Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/x3oaIQUhBGUSPvWmrvbZfrPZOLY.roa
File:                     x3oaIQUhBGUSPvWmrvbZfrPZOLY.roa (raw, json)
Hash identifier:          zV9mtwrTCPVoE9lJIC+zwkl1L7heX63G03JliSnnyPg=
Subject key identifier:   C7:7A:1A:21:05:21:04:65:12:3E:F5:A6:AE:F6:D9:7E:B3:D9:38:B6
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188A8DCA37902DC436597AE64A9E38D6DC6
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/x3oaIQUhBGUSPvWmrvbZfrPZOLY.roa
Signing time:             Sun 11 Jun 2023 05:10:12 +0000
ROA not before:           Sun 11 Jun 2023 05:10:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:a8:dc:a3:79:02:dc:43:65:97:ae:64:a9:e3:8d:6d:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 11 05:10:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c77a1a2105210465123ef5a6aef6d97eb3d938b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:21:d3:c8:09:c0:cd:62:ac:5b:e4:2e:b2:11:
                    bb:d3:5a:3d:f3:fc:39:65:74:e1:5e:93:da:2d:54:
                    5c:21:37:d0:8b:ef:5c:8c:c7:f5:5a:c8:62:5e:46:
                    40:e3:40:c3:4b:44:b6:5e:79:d7:ae:8c:15:2f:11:
                    a1:27:68:5e:b3:7d:09:9c:f8:aa:fb:e9:7a:04:f4:
                    93:ec:4f:1d:c7:d9:82:92:be:78:27:02:fe:86:7e:
                    e3:a1:7c:6d:c5:70:4e:89:c6:3d:7c:bb:d1:b4:30:
                    4b:27:00:2a:7a:43:d5:a5:9b:d4:da:3b:68:5c:d2:
                    8b:7e:53:8a:c3:76:66:ff:64:45:d7:87:07:c7:15:
                    5e:22:5b:89:92:0f:f1:16:13:1e:93:68:ae:76:f0:
                    37:7d:e6:6f:45:29:b3:6a:d8:64:4f:9a:00:91:26:
                    f2:7f:8f:fa:d1:18:60:d1:d6:03:b0:58:4e:1b:13:
                    7b:db:8f:c1:1f:df:d4:b6:9c:6c:7e:9c:8c:72:03:
                    19:61:0c:1b:5d:e0:27:c3:e8:1a:17:fe:56:d4:aa:
                    51:cc:db:f0:2b:77:3b:28:a7:e6:6d:3a:7b:44:af:
                    09:b9:9e:6a:25:2a:a3:9c:ee:bc:85:34:d0:7c:be:
                    55:86:52:63:9d:fd:2a:a1:5a:69:b1:86:2d:e2:07:
                    8c:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:7A:1A:21:05:21:04:65:12:3E:F5:A6:AE:F6:D9:7E:B3:D9:38:B6
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/x3oaIQUhBGUSPvWmrvbZfrPZOLY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         55:be:c0:7c:60:7e:c3:23:2c:13:ea:d0:4c:96:48:f5:12:af:
         1b:ae:8f:c3:1f:3e:5f:45:80:29:a8:02:7f:bc:bb:ec:f0:a5:
         00:31:6d:96:e1:14:40:36:ae:0d:d1:18:19:c9:69:6a:6b:c1:
         0c:2a:7a:0e:4f:bb:ce:43:ea:89:42:ce:65:83:24:cb:f4:28:
         50:3a:9c:b1:85:4a:2e:81:a3:15:3a:28:94:a6:ec:7c:d0:1f:
         5b:13:70:81:0f:0f:71:2e:f3:b6:a6:4a:2f:95:c9:57:7e:60:
         4b:e6:ef:41:6a:eb:a0:24:e4:e6:db:35:1d:6e:8b:0e:d4:c5:
         18:ff:1b:f4:a5:35:40:f4:06:55:29:d9:db:b0:07:3c:6f:91:
         da:c0:15:6d:b9:cd:6f:49:cf:4e:a1:20:ef:a7:81:b3:67:89:
         ba:c7:c3:b5:eb:a8:52:de:99:57:d2:2b:59:3b:3e:91:32:f2:
         41:e7:00:bb:5c:f9:65:f9:ff:b1:94:60:dc:c8:0d:dd:21:fe:
         bf:12:87:d9:2f:7f:91:92:4f:13:fb:f9:ff:a1:ca:c8:ce:46:
         09:19:b9:e4:61:86:ab:cf:a2:d6:82:d5:5b:4c:9c:0f:f1:a8:
         45:20:df:63:c7:bc:85:b1:ab:d8:39:6c:fe:96:a7:7e:53:7d:
         45:cd:e5:5e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYio3KN5AtxDZZeuZKnjjW3GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjExMDUxMDEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzdhMWEyMTA1MjEwNDY1MTIzZWY1YTZhZWY2ZDk3ZWIzZDkzOGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyiHTyAnAzWKsW+QushG701o98/w5
ZXThXpPaLVRcITfQi+9cjMf1WshiXkZA40DDS0S2XnnXrowVLxGhJ2hes30JnPiq
++l6BPST7E8dx9mCkr54JwL+hn7joXxtxXBOicY9fLvRtDBLJwAqekPVpZvU2jto
XNKLflOKw3Zm/2RF14cHxxVeIluJkg/xFhMek2iudvA3feZvRSmzathkT5oAkSby
f4/60Rhg0dYDsFhOGxN724/BH9/UtpxsfpyMcgMZYQwbXeAnw+gaF/5W1KpRzNvw
K3c7KKfmbTp7RK8JuZ5qJSqjnO68hTTQfL5VhlJjnf0qoVppsYYt4geMRwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMd6GiEFIQRlEj71pq722X6z2Ti2MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEveDNvYUlRVWhCR1VTUHZXbXJ2YlpmclBaT0xZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFW+wHxgfsMjLBPq0EyW
SPUSrxuuj8MfPl9FgCmoAn+8u+zwpQAxbZbhFEA2rg3RGBnJaWprwQwqeg5Pu85D
6olCzmWDJMv0KFA6nLGFSi6BoxU6KJSm7HzQH1sTcIEPD3Eu87amSi+VyVd+YEvm
70Fq66Ak5ObbNR1uiw7UxRj/G/SlNUD0BlUp2duwBzxvkdrAFW25zW9Jz06hIO+n
gbNnibrHw7XrqFLemVfSK1k7PpEy8kHnALtc+WX5/7GUYNzIDd0h/r8Sh9kvf5GS
TxP7+f+hysjORgkZueRhhqvPotaC1VtMnA/xqEUg32PHvIWxq9g5bP6Wp35TfUXN
5V4=
-----END CERTIFICATE-----