Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/rINxyLn1FM30m5GJl72NVUrbYu0.roa
File:                     rINxyLn1FM30m5GJl72NVUrbYu0.roa (raw, json)
Hash identifier:          kUwMeZgoflTZCZw5K3hYv7WgdUMd+PdaH2pK9zlAda8=
Subject key identifier:   AC:83:71:C8:B9:F5:14:CD:F4:9B:91:89:97:BD:8D:55:4A:DB:62:ED
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01895B663572B591211FA0BC57A13202BD3A
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/rINxyLn1FM30m5GJl72NVUrbYu0.roa
Signing time:             Sat 15 Jul 2023 21:12:52 +0000
ROA not before:           Sat 15 Jul 2023 21:12:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:5b:66:35:72:b5:91:21:1f:a0:bc:57:a1:32:02:bd:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 15 21:12:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ac8371c8b9f514cdf49b918997bd8d554adb62ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d8:c3:8d:da:6e:94:5d:34:95:02:8c:ad:f7:
                    d2:d4:98:a3:5b:15:fd:96:b2:2b:5e:1f:05:87:3a:
                    f5:4c:bc:db:3e:4b:14:48:7b:dd:72:34:d0:db:e5:
                    dc:37:a5:4e:fe:22:f1:5d:62:d5:5c:c0:90:23:28:
                    cc:f2:92:8c:a3:e3:c0:40:ea:1b:b7:41:89:fb:64:
                    5a:a5:01:4d:f4:95:52:6f:c6:15:3a:5e:9d:72:3c:
                    07:cf:71:e7:a2:7e:e1:c1:be:30:f0:d7:24:72:c1:
                    71:20:aa:22:07:e9:f8:66:64:1e:16:14:de:6c:cf:
                    26:b4:54:27:ec:59:68:89:93:e4:3a:f4:06:50:ca:
                    4b:a1:48:c8:10:4a:87:6e:9d:19:cf:1a:e7:d8:68:
                    6b:b2:b5:fe:df:dd:ae:0c:79:4a:4e:8a:cd:bc:1c:
                    a6:42:b8:b7:e1:e3:c1:46:dc:69:62:dc:eb:0b:f2:
                    e7:c7:c9:56:06:3e:d2:be:c3:d0:91:f3:b6:aa:b4:
                    8e:cb:31:ab:80:81:0a:27:6b:2a:1f:ee:ef:ff:24:
                    21:0e:55:9d:f4:0e:26:46:ad:72:ea:e7:6d:a4:f0:
                    34:9a:2d:67:4c:f2:fe:39:5d:50:ff:8f:1c:a1:fb:
                    7e:28:45:3f:14:e6:1e:b6:1a:80:81:de:a8:ee:af:
                    b7:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:83:71:C8:B9:F5:14:CD:F4:9B:91:89:97:BD:8D:55:4A:DB:62:ED
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/rINxyLn1FM30m5GJl72NVUrbYu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         80:10:aa:0f:c4:f2:ec:53:ca:68:d0:ac:7b:58:c6:e2:c7:18:
         f3:54:89:aa:e5:ce:aa:72:9f:10:21:b5:a5:0b:b0:57:a6:62:
         7d:2a:dd:34:70:c4:a8:c8:2a:c8:d6:d7:4c:26:78:bd:59:0b:
         d5:24:30:5b:d0:5a:25:58:1f:99:ed:03:6d:92:57:af:c7:9d:
         0e:27:d7:6b:16:a6:b2:c0:87:00:6b:17:93:f1:12:23:3f:72:
         56:b1:fb:6a:a7:41:75:d8:0e:a9:86:a7:83:79:32:4d:07:91:
         48:1b:20:8c:41:43:91:88:d7:ee:19:a6:a9:bf:6b:14:c2:51:
         4c:0a:3c:1f:d0:67:bd:a3:a4:dd:b9:04:e5:66:33:a6:bb:a0:
         98:63:8a:2a:13:6b:17:4f:ee:4b:54:01:fa:a6:e1:3b:f4:1a:
         af:4d:b0:11:16:b3:e0:0f:65:b7:c9:2f:3e:05:e7:a9:4f:22:
         60:77:03:f8:45:47:95:54:de:56:bf:7e:d2:6f:0c:9e:98:c1:
         99:9d:c2:0c:f4:d1:5f:cc:3d:27:4b:db:93:d1:df:19:c1:68:
         de:68:c6:4d:3d:38:d0:5f:13:dc:44:cb:9b:a4:77:34:b5:4c:
         f6:29:e2:57:cd:9c:d0:c9:c9:be:d5:46:81:b5:8e:a1:70:1f:
         45:01:db:9c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlbZjVytZEhH6C8V6EyAr06MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzE1MjExMjUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzgzNzFjOGI5ZjUxNGNkZjQ5YjkxODk5N2JkOGQ1NTRhZGI2MmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstjDjdpulF00lQKMrffS1JijWxX9
lrIrXh8Fhzr1TLzbPksUSHvdcjTQ2+XcN6VO/iLxXWLVXMCQIyjM8pKMo+PAQOob
t0GJ+2RapQFN9JVSb8YVOl6dcjwHz3Hnon7hwb4w8NckcsFxIKoiB+n4ZmQeFhTe
bM8mtFQn7FloiZPkOvQGUMpLoUjIEEqHbp0Zzxrn2GhrsrX+392uDHlKTorNvBym
Qri34ePBRtxpYtzrC/Lnx8lWBj7SvsPQkfO2qrSOyzGrgIEKJ2sqH+7v/yQhDlWd
9A4mRq1y6udtpPA0mi1nTPL+OV1Q/48coft+KEU/FOYethqAgd6o7q+3XwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKyDcci59RTN9JuRiZe9jVVK22LtMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcklOeHlMbjFGTTMwbTVHSmw3Mk5WVXJiWXUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIAQqg/E8uxTymjQrHtY
xuLHGPNUiarlzqpynxAhtaULsFemYn0q3TRwxKjIKsjW10wmeL1ZC9UkMFvQWiVY
H5ntA22SV6/HnQ4n12sWprLAhwBrF5PxEiM/clax+2qnQXXYDqmGp4N5Mk0HkUgb
IIxBQ5GI1+4Zpqm/axTCUUwKPB/QZ72jpN25BOVmM6a7oJhjiioTaxdP7ktUAfqm
4Tv0Gq9NsBEWs+APZbfJLz4F56lPImB3A/hFR5VU3la/ftJvDJ6YwZmdwgz00V/M
PSdL25PR3xnBaN5oxk09ONBfE9xEy5ukdzS1TPYp4lfNnNDJyb7VRoG1jqFwH0UB
25w=
-----END CERTIFICATE-----