Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/5a7rKxL4lG5TgHEUTVuaj1E4RX8.roa
File:                     5a7rKxL4lG5TgHEUTVuaj1E4RX8.roa (raw, json)
Hash identifier:          HUVDt1qcbXmrYJ1I3cK0NON/A2aMtvwW4Gtaxh+cLXI=
Subject key identifier:   E5:AE:EB:2B:12:F8:94:6E:53:80:71:14:4D:5B:9A:8F:51:38:45:7F
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186DBF72D33EBB7E8E6762F54BE3E56235E
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/5a7rKxL4lG5TgHEUTVuaj1E4RX8.roa
Signing time:             Mon 13 Mar 2023 17:14:14 +0000
ROA not before:           Mon 13 Mar 2023 17:14:14 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:db:f7:2d:33:eb:b7:e8:e6:76:2f:54:be:3e:56:23:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 13 17:14:14 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e5aeeb2b12f8946e538071144d5b9a8f5138457f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:b6:0e:56:03:42:48:17:0d:6f:28:e1:8f:c1:
                    c6:d2:d4:70:18:31:97:d0:5c:17:96:18:8a:3c:7a:
                    28:01:34:35:68:cb:ed:eb:81:d2:e7:0d:64:21:b8:
                    d8:d2:3d:b9:05:c5:8a:4c:f2:a5:6d:9f:34:cc:b7:
                    44:b3:42:4f:d1:56:b6:f0:26:c1:06:1a:1c:4a:d3:
                    c8:40:2f:48:58:e1:93:aa:0c:be:3f:85:71:93:a4:
                    43:f3:62:a3:9e:90:35:7a:6d:58:88:c9:70:86:34:
                    1f:6d:d0:8a:d7:36:1b:ed:48:ab:17:68:0a:ef:53:
                    c0:3e:6a:49:9a:da:07:1c:6a:eb:e2:c7:3f:98:d3:
                    62:3e:b0:68:9b:e4:22:a4:3a:4a:15:a7:78:ff:17:
                    0d:4e:94:bb:58:49:48:6c:d4:7d:09:6e:cd:52:d4:
                    09:68:00:5b:a2:3a:90:d3:82:ea:9d:90:56:33:6b:
                    9f:12:3d:b5:00:3a:95:f1:36:ba:fc:9c:d7:bf:6e:
                    c0:43:8b:07:ff:2f:1e:4e:e4:9f:6c:a8:19:7d:35:
                    60:5a:f1:cc:3d:46:61:fe:6c:f8:b1:a6:a4:29:7f:
                    a3:0a:e6:ea:7d:40:26:be:78:8a:36:ec:fa:21:a9:
                    25:68:45:0f:9b:ec:12:48:cf:c4:ce:3a:fe:7d:1f:
                    c0:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:AE:EB:2B:12:F8:94:6E:53:80:71:14:4D:5B:9A:8F:51:38:45:7F
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/5a7rKxL4lG5TgHEUTVuaj1E4RX8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         99:45:c8:4b:c9:e9:4f:c4:e7:7a:61:c8:45:86:40:8b:60:03:
         32:c6:18:37:61:a5:90:d9:a1:11:14:aa:bb:90:80:d8:16:4c:
         fa:30:b7:99:03:dd:4b:20:e1:86:03:57:f7:fc:b3:20:bc:94:
         66:05:6c:80:e7:a8:07:0b:f7:ed:25:31:53:c6:37:a9:4c:5f:
         dd:e4:12:1c:8b:11:30:00:e8:0b:c1:30:62:3d:41:bc:d2:bd:
         b0:80:5e:fb:7c:68:07:51:4f:db:8f:c2:4e:d4:cc:fb:5e:0a:
         42:7d:2d:1e:d9:3b:c0:ab:ca:a1:b2:29:02:96:c9:62:7a:03:
         a1:ad:83:2a:b8:ed:44:e5:83:19:44:ab:cc:af:3c:6c:6a:bc:
         ae:41:e7:14:79:e9:5a:8b:62:24:33:5f:53:df:79:29:cc:6c:
         3a:36:64:d8:7b:1a:0f:4a:75:2c:a8:99:4a:0e:82:d7:f7:01:
         b2:6b:f0:10:2a:e2:fc:1a:fe:50:b5:ef:14:87:74:2e:86:c6:
         90:f7:9d:f6:c8:cb:3e:d9:74:ed:e4:30:5b:52:90:cb:6b:a6:
         7a:0f:40:e0:69:66:ee:7e:eb:d5:0f:1f:ed:78:cf:c8:b5:ee:
         c7:cb:3d:d0:24:01:a2:ea:1b:05:58:84:5a:ac:40:ac:dd:f9:
         2d:5d:2b:02
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbb9y0z67fo5nYvVL4+ViNeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzEzMTcxNDE0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWFlZWIyYjEyZjg5NDZlNTM4MDcxMTQ0ZDViOWE4ZjUxMzg0NTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAobYOVgNCSBcNbyjhj8HG0tRwGDGX
0FwXlhiKPHooATQ1aMvt64HS5w1kIbjY0j25BcWKTPKlbZ80zLdEs0JP0Va28CbB
BhocStPIQC9IWOGTqgy+P4Vxk6RD82KjnpA1em1YiMlwhjQfbdCK1zYb7UirF2gK
71PAPmpJmtoHHGrr4sc/mNNiPrBom+QipDpKFad4/xcNTpS7WElIbNR9CW7NUtQJ
aABbojqQ04LqnZBWM2ufEj21ADqV8Ta6/JzXv27AQ4sH/y8eTuSfbKgZfTVgWvHM
PUZh/mz4saakKX+jCubqfUAmvniKNuz6IaklaEUPm+wSSM/Ezjr+fR/A7QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOWu6ysS+JRuU4BxFE1bmo9ROEV/MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNWE3ckt4TDRsRzVUZ0hFVVRWdWFqMUU0Ulg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJlFyEvJ6U/E53phyEWG
QItgAzLGGDdhpZDZoREUqruQgNgWTPowt5kD3Usg4YYDV/f8syC8lGYFbIDnqAcL
9+0lMVPGN6lMX93kEhyLETAA6AvBMGI9QbzSvbCAXvt8aAdRT9uPwk7UzPteCkJ9
LR7ZO8CryqGyKQKWyWJ6A6Gtgyq47UTlgxlEq8yvPGxqvK5B5xR56VqLYiQzX1Pf
eSnMbDo2ZNh7Gg9KdSyomUoOgtf3AbJr8BAq4vwa/lC17xSHdC6GxpD3nfbIyz7Z
dO3kMFtSkMtrpnoPQOBpZu5+69UPH+14z8i17sfLPdAkAaLqGwVYhFqsQKzd+S1d
KwI=
-----END CERTIFICATE-----