Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/7OS5x5fHU82CSmZLTAamr5gMnAs.roa
File:                     7OS5x5fHU82CSmZLTAamr5gMnAs.roa (raw, json)
Hash identifier:          gDKk0wnkjxwVzr+CEpoMiH+cj2W8Kt9I5V9z/g5SGCs=
Subject key identifier:   EC:E4:B9:C7:97:C7:53:CD:82:4A:66:4B:4C:06:A6:AF:98:0C:9C:0B
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01876BEFFBBD0874C7582F9326E87BB5FF62
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/7OS5x5fHU82CSmZLTAamr5gMnAs.roa
Signing time:             Mon 10 Apr 2023 16:11:42 +0000
ROA not before:           Mon 10 Apr 2023 16:11:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:6b:ef:fb:bd:08:74:c7:58:2f:93:26:e8:7b:b5:ff:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 10 16:11:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ece4b9c797c753cd824a664b4c06a6af980c9c0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:83:bd:e1:72:4b:a5:7b:5f:37:1a:32:dc:e1:
                    d2:e6:40:85:2f:63:f8:c0:57:36:9c:81:59:09:d3:
                    9e:ac:64:ce:48:7c:8e:31:dd:0d:08:c2:71:f3:48:
                    15:85:0c:0b:6e:96:97:a4:dc:6d:26:96:22:11:5b:
                    42:22:29:9f:17:a9:a5:46:93:5c:26:95:84:33:c4:
                    59:39:a8:56:b3:3a:29:9f:dc:13:3c:62:17:13:57:
                    85:f4:c0:bc:4c:50:91:b7:35:29:9f:0b:82:9e:6d:
                    23:fc:81:22:69:57:c3:8b:f1:2a:20:49:9e:6a:7a:
                    79:67:12:7f:06:05:fd:f4:8c:f1:70:63:31:90:3f:
                    66:06:65:a7:fd:5e:cd:bd:74:aa:d9:f2:22:56:5f:
                    0a:9a:36:26:72:74:99:f9:07:ce:08:2e:3b:ce:a2:
                    78:ae:1c:06:79:e7:26:16:63:45:ea:f8:36:54:e3:
                    40:b4:1d:4d:12:89:e6:61:37:3b:b3:f2:8e:c8:7c:
                    75:98:ed:5a:84:37:59:5b:14:e3:74:ad:af:19:a2:
                    87:04:e7:15:e7:50:64:56:26:da:03:0f:dd:df:a5:
                    de:bb:ed:0b:5a:32:57:8a:41:c5:1c:37:87:4c:90:
                    84:b7:a2:f7:52:0e:97:90:43:93:c6:24:96:0a:90:
                    e5:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:E4:B9:C7:97:C7:53:CD:82:4A:66:4B:4C:06:A6:AF:98:0C:9C:0B
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/7OS5x5fHU82CSmZLTAamr5gMnAs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         33:7a:bf:79:cd:15:80:ea:43:77:e1:75:0f:40:2e:6f:f7:15:
         f6:9c:97:10:de:ff:a8:5e:d5:c1:68:bc:c2:35:f3:f2:56:be:
         55:b7:75:4a:69:01:d2:a7:e8:f0:62:c8:02:34:ee:7a:3b:e2:
         c9:23:75:95:e6:32:2d:8e:04:8c:e7:63:f7:61:4b:a2:47:55:
         a0:c0:89:94:be:ac:78:0e:c4:ec:fa:4c:8b:9b:3c:2a:97:87:
         99:e3:43:18:6b:31:ff:e2:2c:4a:82:49:c0:a2:ed:98:2c:bf:
         b0:06:06:2b:a9:c2:92:20:05:e2:0f:ea:6d:93:20:63:66:40:
         b5:e9:eb:95:5e:c5:09:e1:1a:03:08:bd:c4:e7:ef:fe:ee:d0:
         66:59:12:b7:ea:12:90:94:31:3f:35:2e:62:42:76:37:78:60:
         c3:10:5a:96:03:a0:56:f2:ec:4f:de:c5:e2:81:70:ba:8d:cb:
         04:a9:63:f6:30:ef:bb:56:b4:98:f0:c9:00:53:62:72:0c:c7:
         48:d0:fd:c1:a4:7e:7e:32:13:fa:a6:36:09:6e:53:78:c7:45:
         1e:41:da:dc:fd:2c:17:c6:aa:3d:d7:c5:34:ff:94:a9:68:8b:
         4e:30:66:64:f5:94:50:a5:be:80:96:df:e2:15:77:4c:a7:99:
         3d:27:ab:a0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdr7/u9CHTHWC+TJuh7tf9iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDEwMTYxMTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2U0YjljNzk3Yzc1M2NkODI0YTY2NGI0YzA2YTZhZjk4MGM5YzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjoO94XJLpXtfNxoy3OHS5kCFL2P4
wFc2nIFZCdOerGTOSHyOMd0NCMJx80gVhQwLbpaXpNxtJpYiEVtCIimfF6mlRpNc
JpWEM8RZOahWszopn9wTPGIXE1eF9MC8TFCRtzUpnwuCnm0j/IEiaVfDi/EqIEme
anp5ZxJ/BgX99IzxcGMxkD9mBmWn/V7NvXSq2fIiVl8KmjYmcnSZ+QfOCC47zqJ4
rhwGeecmFmNF6vg2VONAtB1NEonmYTc7s/KOyHx1mO1ahDdZWxTjdK2vGaKHBOcV
51BkVibaAw/d36Xeu+0LWjJXikHFHDeHTJCEt6L3Ug6XkEOTxiSWCpDlJQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOzkuceXx1PNgkpmS0wGpq+YDJwLMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvN09TNXg1ZkhVODJDU21aTFRBYW1yNWdNbkFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADN6v3nNFYDqQ3fhdQ9A
Lm/3FfaclxDe/6he1cFovMI18/JWvlW3dUppAdKn6PBiyAI07no74skjdZXmMi2O
BIznY/dhS6JHVaDAiZS+rHgOxOz6TIubPCqXh5njQxhrMf/iLEqCScCi7Zgsv7AG
BiupwpIgBeIP6m2TIGNmQLXp65VexQnhGgMIvcTn7/7u0GZZErfqEpCUMT81LmJC
djd4YMMQWpYDoFby7E/exeKBcLqNywSpY/Yw77tWtJjwyQBTYnIMx0jQ/cGkfn4y
E/qmNgluU3jHRR5B2tz9LBfGqj3XxTT/lKloi04wZmT1lFClvoCW3+IVd0ynmT0n
q6A=
-----END CERTIFICATE-----