Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/wVvGk9nqvTIe2FzBwch8ktd2-AU.roa
File:                     wVvGk9nqvTIe2FzBwch8ktd2-AU.roa (raw, json)
Hash identifier:          BsNm1L/LKmS7SDdlSJnZcUBizXXhNiCx3iigBaMb250=
Subject key identifier:   C1:5B:C6:93:D9:EA:BD:32:1E:D8:5C:C1:C1:C8:7C:92:D7:76:F8:05
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0189845F03AE121A4223A5FAD483AA17827E
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/wVvGk9nqvTIe2FzBwch8ktd2-AU.roa
Signing time:             Sun 23 Jul 2023 20:09:26 +0000
ROA not before:           Sun 23 Jul 2023 20:09:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:84:5f:03:ae:12:1a:42:23:a5:fa:d4:83:aa:17:82:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 23 20:09:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c15bc693d9eabd321ed85cc1c1c87c92d776f805
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ee:05:9a:d7:71:9c:c1:7b:c8:1e:a9:43:9c:
                    8a:a5:35:00:69:c1:fa:aa:1c:c8:fc:d5:c7:ca:a3:
                    82:c5:b1:13:64:89:8c:6c:6a:d7:a5:de:e0:77:1a:
                    8b:5a:78:05:1f:89:9f:47:f5:1e:91:3a:73:cb:93:
                    7b:21:19:a6:df:48:95:07:68:3a:1e:08:f0:18:ea:
                    04:d9:19:67:3e:b5:d5:6a:11:d9:00:21:1d:6d:5a:
                    a2:19:66:8f:7b:40:0a:b4:84:96:14:9e:6e:6f:92:
                    67:b3:1b:cc:5d:fe:0e:b5:38:c9:41:f0:0f:21:87:
                    b9:bc:81:3b:59:13:39:74:f7:21:83:79:a2:b2:b2:
                    73:f3:eb:20:36:ae:83:73:2b:8c:76:b2:51:bd:4b:
                    1f:cb:bd:95:b4:20:b3:0b:29:c0:15:33:27:c6:f2:
                    26:a5:96:5b:4e:fc:90:2a:98:9f:74:a3:c9:fa:81:
                    50:af:2b:bd:19:3c:ae:2a:cd:22:6a:38:1e:11:c1:
                    ed:8f:5b:40:56:36:14:94:e0:dc:e2:57:71:5f:1a:
                    cc:f4:d2:6f:4c:de:df:51:99:94:f9:6c:40:02:77:
                    5e:70:b8:22:8b:55:d5:f1:d6:ce:03:a5:2a:2a:59:
                    ea:16:f7:c4:3e:1e:37:3b:d9:f4:72:f6:7f:78:80:
                    9b:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:5B:C6:93:D9:EA:BD:32:1E:D8:5C:C1:C1:C8:7C:92:D7:76:F8:05
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/wVvGk9nqvTIe2FzBwch8ktd2-AU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         65:d8:f7:8b:41:f8:a7:3a:ae:5e:0b:a8:93:ce:39:21:e2:7c:
         8e:40:35:8f:50:08:2c:35:3d:82:96:c9:45:b9:18:52:a7:77:
         0b:97:b8:58:2e:b3:3b:ac:f6:cd:20:6a:21:2b:8d:79:6f:75:
         6b:77:3b:cb:52:85:61:26:67:06:c6:96:30:d5:62:4b:a7:b0:
         73:54:e1:87:bb:f0:48:b4:42:64:47:77:d4:fb:ab:f0:66:a2:
         1b:f5:b4:b4:5c:c5:2e:03:b9:86:39:f6:da:16:9d:5f:42:58:
         d7:af:db:c5:c7:17:0c:39:c7:e7:f7:89:93:97:f9:93:2b:3b:
         f4:c8:06:d7:84:4d:5e:0a:f9:1a:e2:5f:72:0b:02:44:b1:bd:
         b2:71:68:5a:bd:3c:e1:99:4b:fd:f3:bf:52:6f:b6:02:6a:6b:
         08:84:77:57:9a:76:72:3f:ea:3b:0d:3c:57:73:de:ff:dd:b0:
         7d:bc:d1:66:4d:a9:b7:22:13:52:84:91:1a:8c:1f:03:f7:77:
         33:c2:3b:83:a8:23:65:98:c8:2a:0c:11:04:92:8e:fb:56:96:
         f1:aa:b3:95:1b:eb:46:64:43:f8:10:6f:3b:f1:b8:c5:4b:9d:
         85:0e:37:2c:cd:05:88:bd:e2:92:6e:ea:34:fe:f8:24:f7:86:
         db:4b:68:0d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYmEXwOuEhpCI6X61IOqF4J+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzIzMjAwOTI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTViYzY5M2Q5ZWFiZDMyMWVkODVjYzFjMWM4N2M5MmQ3NzZmODA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+4FmtdxnMF7yB6pQ5yKpTUAacH6
qhzI/NXHyqOCxbETZImMbGrXpd7gdxqLWngFH4mfR/UekTpzy5N7IRmm30iVB2g6
HgjwGOoE2RlnPrXVahHZACEdbVqiGWaPe0AKtISWFJ5ub5JnsxvMXf4OtTjJQfAP
IYe5vIE7WRM5dPchg3misrJz8+sgNq6DcyuMdrJRvUsfy72VtCCzCynAFTMnxvIm
pZZbTvyQKpifdKPJ+oFQryu9GTyuKs0iajgeEcHtj1tAVjYUlODc4ldxXxrM9NJv
TN7fUZmU+WxAAndecLgii1XV8dbOA6UqKlnqFvfEPh43O9n0cvZ/eICbwwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMFbxpPZ6r0yHthcwcHIfJLXdvgFMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvd1Z2R2s5bnF2VEllMkZ6QndjaDhrdGQyLUFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGXY94tB+Kc6rl4LqJPO
OSHifI5ANY9QCCw1PYKWyUW5GFKndwuXuFguszus9s0gaiErjXlvdWt3O8tShWEm
ZwbGljDVYkunsHNU4Ye78Ei0QmRHd9T7q/Bmohv1tLRcxS4DuYY59toWnV9CWNev
28XHFww5x+f3iZOX+ZMrO/TIBteETV4K+RriX3ILAkSxvbJxaFq9POGZS/3zv1Jv
tgJqawiEd1eadnI/6jsNPFdz3v/dsH280WZNqbciE1KEkRqMHwP3dzPCO4OoI2WY
yCoMEQSSjvtWlvGqs5Ub60ZkQ/gQbzvxuMVLnYUONyzNBYi94pJu6jT++CT3httL
aA0=
-----END CERTIFICATE-----