Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/7b82n9P8nluBpGajKJkiQkTfz6I.roa
File:                     7b82n9P8nluBpGajKJkiQkTfz6I.roa (raw, json)
Hash identifier:          0Jh2hyq0dspQjhmxR7YfDkAKppZZjP+l0YX6LC46JuU=
Subject key identifier:   ED:BF:36:9F:D3:FC:9E:5B:81:A4:66:A3:28:99:22:42:44:DF:CF:A2
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01872EF8C9AE54A6BFA0AA8B5EFCF2C6EB4A
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/7b82n9P8nluBpGajKJkiQkTfz6I.roa
Signing time:             Wed 29 Mar 2023 20:04:29 +0000
ROA not before:           Wed 29 Mar 2023 20:04:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:187:2ef8:bb12/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:2e:f8:c9:ae:54:a6:bf:a0:aa:8b:5e:fc:f2:c6:eb:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 29 20:04:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=edbf369fd3fc9e5b81a466a32899224244dfcfa2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:8b:41:a7:c5:d1:c0:d5:83:c1:0d:81:6c:41:
                    f0:aa:45:9a:01:fd:0c:ad:22:fa:13:5e:35:9a:82:
                    e0:ed:e9:ca:30:9d:b2:df:2e:ae:5a:0a:38:82:2b:
                    17:a1:9d:9e:fe:aa:ca:e1:21:0c:db:97:b1:59:6d:
                    4e:32:52:4f:79:30:ce:9c:a9:c4:90:3e:10:40:48:
                    56:9e:5a:6b:0c:d3:d5:95:db:87:c1:4b:4b:ef:a4:
                    ed:90:15:27:41:be:9d:49:5b:26:e9:3d:36:fc:83:
                    3f:4d:48:ae:5a:51:ee:6f:da:51:92:37:2d:83:bc:
                    5b:b2:ca:de:e4:c7:1e:85:32:11:ed:2a:06:1a:9f:
                    4e:aa:46:e2:a5:49:1d:28:76:5a:24:55:b0:23:5f:
                    ae:f3:d5:f1:a6:3e:91:a1:6e:0d:ea:ee:f3:e9:db:
                    8b:47:84:f5:20:6e:eb:7d:dc:68:0d:e1:54:fb:3c:
                    ac:51:ce:4d:ef:f2:d8:63:cf:c0:e8:ea:c6:33:86:
                    59:47:8a:7d:9b:3b:47:5a:0a:6f:db:84:74:32:33:
                    c9:32:9c:d6:6a:a7:43:e0:10:8f:00:b4:ed:ce:ee:
                    91:ff:8c:1b:8f:7e:9e:22:d5:75:ec:df:c6:85:19:
                    1b:07:35:fa:bf:e4:fe:0b:17:32:b6:f4:7e:78:f0:
                    7e:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:BF:36:9F:D3:FC:9E:5B:81:A4:66:A3:28:99:22:42:44:DF:CF:A2
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/7b82n9P8nluBpGajKJkiQkTfz6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         3c:e2:a6:5b:d3:6d:70:e2:09:9c:91:a5:7c:3f:80:2c:0e:89:
         91:64:90:43:0d:aa:22:25:da:96:17:7b:6b:92:36:04:05:a6:
         6b:84:24:0c:0c:a9:70:cf:3b:3b:da:85:54:44:53:8e:e8:65:
         dc:1c:30:fc:c6:de:4e:e5:42:7e:ca:d9:ee:e5:13:5b:4f:c0:
         fa:d9:cc:8f:ae:32:6a:f0:1d:6f:1b:78:d0:47:bb:ae:ea:b7:
         f0:84:b2:38:8e:84:9a:a7:a7:f5:49:3c:75:b3:0a:74:b4:ec:
         ad:89:e6:a9:60:ca:3e:80:78:ed:fa:43:fd:c6:75:e0:39:78:
         32:5e:44:ab:1f:a9:bc:af:80:38:c5:99:34:ce:be:23:a3:0b:
         50:7c:dd:17:86:80:ef:88:46:ff:02:26:2d:52:85:7f:2f:15:
         60:b8:7a:4d:f2:af:e3:05:81:ee:e2:b4:c9:84:14:fb:c3:bb:
         dd:ea:7e:94:60:12:64:1c:fd:3a:b7:a8:75:fa:38:6b:e0:f5:
         86:54:05:04:7b:28:93:69:1a:0a:5a:db:9d:1f:34:5d:61:70:
         be:99:65:8c:5b:e6:d4:fa:73:3b:f6:dc:76:66:d0:62:ab:70:
         95:94:d9:9a:42:da:08:c2:b7:6e:93:35:92:b6:09:03:e6:31:
         ac:66:06:2e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcu+MmuVKa/oKqLXvzyxutKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI5MjAwNDI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGJmMzY5ZmQzZmM5ZTViODFhNDY2YTMyODk5MjI0MjQ0ZGZjZmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhItBp8XRwNWDwQ2BbEHwqkWaAf0M
rSL6E141moLg7enKMJ2y3y6uWgo4gisXoZ2e/qrK4SEM25exWW1OMlJPeTDOnKnE
kD4QQEhWnlprDNPVlduHwUtL76TtkBUnQb6dSVsm6T02/IM/TUiuWlHub9pRkjct
g7xbssre5McehTIR7SoGGp9OqkbipUkdKHZaJFWwI1+u89Xxpj6RoW4N6u7z6duL
R4T1IG7rfdxoDeFU+zysUc5N7/LYY8/A6OrGM4ZZR4p9mztHWgpv24R0MjPJMpzW
aqdD4BCPALTtzu6R/4wbj36eItV17N/GhRkbBzX6v+T+CxcytvR+ePB+mQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFO2/Np/T/J5bgaRmoyiZIkJE38+iMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvN2I4Mm45UDhubHVCcEdhaktKa2lRa1RmejZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADziplvTbXDiCZyRpXw/
gCwOiZFkkEMNqiIl2pYXe2uSNgQFpmuEJAwMqXDPOzvahVREU47oZdwcMPzG3k7l
Qn7K2e7lE1tPwPrZzI+uMmrwHW8beNBHu67qt/CEsjiOhJqnp/VJPHWzCnS07K2J
5qlgyj6AeO36Q/3GdeA5eDJeRKsfqbyvgDjFmTTOviOjC1B83ReGgO+IRv8CJi1S
hX8vFWC4ek3yr+MFge7itMmEFPvDu93qfpRgEmQc/Tq3qHX6OGvg9YZUBQR7KJNp
Ggpa250fNF1hcL6ZZYxb5tT6czv23HZm0GKrcJWU2ZpC2gjCt26TNZK2CQPmMaxm
Bi4=
-----END CERTIFICATE-----