Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/tc3ds8fEqF7H998wnAl8pcis4DA.roa
File:                     tc3ds8fEqF7H998wnAl8pcis4DA.roa (raw, json)
Hash identifier:          ycM75bxUE1orlMSlDGAtm8Jn4nbr4xRbClTX/pHZOXQ=
Subject key identifier:   B5:CD:DD:B3:C7:C4:A8:5E:C7:F7:DF:30:9C:09:7C:A5:C8:AC:E0:30
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188CFE92970B048CC1360739B8352541470
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/tc3ds8fEqF7H998wnAl8pcis4DA.roa
Signing time:             Sun 18 Jun 2023 19:09:04 +0000
ROA not before:           Sun 18 Jun 2023 19:09:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:cf:e9:29:70:b0:48:cc:13:60:73:9b:83:52:54:14:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 18 19:09:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b5cdddb3c7c4a85ec7f7df309c097ca5c8ace030
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:e6:6c:e8:a9:92:a6:a5:bd:14:c4:21:b5:45:
                    5f:ae:46:c8:21:f9:54:2a:64:6b:79:77:38:d7:e7:
                    f2:fb:3c:46:2f:15:28:3a:82:14:df:4a:4c:af:05:
                    af:74:c8:3e:a8:5d:5c:21:d4:28:6d:5e:72:73:00:
                    d0:f3:2b:05:ed:60:00:1f:e6:95:d6:f5:2e:bf:6c:
                    a8:52:54:b5:61:af:c8:ff:69:bf:83:76:2f:e6:b5:
                    29:27:05:30:a0:24:35:ed:72:93:c1:16:5e:6d:bb:
                    a3:18:fa:de:66:22:d0:45:e9:76:a1:97:28:c0:1c:
                    e6:c9:cd:3e:a3:b6:d5:48:a5:2d:2d:ec:78:39:c0:
                    51:d3:9e:31:b4:af:4d:7a:04:0f:7f:d7:83:80:67:
                    c2:da:0b:11:78:14:14:3d:e6:31:4a:84:c0:7a:b5:
                    f8:08:2a:87:ca:e7:70:eb:d9:db:e4:d2:6b:01:96:
                    06:89:61:70:fc:b8:91:17:8e:09:c3:79:fa:d9:cb:
                    8e:9a:cd:4d:2a:74:e5:b2:f7:03:81:1f:58:c4:42:
                    a7:db:fa:b5:e6:ac:41:13:2d:ff:9b:20:38:d2:74:
                    89:01:74:9e:92:23:cc:a0:e3:fa:9a:55:2f:a1:b8:
                    71:a7:c4:4f:b4:e5:22:90:d8:c2:31:7d:8d:9c:16:
                    a9:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:CD:DD:B3:C7:C4:A8:5E:C7:F7:DF:30:9C:09:7C:A5:C8:AC:E0:30
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/tc3ds8fEqF7H998wnAl8pcis4DA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         23:04:84:72:00:4f:4f:c4:86:78:cd:34:53:21:29:3c:14:40:
         b0:ac:4d:e8:27:51:42:96:39:44:f2:a0:c8:5b:dc:5c:97:6f:
         b0:ad:b4:b9:4c:77:63:d8:0c:65:a9:fc:0c:e1:70:af:f3:63:
         cf:41:82:78:25:59:83:ca:c8:42:26:db:0c:14:da:9a:0d:8b:
         5d:57:c6:25:76:44:e7:12:bb:88:ae:f1:ba:92:24:d4:22:b6:
         41:9f:81:fa:e4:ee:a2:6b:9c:6f:45:09:42:4a:68:0f:c5:96:
         d7:ba:39:8b:87:59:ca:4b:63:eb:dc:38:56:73:ea:d4:34:5a:
         a2:40:da:69:11:df:7f:da:06:ac:c7:18:d0:97:c8:21:e5:6b:
         8d:9a:0e:23:e5:cb:6d:0f:d6:ce:7e:e6:69:86:c8:c4:99:68:
         7d:45:dc:4a:60:18:81:da:57:cb:ca:7a:62:32:5c:ca:90:f9:
         2b:2f:fb:e7:ff:75:ee:d7:be:98:2e:e3:89:9a:aa:e8:f2:a8:
         5c:ad:a3:6e:d3:c8:12:1e:fe:7a:a1:9e:4b:9c:1b:df:3a:1e:
         64:3a:3b:06:03:89:e6:cc:6e:2c:b5:9a:da:8b:d3:49:64:ff:
         49:46:8b:c6:b6:fc:09:1f:80:7d:fb:eb:d7:aa:60:73:dc:6d:
         4e:16:d3:62
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYjP6SlwsEjME2Bzm4NSVBRwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjE4MTkwOTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWNkZGRiM2M3YzRhODVlYzdmN2RmMzA5YzA5N2NhNWM4YWNlMDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjeZs6KmSpqW9FMQhtUVfrkbIIflU
KmRreXc41+fy+zxGLxUoOoIU30pMrwWvdMg+qF1cIdQobV5ycwDQ8ysF7WAAH+aV
1vUuv2yoUlS1Ya/I/2m/g3Yv5rUpJwUwoCQ17XKTwRZebbujGPreZiLQRel2oZco
wBzmyc0+o7bVSKUtLex4OcBR054xtK9NegQPf9eDgGfC2gsReBQUPeYxSoTAerX4
CCqHyudw69nb5NJrAZYGiWFw/LiRF44Jw3n62cuOms1NKnTlsvcDgR9YxEKn2/q1
5qxBEy3/myA40nSJAXSekiPMoOP6mlUvobhxp8RPtOUikNjCMX2NnBap1QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLXN3bPHxKhex/ffMJwJfKXIrOAwMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvdGMzZHM4ZkVxRjdIOTk4d25BbDhwY2lzNERBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACMEhHIAT0/EhnjNNFMh
KTwUQLCsTegnUUKWOUTyoMhb3FyXb7CttLlMd2PYDGWp/AzhcK/zY89BgnglWYPK
yEIm2wwU2poNi11XxiV2ROcSu4iu8bqSJNQitkGfgfrk7qJrnG9FCUJKaA/Flte6
OYuHWcpLY+vcOFZz6tQ0WqJA2mkR33/aBqzHGNCXyCHla42aDiPly20P1s5+5mmG
yMSZaH1F3EpgGIHaV8vKemIyXMqQ+Ssv++f/de7Xvpgu44maqujyqFyto27TyBIe
/nqhnkucG986HmQ6OwYDiebMbiy1mtqL00lk/0lGi8a2/AkfgH3769eqYHPcbU4W
02I=
-----END CERTIFICATE-----