Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/h7zR7MIQFkLfXgnPefbz9IBQTGM.roa
File:                     h7zR7MIQFkLfXgnPefbz9IBQTGM.roa (raw, json)
Hash identifier:          fwM7nfkh1l7K26SMua+eSviDNhEW3O/NLn630SwsiJQ=
Subject key identifier:   87:BC:D1:EC:C2:10:16:42:DF:5E:09:CF:79:F6:F3:F4:80:50:4C:63
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018899D76C9EB0010F992701252072650120
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/h7zR7MIQFkLfXgnPefbz9IBQTGM.roa
Signing time:             Thu 08 Jun 2023 07:10:11 +0000
ROA not before:           Thu 08 Jun 2023 07:10:11 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:99:d7:6c:9e:b0:01:0f:99:27:01:25:20:72:65:01:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  8 07:10:11 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=87bcd1ecc2101642df5e09cf79f6f3f480504c63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e1:63:e7:48:2b:d4:0e:4b:b6:b8:d0:9f:64:
                    ce:39:f8:0c:e1:06:5a:07:9b:a3:c5:d8:25:9e:ab:
                    85:9a:53:29:ab:bb:c7:9f:ae:bb:73:e4:14:56:13:
                    30:01:3c:11:49:a8:f4:f0:23:54:c6:a5:00:cc:fa:
                    d8:7e:fa:99:f9:78:23:83:e6:81:ee:c5:4f:1b:3a:
                    40:af:e6:cc:19:60:8a:ba:a1:d6:b4:60:d6:33:b7:
                    40:e0:e1:b4:f8:52:99:9c:44:43:8b:c9:19:9f:b6:
                    e9:68:6a:36:db:fa:6b:3b:00:2c:1c:2d:79:ed:84:
                    c9:1a:23:3d:71:92:0c:59:8d:f3:2e:66:08:07:e7:
                    42:c4:61:80:ed:00:e6:65:98:00:75:b4:2c:36:7b:
                    da:f0:68:9d:ff:46:d2:8b:14:3e:db:41:77:54:63:
                    40:c4:ae:78:06:e6:01:de:25:6c:09:7c:f4:85:41:
                    a0:60:67:3b:60:a2:40:7a:99:fb:00:f1:91:8c:95:
                    46:87:ad:e9:c0:a6:6e:69:c1:81:ec:d8:be:42:90:
                    00:9c:85:d8:b5:68:18:a8:fd:d2:22:21:0a:8c:82:
                    7c:2d:c2:1e:18:d8:95:41:21:e0:71:16:cd:08:bc:
                    8d:06:5e:c9:87:ba:73:11:aa:70:e5:33:89:f8:ea:
                    27:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:BC:D1:EC:C2:10:16:42:DF:5E:09:CF:79:F6:F3:F4:80:50:4C:63
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/h7zR7MIQFkLfXgnPefbz9IBQTGM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         31:99:63:23:77:7b:ae:92:b3:4a:ab:6e:d9:9a:b6:02:70:26:
         7f:10:fd:44:df:c7:cc:ec:cf:25:bd:b4:7e:28:68:a6:88:e9:
         4a:e4:8d:0c:e4:7e:e4:7f:d2:43:0e:ea:fa:f7:2e:e5:5c:7b:
         8e:12:60:37:ed:17:81:a6:45:c8:29:b9:85:95:5c:a4:ac:bc:
         3a:ab:a4:5f:cd:e6:ed:37:77:0e:7b:6e:dc:29:61:da:3e:2f:
         49:2e:72:40:f8:16:c4:7d:d2:e3:7d:7a:84:d9:13:0b:58:ea:
         40:d1:64:49:d4:a2:7e:dd:b2:d7:dd:d7:3b:7b:21:a7:9b:9d:
         9a:68:89:32:dc:cf:fc:f6:08:b0:ba:24:28:5e:1c:77:69:f8:
         37:0a:48:aa:08:a7:3e:dd:d2:f3:db:fa:0c:f9:ec:73:2a:c1:
         d0:15:68:f2:98:b2:e0:46:b7:ac:37:36:f9:b1:19:b5:ef:27:
         f6:ea:46:ba:a6:7c:2b:90:a4:4b:b5:31:1b:60:a9:82:04:22:
         d6:cb:d4:ce:7f:df:31:ed:d2:8d:3f:8b:bf:ab:97:97:31:33:
         9f:a2:fe:12:4c:3c:ab:96:d4:eb:63:49:4e:dc:e9:63:fc:0f:
         0f:68:1d:5f:a7:b1:19:ab:53:db:65:7a:f0:81:d3:fa:7e:d5:
         36:f0:38:08
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiZ12yesAEPmScBJSByZQEgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA4MDcxMDExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2JjZDFlY2MyMTAxNjQyZGY1ZTA5Y2Y3OWY2ZjNmNDgwNTA0YzYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOFj50gr1A5LtrjQn2TOOfgM4QZa
B5ujxdglnquFmlMpq7vHn667c+QUVhMwATwRSaj08CNUxqUAzPrYfvqZ+Xgjg+aB
7sVPGzpAr+bMGWCKuqHWtGDWM7dA4OG0+FKZnERDi8kZn7bpaGo22/prOwAsHC15
7YTJGiM9cZIMWY3zLmYIB+dCxGGA7QDmZZgAdbQsNnva8Gid/0bSixQ+20F3VGNA
xK54BuYB3iVsCXz0hUGgYGc7YKJAepn7APGRjJVGh63pwKZuacGB7Ni+QpAAnIXY
tWgYqP3SIiEKjIJ8LcIeGNiVQSHgcRbNCLyNBl7Jh7pzEapw5TOJ+OonMQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIe80ezCEBZC314Jz3n28/SAUExjMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvaDd6UjdNSVFGa0xmWGduUGVmYno5SUJRVEdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADGZYyN3e66Ss0qrbtma
tgJwJn8Q/UTfx8zszyW9tH4oaKaI6UrkjQzkfuR/0kMO6vr3LuVce44SYDftF4Gm
RcgpuYWVXKSsvDqrpF/N5u03dw57btwpYdo+L0kuckD4FsR90uN9eoTZEwtY6kDR
ZEnUon7dstfd1zt7IaebnZpoiTLcz/z2CLC6JCheHHdp+DcKSKoIpz7d0vPb+gz5
7HMqwdAVaPKYsuBGt6w3NvmxGbXvJ/bqRrqmfCuQpEu1MRtgqYIEItbL1M5/3zHt
0o0/i7+rl5cxM5+i/hJMPKuW1OtjSU7c6WP8Dw9oHV+nsRmrU9tlevCB0/p+1Tbw
OAg=
-----END CERTIFICATE-----