Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Hrfm7YGwb0BLCdxiKdjoXxidNP4.roa
File:                     Hrfm7YGwb0BLCdxiKdjoXxidNP4.roa (raw, json)
Hash identifier:          q2g9Ikb/cTYNVp/lwXCkKcsL/jZxdX2yN4skDWNAG8Y=
Subject key identifier:   1E:B7:E6:ED:81:B0:6F:40:4B:09:DC:62:29:D8:E8:5F:18:9D:34:FE
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187334CF607932526EB63968F5B628D0B92
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Hrfm7YGwb0BLCdxiKdjoXxidNP4.roa
Signing time:             Thu 30 Mar 2023 16:14:54 +0000
ROA not before:           Thu 30 Mar 2023 16:14:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:33:4c:f6:07:93:25:26:eb:63:96:8f:5b:62:8d:0b:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 30 16:14:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1eb7e6ed81b06f404b09dc6229d8e85f189d34fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:cc:43:2a:64:44:65:67:b6:9c:f2:a1:bc:eb:
                    0b:2d:d1:91:97:4d:2d:15:85:ed:44:15:82:f9:05:
                    5a:ee:c2:65:23:08:36:a7:de:20:50:a2:f3:6f:f2:
                    87:3d:2e:2b:90:b3:14:6c:88:71:c4:23:a1:ea:2e:
                    46:56:a4:cf:f9:27:dc:dd:70:f5:99:cc:23:d7:37:
                    44:b8:22:42:89:5a:2c:e4:81:c3:07:ea:9f:48:61:
                    ee:2a:5c:4d:3b:4f:09:bb:5b:46:8b:1f:5e:ae:6c:
                    55:95:e9:fa:21:c2:b7:8d:87:b5:31:e0:61:c1:b5:
                    4e:64:19:a5:bd:f7:f6:6b:85:5f:6c:5b:34:2a:84:
                    17:68:3a:91:8b:8a:96:73:d9:bc:1a:69:9c:67:8f:
                    8a:24:91:60:3a:ec:9e:9b:7c:f1:b9:9b:93:17:30:
                    5a:ca:ad:b9:04:aa:f0:3c:34:f5:c4:62:db:14:e3:
                    25:af:1a:c1:b3:64:bd:03:8c:54:16:06:3a:ed:3b:
                    de:9e:6f:e9:50:2a:30:da:59:48:17:7d:63:09:3d:
                    4e:00:10:2a:af:5d:4c:46:9a:b2:6c:b1:4a:49:9a:
                    18:25:2c:ad:20:02:4e:7d:92:22:b6:49:68:e2:47:
                    ce:a3:07:8d:c3:0c:b7:30:4c:a5:aa:13:f1:03:6f:
                    c7:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:B7:E6:ED:81:B0:6F:40:4B:09:DC:62:29:D8:E8:5F:18:9D:34:FE
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Hrfm7YGwb0BLCdxiKdjoXxidNP4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:f9:47:07:e9:b1:b3:c0:6d:e6:7a:a8:24:e0:c9:2c:c9:7d:
         68:2b:3c:bf:1b:5f:20:89:89:a0:f0:15:b2:32:9d:20:a2:ca:
         d7:25:4d:59:41:80:03:bc:3c:e6:4c:35:67:18:15:54:2d:e5:
         f1:eb:d0:4a:cb:72:21:56:93:a1:44:27:6b:07:bc:33:e5:e8:
         47:82:f9:88:e5:e0:59:1b:3a:83:a0:27:fa:8e:2b:25:84:be:
         93:e7:d1:23:58:65:58:8d:ef:9e:4f:68:cd:b1:b6:70:ec:09:
         a4:d5:7f:2f:c6:fa:24:b0:6e:2b:0b:98:22:aa:86:41:c4:0b:
         5b:d0:da:a8:92:3a:27:1b:90:11:11:21:90:e1:68:17:48:d3:
         47:31:fd:f5:55:db:69:a5:9d:40:8d:a4:77:34:7b:af:b5:7e:
         1a:5f:5d:c3:05:c3:d6:65:39:28:dc:b9:dd:42:f5:53:4c:18:
         84:f0:fb:48:a5:82:68:a7:24:14:62:36:a3:b7:87:a9:56:fe:
         d3:d4:d1:7c:ea:9b:36:32:7f:62:ea:da:b0:c9:a6:dd:b8:e9:
         fe:ac:75:be:3f:63:d4:b9:ce:14:1f:35:e8:81:8c:8d:70:7d:
         df:c1:fb:fe:c5:00:25:07:01:a2:e4:89:e4:83:49:bf:de:50:
         96:e1:77:45
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYczTPYHkyUm62OWj1tijQuSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzMwMTYxNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWI3ZTZlZDgxYjA2ZjQwNGIwOWRjNjIyOWQ4ZTg1ZjE4OWQzNGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm8xDKmREZWe2nPKhvOsLLdGRl00t
FYXtRBWC+QVa7sJlIwg2p94gUKLzb/KHPS4rkLMUbIhxxCOh6i5GVqTP+Sfc3XD1
mcwj1zdEuCJCiVos5IHDB+qfSGHuKlxNO08Ju1tGix9ermxVlen6IcK3jYe1MeBh
wbVOZBmlvff2a4VfbFs0KoQXaDqRi4qWc9m8GmmcZ4+KJJFgOuyem3zxuZuTFzBa
yq25BKrwPDT1xGLbFOMlrxrBs2S9A4xUFgY67Tvenm/pUCow2llIF31jCT1OABAq
r11MRpqybLFKSZoYJSytIAJOfZIitklo4kfOoweNwwy3MEylqhPxA2/HtwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFB635u2BsG9ASwncYinY6F8YnTT+MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSHJmbTdZR3diMEJMQ2R4aUtkam9YeGlkTlA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAI35RwfpsbPAbeZ6qCTg
ySzJfWgrPL8bXyCJiaDwFbIynSCiytclTVlBgAO8POZMNWcYFVQt5fHr0ErLciFW
k6FEJ2sHvDPl6EeC+Yjl4FkbOoOgJ/qOKyWEvpPn0SNYZViN755PaM2xtnDsCaTV
fy/G+iSwbisLmCKqhkHEC1vQ2qiSOicbkBERIZDhaBdI00cx/fVV22mlnUCNpHc0
e6+1fhpfXcMFw9ZlOSjcud1C9VNMGITw+0ilgminJBRiNqO3h6lW/tPU0XzqmzYy
f2Lq2rDJpt246f6sdb4/Y9S5zhQfNeiBjI1wfd/B+/7FACUHAaLkieSDSb/eUJbh
d0U=
-----END CERTIFICATE-----