Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/tjYisgjxg_Tx_T14bgS97afb4RU.roa
File:                     tjYisgjxg_Tx_T14bgS97afb4RU.roa (raw, json)
Hash identifier:          JHiU2XwTsPD8sLinFwROqZfPNjKal7Zt1I5dvckoyEg=
Subject key identifier:   B6:36:22:B2:08:F1:83:F4:F1:FD:3D:78:6E:04:BD:ED:A7:DB:E1:15
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01883835BF548ADB8582D27263E06DF28C96
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/tjYisgjxg_Tx_T14bgS97afb4RU.roa
Signing time:             Sat 20 May 2023 08:10:26 +0000
ROA not before:           Sat 20 May 2023 08:10:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:38:35:bf:54:8a:db:85:82:d2:72:63:e0:6d:f2:8c:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 20 08:10:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b63622b208f183f4f1fd3d786e04bdeda7dbe115
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:c9:a9:4b:48:f0:c4:05:42:a7:8d:87:e7:6d:
                    e1:ed:4f:71:a0:fa:77:33:de:62:00:50:32:f3:1c:
                    6d:07:a2:47:df:ec:35:64:2d:c6:d6:f1:79:84:ac:
                    d7:ea:0c:e8:ac:08:36:2f:53:11:53:4c:76:a3:c2:
                    67:ba:07:ff:ea:13:5f:36:df:31:46:f9:88:15:02:
                    e1:12:e1:a0:2d:4a:13:88:0b:71:a9:20:1b:83:35:
                    d6:4c:c6:c9:f2:9a:ba:f1:9d:ba:d4:97:3b:19:c9:
                    88:ce:6e:48:b1:2c:61:46:39:e7:69:aa:8e:23:39:
                    57:c6:f5:50:37:81:ae:7d:cb:14:48:f0:24:f9:df:
                    a5:fa:78:79:e3:46:68:7a:cb:70:2f:b8:58:d1:83:
                    66:c6:52:8f:5e:fe:60:c3:3c:f9:e9:67:ba:45:34:
                    81:ee:65:27:c5:9b:97:42:71:99:27:43:07:73:c0:
                    53:d5:56:48:7a:25:4b:9b:e3:84:86:76:62:11:57:
                    eb:af:46:7a:3f:a7:fa:a6:4f:dc:d3:9c:3b:c3:ca:
                    f1:6c:09:67:d5:f3:a9:a7:45:47:38:2d:63:c1:02:
                    b3:61:0b:b6:82:1f:d5:23:1d:35:8a:50:29:0d:f0:
                    54:bb:82:47:57:67:b8:5d:82:a0:0b:d6:5b:f9:cf:
                    aa:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:36:22:B2:08:F1:83:F4:F1:FD:3D:78:6E:04:BD:ED:A7:DB:E1:15
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/tjYisgjxg_Tx_T14bgS97afb4RU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         07:e8:93:82:32:a3:30:04:f8:27:34:a6:05:f3:5a:34:27:89:
         d8:68:f6:ce:d7:a8:f1:6d:9b:02:1a:7e:45:73:8c:45:9c:f6:
         9b:6e:2a:6c:0a:bd:8e:ec:36:b6:eb:26:72:f2:4f:a2:51:ec:
         45:c9:d9:64:55:08:c6:99:57:79:e1:07:7f:cc:00:81:50:e1:
         14:3c:91:f3:66:18:3e:ab:9b:3c:f9:34:c6:a5:f3:c7:47:b9:
         9e:23:e1:9e:7a:fe:7d:83:ed:dc:96:c2:0c:ca:ad:ce:95:1d:
         9a:7f:66:6e:75:1f:07:1b:7c:bb:6c:07:0c:58:97:d8:5c:56:
         48:fb:60:01:c4:6f:11:cb:9a:a3:9f:c3:22:cb:ad:11:6f:b3:
         ac:9b:74:1a:35:79:9c:c9:4f:1c:38:96:2c:fb:89:aa:25:02:
         fd:05:c3:0a:65:a5:ac:27:ce:df:23:50:5d:36:52:8a:70:82:
         85:4c:45:45:75:d3:20:b3:f8:de:ec:68:67:f0:a0:dc:db:bf:
         7e:ad:13:8c:1b:9a:9a:a0:82:34:4e:ba:c5:01:53:9e:de:64:
         1a:fe:40:a2:0d:a6:8d:b9:20:c1:b5:be:bf:08:26:63:bf:ca:
         af:64:22:8e:62:a4:91:b1:2a:e4:95:d1:9e:75:a5:3b:f9:fa:
         2a:96:76:86
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYg4Nb9UituFgtJyY+Bt8oyWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTIwMDgxMDI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjM2MjJiMjA4ZjE4M2Y0ZjFmZDNkNzg2ZTA0YmRlZGE3ZGJlMTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArMmpS0jwxAVCp42H523h7U9xoPp3
M95iAFAy8xxtB6JH3+w1ZC3G1vF5hKzX6gzorAg2L1MRU0x2o8Jnugf/6hNfNt8x
RvmIFQLhEuGgLUoTiAtxqSAbgzXWTMbJ8pq68Z261Jc7GcmIzm5IsSxhRjnnaaqO
IzlXxvVQN4GufcsUSPAk+d+l+nh540ZoestwL7hY0YNmxlKPXv5gwzz56We6RTSB
7mUnxZuXQnGZJ0MHc8BT1VZIeiVLm+OEhnZiEVfrr0Z6P6f6pk/c05w7w8rxbAln
1fOpp0VHOC1jwQKzYQu2gh/VIx01ilApDfBUu4JHV2e4XYKgC9Zb+c+q5QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLY2IrII8YP08f09eG4Eve2n2+EVMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvdGpZaXNnanhnX1R4X1QxNGJnUzk3YWZiNFJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAfok4IyozAE+Cc0pgXz
WjQnidho9s7XqPFtmwIafkVzjEWc9ptuKmwKvY7sNrbrJnLyT6JR7EXJ2WRVCMaZ
V3nhB3/MAIFQ4RQ8kfNmGD6rmzz5NMal88dHuZ4j4Z56/n2D7dyWwgzKrc6VHZp/
Zm51HwcbfLtsBwxYl9hcVkj7YAHEbxHLmqOfwyLLrRFvs6ybdBo1eZzJTxw4liz7
iaolAv0Fwwplpawnzt8jUF02UopwgoVMRUV10yCz+N7saGfwoNzbv36tE4wbmpqg
gjROusUBU57eZBr+QKINpo25IMG1vr8IJmO/yq9kIo5ipJGxKuSV0Z51pTv5+iqW
doY=
-----END CERTIFICATE-----