Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/z19r5C1VhCKxo3qpC0q1yvxV-hE.roa
File:                     z19r5C1VhCKxo3qpC0q1yvxV-hE.roa (raw, json)
Hash identifier:          zCe4Qvkgkvmmw1/mhOtLlrKkbokE0GY6qQ5Nq1Nojno=
Subject key identifier:   CF:5F:6B:E4:2D:55:84:22:B1:A3:7A:A9:0B:4A:B5:CA:FC:55:FA:11
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01889C69ED63169D631229854BDCF3F9021B
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/z19r5C1VhCKxo3qpC0q1yvxV-hE.roa
Signing time:             Thu 08 Jun 2023 19:09:27 +0000
ROA not before:           Thu 08 Jun 2023 19:09:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:9c:69:ed:63:16:9d:63:12:29:85:4b:dc:f3:f9:02:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  8 19:09:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cf5f6be42d558422b1a37aa90b4ab5cafc55fa11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:af:00:b4:be:9d:80:d1:4c:f3:f9:3a:23:14:
                    77:9d:e3:c0:4e:e1:d5:04:73:95:e8:ae:2d:24:8e:
                    96:f8:34:02:04:9a:54:cd:03:62:98:c2:5c:5f:4a:
                    12:bc:56:af:50:26:ab:f2:37:fe:7a:d8:2b:39:4a:
                    53:28:f6:8a:15:a0:2c:12:73:14:6e:6f:82:a2:6c:
                    94:cd:90:ba:ef:9b:77:0c:d0:19:a0:05:50:29:5f:
                    1e:1c:2a:9c:3e:db:39:1e:69:c9:d6:3b:05:95:3f:
                    93:43:89:14:a4:a1:3f:3c:44:c2:0c:c8:2e:37:61:
                    fb:44:46:da:40:0c:13:2b:60:6c:1b:c8:98:f6:db:
                    81:6d:69:d1:2f:0f:1f:34:88:c9:6c:4b:bd:04:73:
                    d8:38:fb:1e:66:5d:76:0a:6c:0c:5d:ce:73:9f:1b:
                    9a:42:9a:fa:e0:7f:54:86:09:dd:eb:13:d3:2d:ba:
                    f1:62:8c:34:d3:0a:38:52:69:75:93:d3:fd:27:1a:
                    0b:f2:b7:ad:3e:cc:41:fc:b0:cf:85:83:5b:87:52:
                    9b:07:55:e2:43:8c:90:ab:9a:b5:fc:3b:53:57:68:
                    51:70:e5:d5:9f:fd:2d:69:dc:56:c4:56:8c:48:af:
                    c5:be:6a:ea:2d:9b:5b:a2:aa:4e:16:85:2d:c0:20:
                    c2:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:5F:6B:E4:2D:55:84:22:B1:A3:7A:A9:0B:4A:B5:CA:FC:55:FA:11
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/z19r5C1VhCKxo3qpC0q1yvxV-hE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         02:35:ca:26:32:6b:1a:42:24:eb:ee:ed:28:d6:85:97:59:a2:
         25:54:a0:cb:e5:7d:aa:79:65:d1:15:a9:30:13:51:63:15:58:
         e3:91:e6:2d:f0:34:04:4a:60:31:3d:4e:46:2c:1b:c6:4b:46:
         a2:d0:01:34:5d:3f:b7:32:16:aa:da:8d:97:41:75:18:ea:ea:
         f4:69:56:71:e1:b0:b1:cc:36:a7:a6:ec:48:2d:dd:10:00:d3:
         8e:de:0b:86:bc:eb:d3:00:33:3c:76:78:fd:d8:10:2f:3e:ea:
         ad:3f:a7:40:33:17:e9:ca:64:3e:de:d6:5d:17:a4:b8:c7:ca:
         78:d3:19:49:a0:3d:05:24:09:10:96:b3:d4:e9:c7:a7:89:5c:
         01:5e:84:ad:ac:88:08:dd:13:f4:08:9c:a3:12:76:c4:f0:80:
         39:e0:00:8c:cc:85:55:a5:66:d2:42:03:dc:16:1d:0e:4b:60:
         36:09:9d:8b:af:73:06:f5:40:66:05:3d:00:ee:f9:6c:e4:c9:
         fe:11:29:5d:8a:12:4e:33:05:f6:06:79:70:43:e5:fd:e3:a5:
         9b:56:45:6c:56:73:22:2c:61:c2:7a:51:87:ae:74:e1:c6:7a:
         6f:7e:34:5a:82:2c:39:54:9b:08:2e:1c:4e:3a:21:35:0c:a7:
         fc:00:81:83
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYicae1jFp1jEimFS9zz+QIbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA4MTkwOTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjVmNmJlNDJkNTU4NDIyYjFhMzdhYTkwYjRhYjVjYWZjNTVmYTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7a8AtL6dgNFM8/k6IxR3nePATuHV
BHOV6K4tJI6W+DQCBJpUzQNimMJcX0oSvFavUCar8jf+etgrOUpTKPaKFaAsEnMU
bm+ComyUzZC675t3DNAZoAVQKV8eHCqcPts5HmnJ1jsFlT+TQ4kUpKE/PETCDMgu
N2H7REbaQAwTK2BsG8iY9tuBbWnRLw8fNIjJbEu9BHPYOPseZl12CmwMXc5znxua
Qpr64H9Uhgnd6xPTLbrxYow00wo4Uml1k9P9JxoL8retPsxB/LDPhYNbh1KbB1Xi
Q4yQq5q1/DtTV2hRcOXVn/0tadxWxFaMSK/FvmrqLZtboqpOFoUtwCDCYQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFM9fa+QtVYQisaN6qQtKtcr8VfoRMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvejE5cjVDMVZoQ0t4bzNxcEMwcTF5dnhWLWhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAI1yiYyaxpCJOvu7SjW
hZdZoiVUoMvlfap5ZdEVqTATUWMVWOOR5i3wNARKYDE9TkYsG8ZLRqLQATRdP7cy
FqrajZdBdRjq6vRpVnHhsLHMNqem7Egt3RAA047eC4a869MAMzx2eP3YEC8+6q0/
p0AzF+nKZD7e1l0XpLjHynjTGUmgPQUkCRCWs9Tpx6eJXAFehK2siAjdE/QInKMS
dsTwgDngAIzMhVWlZtJCA9wWHQ5LYDYJnYuvcwb1QGYFPQDu+Wzkyf4RKV2KEk4z
BfYGeXBD5f3jpZtWRWxWcyIsYcJ6UYeudOHGem9+NFqCLDlUmwguHE46ITUMp/wA
gYM=
-----END CERTIFICATE-----