Pqp0kMdaQM1aH2q4abLRcVYdINg6dk1p21vl0Q6LgZ4WqLRgxfCL6bjW7VSkBVQ8
itI=
-----END CERTIFICATE-----