Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/4ap7Tg9mO5GW6l99C55CTpVSVmM.roa
File:                     4ap7Tg9mO5GW6l99C55CTpVSVmM.roa (raw, json)
Hash identifier:          TFbc6AU/N+SFMjowsjwfxRQp3lsgETNXjj0b0KJNawo=
Subject key identifier:   E1:AA:7B:4E:0F:66:3B:91:96:EA:5F:7D:0B:9E:42:4E:95:52:56:63
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01897A82E80722E64007937D9E8693868802
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/4ap7Tg9mO5GW6l99C55CTpVSVmM.roa
Signing time:             Fri 21 Jul 2023 22:12:26 +0000
ROA not before:           Fri 21 Jul 2023 22:12:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:7a:82:e8:07:22:e6:40:07:93:7d:9e:86:93:86:88:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 21 22:12:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e1aa7b4e0f663b9196ea5f7d0b9e424e95525663
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:f5:6c:56:aa:e1:7d:ee:c3:e2:7c:a2:ec:bb:
                    1a:23:1b:d3:02:53:5e:f2:9b:8e:ea:ec:74:36:97:
                    d4:ee:6e:61:ef:f2:22:5a:87:94:5b:70:a6:03:34:
                    e7:ff:e3:ae:bc:2c:80:29:ef:8e:d3:cb:a4:1a:a2:
                    95:3c:31:85:7c:75:89:97:cb:bf:46:66:72:16:0d:
                    e9:4d:65:7c:b5:20:84:a0:4f:4a:c4:c5:a4:50:56:
                    29:6e:42:a2:8b:61:37:e6:56:35:9e:9f:b6:c7:34:
                    17:cf:7c:b7:81:69:cd:29:06:b1:d8:01:4d:e3:22:
                    ef:35:d4:ea:60:d7:d9:ff:7c:39:9f:6f:e7:c4:86:
                    65:39:ae:aa:ea:c2:df:0f:ab:3e:43:c5:f2:95:c5:
                    ea:aa:26:69:f4:83:b0:2f:81:2d:cc:d1:b9:ea:07:
                    2b:58:c7:59:ee:81:47:7a:85:a0:df:ef:b1:2a:f3:
                    ba:2a:ef:63:54:21:b1:5f:6e:1a:cf:35:eb:bf:84:
                    3d:ea:e3:77:96:c2:0c:eb:4d:0c:75:a8:05:00:d6:
                    3e:11:9f:c0:4d:4e:ce:86:59:99:e6:bf:48:d5:87:
                    d3:5b:ef:32:47:d8:f5:7b:c0:a1:ac:24:9c:5d:30:
                    e3:d0:fc:c4:87:a7:0a:b6:9e:b4:2f:83:80:80:22:
                    09:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:AA:7B:4E:0F:66:3B:91:96:EA:5F:7D:0B:9E:42:4E:95:52:56:63
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/4ap7Tg9mO5GW6l99C55CTpVSVmM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         b0:f0:23:a7:33:eb:c1:bc:4c:8e:ab:ed:86:26:3a:ba:39:8e:
         c0:0f:c1:57:d9:7d:ca:04:e0:5f:36:76:1c:e0:ba:2b:8a:ca:
         4a:32:c0:2b:6d:b5:5f:97:44:bb:62:82:83:2a:ca:3a:68:07:
         1e:64:51:9a:bb:ee:87:f5:76:8f:41:61:d0:68:4f:f3:8a:48:
         b3:11:ad:b7:86:fa:4c:61:98:88:4e:01:5d:e1:05:47:3f:25:
         bb:6a:31:4c:70:60:fa:69:e7:62:2a:8c:01:40:03:93:5c:82:
         ba:f2:91:59:a5:fb:7d:d1:4a:f9:a1:dc:f2:5f:de:70:15:4e:
         eb:07:01:df:17:fd:05:63:2b:bc:fb:df:36:d4:2e:86:63:ad:
         0e:98:81:41:82:40:66:3d:4f:70:f0:2f:ea:c8:b5:fb:67:70:
         58:65:b8:f3:34:90:c9:c8:ae:59:43:de:a1:b8:86:53:74:a1:
         6a:de:cb:f1:60:13:14:50:d0:cf:0f:60:68:b0:46:46:d5:fc:
         91:40:a7:77:66:fe:36:d7:4d:7d:0e:44:5d:7e:dc:86:49:ad:
         08:c7:f8:33:de:68:5a:09:84:54:3a:bf:73:a5:46:60:bc:38:
         03:d7:c8:3f:4c:96:43:52:60:62:88:b6:cc:b6:d9:0a:02:8c:
         ca:df:04:f6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYl6gugHIuZAB5N9noaThogCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzIxMjIxMjI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWFhN2I0ZTBmNjYzYjkxOTZlYTVmN2QwYjllNDI0ZTk1NTI1NjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/VsVqrhfe7D4nyi7LsaIxvTAlNe
8puO6ux0NpfU7m5h7/IiWoeUW3CmAzTn/+OuvCyAKe+O08ukGqKVPDGFfHWJl8u/
RmZyFg3pTWV8tSCEoE9KxMWkUFYpbkKii2E35lY1np+2xzQXz3y3gWnNKQax2AFN
4yLvNdTqYNfZ/3w5n2/nxIZlOa6q6sLfD6s+Q8XylcXqqiZp9IOwL4EtzNG56gcr
WMdZ7oFHeoWg3++xKvO6Ku9jVCGxX24azzXrv4Q96uN3lsIM600MdagFANY+EZ/A
TU7OhlmZ5r9I1YfTW+8yR9j1e8ChrCScXTDj0PzEh6cKtp60L4OAgCIJCQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOGqe04PZjuRlupffQueQk6VUlZjMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNGFwN1RnOW1PNUdXNmw5OUM1NUNUcFZTVm1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBALDwI6cz68G8TI6r7YYm
Oro5jsAPwVfZfcoE4F82dhzguiuKykoywCtttV+XRLtigoMqyjpoBx5kUZq77of1
do9BYdBoT/OKSLMRrbeG+kxhmIhOAV3hBUc/JbtqMUxwYPpp52IqjAFAA5Ncgrry
kVml+33RSvmh3PJf3nAVTusHAd8X/QVjK7z73zbULoZjrQ6YgUGCQGY9T3DwL+rI
tftncFhluPM0kMnIrllD3qG4hlN0oWrey/FgExRQ0M8PYGiwRkbV/JFAp3dm/jbX
TX0ORF1+3IZJrQjH+DPeaFoJhFQ6v3OlRmC8OAPXyD9MlkNSYGKItsy22QoCjMrf
BPY=
-----END CERTIFICATE-----