Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/wunnVLwa0WjK8UUJFmktpPGSU3o.roa
File:                     wunnVLwa0WjK8UUJFmktpPGSU3o.roa (raw, json)
Hash identifier:          gwcPmSMBCmmxAxVOhUeZ9j5jJ+1aEc2CMooKH0M9Vww=
Subject key identifier:   C2:E9:E7:54:BC:1A:D1:68:CA:F1:45:09:16:69:2D:A4:F1:92:53:7A
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0189439786F3BA683A9C8D886D74F2AEC259
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/wunnVLwa0WjK8UUJFmktpPGSU3o.roa
Signing time:             Tue 11 Jul 2023 06:15:51 +0000
ROA not before:           Tue 11 Jul 2023 06:15:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:43:97:86:f3:ba:68:3a:9c:8d:88:6d:74:f2:ae:c2:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 11 06:15:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c2e9e754bc1ad168caf1450916692da4f192537a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:b5:3d:18:a8:28:bb:a7:8c:b4:c4:d9:9f:6b:
                    9a:1e:a8:70:98:82:57:09:fd:a2:d2:1c:0a:55:6e:
                    51:7c:ed:c8:36:19:0e:9d:09:69:99:93:e0:d9:66:
                    90:98:7c:e3:e0:aa:1d:96:c8:3b:31:4c:8d:59:3c:
                    fa:24:aa:f3:51:5d:ab:a8:93:44:ce:e3:77:85:ed:
                    e5:64:12:30:ca:8c:8b:d4:34:25:e0:2c:54:18:f2:
                    e2:1a:36:f0:27:4b:b0:3b:fa:d8:e5:a4:c3:85:e6:
                    56:a2:93:e3:e5:e3:67:a0:ae:48:14:83:e1:67:ff:
                    89:1c:b6:d8:8f:80:71:6b:fb:36:d8:f8:2b:0d:49:
                    96:48:0e:f7:08:48:11:10:85:6e:8d:55:e3:3a:73:
                    f0:00:ce:1c:20:3c:58:20:13:89:f6:8d:29:e4:4b:
                    21:14:ce:36:06:99:90:60:2e:af:78:92:f2:d1:23:
                    73:ab:82:f5:67:4a:6f:0e:4d:83:6a:d9:7d:75:9f:
                    7f:80:1b:44:41:bb:1b:dd:ad:2a:fd:2a:38:1c:44:
                    1c:95:61:40:6d:3b:98:bd:48:d1:44:74:d4:30:e4:
                    6a:05:06:f5:9b:24:20:13:5c:d7:e3:ff:6c:63:b4:
                    28:c0:1b:66:19:0c:38:fa:6d:3b:ed:19:a5:69:63:
                    a5:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:E9:E7:54:BC:1A:D1:68:CA:F1:45:09:16:69:2D:A4:F1:92:53:7A
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/wunnVLwa0WjK8UUJFmktpPGSU3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         86:ca:08:a8:86:ad:6d:68:6e:33:2a:b1:b1:9b:6d:02:97:97:
         41:d3:e6:e7:36:73:6b:b4:35:89:2f:cf:8b:56:a3:84:3c:28:
         3b:8a:c7:12:3f:90:9c:52:a7:fe:5f:c8:db:d7:5c:09:f8:05:
         62:a4:28:11:9b:ec:43:a1:b2:2f:e6:40:5f:da:71:72:0a:7a:
         b4:8c:5c:bc:c2:81:89:01:76:21:4a:f5:3b:f5:5a:13:f1:84:
         c2:5f:7e:64:84:9a:67:2a:e2:a4:b6:61:62:f1:78:17:83:ed:
         8d:34:06:4b:6c:9e:23:61:6d:04:8a:d3:6e:bf:ad:ac:12:54:
         b8:e9:9c:62:26:b1:4d:3f:79:44:af:de:bb:22:6d:46:cc:93:
         4c:4b:01:04:11:a4:78:a9:ed:b8:fc:cd:05:0f:24:e2:a2:a0:
         a6:96:dd:79:c7:07:89:e8:69:43:42:89:65:da:14:22:1b:4f:
         3f:87:ef:d1:47:af:86:52:00:32:c8:95:b7:df:ca:43:c2:1d:
         7d:97:1d:8f:30:ea:99:23:fd:5a:fe:92:2d:fb:b9:33:d8:a9:
         47:ed:15:fd:7f:e9:1d:d3:9a:64:0e:56:44:b6:1a:fe:9f:5f:
         fb:e4:af:d1:86:52:d5:69:6d:26:7a:80:d1:14:ea:fa:a7:a3:
         dc:cc:f7:04
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlDl4bzumg6nI2IbXTyrsJZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzExMDYxNTUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmU5ZTc1NGJjMWFkMTY4Y2FmMTQ1MDkxNjY5MmRhNGYxOTI1MzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5rU9GKgou6eMtMTZn2uaHqhwmIJX
Cf2i0hwKVW5RfO3INhkOnQlpmZPg2WaQmHzj4Kodlsg7MUyNWTz6JKrzUV2rqJNE
zuN3he3lZBIwyoyL1DQl4CxUGPLiGjbwJ0uwO/rY5aTDheZWopPj5eNnoK5IFIPh
Z/+JHLbYj4Bxa/s22PgrDUmWSA73CEgREIVujVXjOnPwAM4cIDxYIBOJ9o0p5Esh
FM42BpmQYC6veJLy0SNzq4L1Z0pvDk2Datl9dZ9/gBtEQbsb3a0q/So4HEQclWFA
bTuYvUjRRHTUMORqBQb1myQgE1zX4/9sY7QowBtmGQw4+m077RmlaWOldwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMLp51S8GtFoyvFFCRZpLaTxklN6MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvd3VublZMd2EwV2pLOFVVSkZta3RwUEdTVTNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIbKCKiGrW1objMqsbGb
bQKXl0HT5uc2c2u0NYkvz4tWo4Q8KDuKxxI/kJxSp/5fyNvXXAn4BWKkKBGb7EOh
si/mQF/acXIKerSMXLzCgYkBdiFK9Tv1WhPxhMJffmSEmmcq4qS2YWLxeBeD7Y00
BktsniNhbQSK026/rawSVLjpnGImsU0/eUSv3rsibUbMk0xLAQQRpHip7bj8zQUP
JOKioKaW3XnHB4noaUNCiWXaFCIbTz+H79FHr4ZSADLIlbffykPCHX2XHY8w6pkj
/Vr+ki37uTPYqUftFf1/6R3TmmQOVkS2Gv6fX/vkr9GGUtVpbSZ6gNEU6vqno9zM
9wQ=
-----END CERTIFICATE-----