Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/7CwxJBk3jABia34sk_gs4iwgzYU.roa
File:                     7CwxJBk3jABia34sk_gs4iwgzYU.roa (raw, json)
Hash identifier:          71POOPcjHbz4+lUdJ/mocljnvo8sgea6+2S3A1HpagM=
Subject key identifier:   EC:2C:31:24:19:37:8C:00:62:6B:7E:2C:93:F8:2C:E2:2C:20:CD:85
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01889D1051C71E2D466085CB0318C49BDEF7
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/7CwxJBk3jABia34sk_gs4iwgzYU.roa
Signing time:             Thu 08 Jun 2023 22:11:12 +0000
ROA not before:           Thu 08 Jun 2023 22:11:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:9d:10:51:c7:1e:2d:46:60:85:cb:03:18:c4:9b:de:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  8 22:11:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ec2c312419378c00626b7e2c93f82ce22c20cd85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:15:94:56:29:1d:0f:38:d0:55:4a:a2:a5:a1:
                    b8:0c:fa:ac:2d:c8:6f:f2:55:e6:ef:67:24:04:57:
                    9f:9c:98:26:10:ff:80:0b:b8:ca:8c:ad:b1:d2:00:
                    0d:34:c3:43:2e:4c:43:61:ed:57:e7:14:63:fa:61:
                    fa:50:21:39:b0:d3:f4:4e:28:75:86:b5:b7:30:81:
                    75:d7:fe:82:19:19:aa:c8:b4:ae:b4:9a:70:80:c6:
                    c2:53:2f:31:e6:4b:2c:4e:59:18:f4:e6:a5:00:77:
                    78:0a:2f:0d:e3:0e:71:85:32:93:36:d9:70:76:55:
                    f1:8b:99:7c:aa:1a:fa:3a:20:30:11:5a:8b:75:ef:
                    7f:c6:8d:90:42:a4:6f:43:57:37:e9:9b:bf:10:01:
                    72:03:cc:c1:eb:75:e3:e6:22:63:e3:80:e7:7f:9a:
                    0c:47:79:76:41:9e:5c:27:38:57:8b:f8:bf:75:35:
                    4a:56:bf:e8:55:3b:31:13:54:ca:98:bb:0a:b3:ba:
                    d7:c6:d4:a7:ec:a8:3d:fe:25:85:ca:2d:3f:04:91:
                    b7:9b:7c:71:f2:b1:ed:7c:84:77:15:e3:51:50:2e:
                    b9:2f:bd:58:03:48:20:05:99:33:28:cf:82:cd:b5:
                    dd:81:99:f0:4e:06:d9:fb:8c:a3:ab:a5:1d:a8:07:
                    8a:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:2C:31:24:19:37:8C:00:62:6B:7E:2C:93:F8:2C:E2:2C:20:CD:85
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/7CwxJBk3jABia34sk_gs4iwgzYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         82:ab:b7:74:8d:10:3d:54:65:19:1e:dd:f7:be:cc:0c:11:83:
         f1:7c:e5:cb:bd:06:f7:0e:2e:02:b2:a6:7a:ae:33:9a:73:53:
         ef:7f:93:ed:82:df:ac:b0:60:e5:76:6a:ae:d9:4f:c5:55:bb:
         69:60:f1:e9:bd:fd:dc:12:ae:1c:0a:55:79:7d:f6:c2:ae:d7:
         15:50:22:66:f8:5b:1e:a6:53:ac:2b:83:f5:10:8a:24:84:bb:
         7a:c4:ce:29:72:ec:52:ec:62:a9:8d:96:ec:b2:95:dd:b3:6e:
         dd:bc:35:40:3b:28:83:e1:76:05:54:dd:b8:b9:67:18:06:5d:
         ac:17:74:49:a2:b7:cf:ca:da:9f:14:ca:bc:7f:ef:32:77:61:
         5b:20:60:2e:22:31:37:ab:1c:4f:4a:75:f3:af:f5:ce:6b:14:
         22:13:f7:3e:bd:1d:c1:ee:1d:67:4b:86:27:51:07:70:ba:ee:
         cc:5d:24:03:b4:6a:69:60:48:0a:75:1a:c2:da:5d:af:c5:7f:
         1c:9f:04:82:5f:2f:36:ae:e2:ba:3d:a2:f7:87:ba:e6:2e:ee:
         7c:23:3d:7e:f5:c5:9c:ac:52:53:8f:a5:17:bb:9e:14:0e:11:
         15:c6:d2:ef:0b:11:a3:9d:c9:12:9e:3b:77:47:13:70:fd:4c:
         9a:aa:0d:2f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYidEFHHHi1GYIXLAxjEm973MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA4MjIxMTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzJjMzEyNDE5Mzc4YzAwNjI2YjdlMmM5M2Y4MmNlMjJjMjBjZDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7BWUVikdDzjQVUqipaG4DPqsLchv
8lXm72ckBFefnJgmEP+AC7jKjK2x0gANNMNDLkxDYe1X5xRj+mH6UCE5sNP0Tih1
hrW3MIF11/6CGRmqyLSutJpwgMbCUy8x5kssTlkY9OalAHd4Ci8N4w5xhTKTNtlw
dlXxi5l8qhr6OiAwEVqLde9/xo2QQqRvQ1c36Zu/EAFyA8zB63Xj5iJj44Dnf5oM
R3l2QZ5cJzhXi/i/dTVKVr/oVTsxE1TKmLsKs7rXxtSn7Kg9/iWFyi0/BJG3m3xx
8rHtfIR3FeNRUC65L71YA0ggBZkzKM+CzbXdgZnwTgbZ+4yjq6UdqAeKhQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOwsMSQZN4wAYmt+LJP4LOIsIM2FMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvN0N3eEpCazNqQUJpYTM0c2tfZ3M0aXdnellVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIKrt3SNED1UZRke3fe+
zAwRg/F85cu9BvcOLgKypnquM5pzU+9/k+2C36ywYOV2aq7ZT8VVu2lg8em9/dwS
rhwKVXl99sKu1xVQImb4Wx6mU6wrg/UQiiSEu3rEzily7FLsYqmNluyyld2zbt28
NUA7KIPhdgVU3bi5ZxgGXawXdEmit8/K2p8Uyrx/7zJ3YVsgYC4iMTerHE9KdfOv
9c5rFCIT9z69HcHuHWdLhidRB3C67sxdJAO0amlgSAp1GsLaXa/FfxyfBIJfLzau
4ro9oveHuuYu7nwjPX71xZysUlOPpRe7nhQOERXG0u8LEaOdyRKeO3dHE3D9TJqq
DS8=
-----END CERTIFICATE-----