Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/j_7GQ2VpImGy21kzTYhKZ7d3jGo.roa
File:                     j_7GQ2VpImGy21kzTYhKZ7d3jGo.roa (raw, json)
Hash identifier:          QgZlKgjkg8qj3JhPu9gulKFi9ILikH+8rRTOBbJWWVs=
Subject key identifier:   8F:FE:C6:43:65:69:22:61:B2:DB:59:33:4D:88:4A:67:B7:77:8C:6A
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01879480CCB5EAA3D02C65BA6B7E065A7826
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/j_7GQ2VpImGy21kzTYhKZ7d3jGo.roa
Signing time:             Tue 18 Apr 2023 13:14:41 +0000
ROA not before:           Tue 18 Apr 2023 13:14:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:94:80:cc:b5:ea:a3:d0:2c:65:ba:6b:7e:06:5a:78:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 18 13:14:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8ffec64365692261b2db59334d884a67b7778c6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:3c:90:e3:00:a9:53:8e:64:8e:9c:b9:b5:c5:
                    16:b4:be:45:6b:2d:5d:3a:c0:9a:a1:02:65:77:67:
                    4f:70:dd:0e:84:5d:31:e9:66:38:1d:9f:f0:f2:79:
                    13:b2:36:fd:22:63:0d:69:66:92:d9:ff:e5:59:21:
                    6e:01:bb:8c:f0:2e:eb:fb:2c:ba:60:43:55:c4:80:
                    4d:47:e7:09:e5:be:a8:c2:16:ff:80:44:3a:8a:a2:
                    37:16:af:74:50:42:1d:a6:f1:04:18:91:ca:41:51:
                    d1:9b:47:51:1c:7c:7e:c0:83:5b:b9:b9:9a:5c:cb:
                    bd:5e:6c:5f:17:6b:bc:c4:af:ed:24:b9:b3:a9:1e:
                    ac:92:2a:7c:92:b2:3a:79:15:5e:b9:9b:59:1b:6e:
                    e2:ca:a2:68:37:70:e5:18:cb:52:76:d8:a6:c7:01:
                    fb:4d:08:06:91:18:98:95:23:88:46:8f:c3:7d:ca:
                    2b:40:9e:58:6f:84:5f:2f:99:1e:d5:2b:26:1f:49:
                    62:da:2f:57:d8:3b:bb:a4:11:9c:3e:10:80:1f:d2:
                    d3:ce:19:e5:10:3b:61:0e:4e:b5:56:9d:57:d5:13:
                    bd:f5:dd:54:45:bd:0a:d4:ba:55:d0:8e:6b:84:1c:
                    17:ee:1e:98:6b:15:c6:66:fb:41:7d:0c:15:99:e6:
                    bd:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:FE:C6:43:65:69:22:61:B2:DB:59:33:4D:88:4A:67:B7:77:8C:6A
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/j_7GQ2VpImGy21kzTYhKZ7d3jGo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:11:74:fe:ff:34:3b:13:ab:3f:75:f8:2f:aa:83:87:e7:18:
         fe:6a:04:00:c2:ad:a8:54:50:5b:51:a9:b3:a7:a1:d2:5f:83:
         e6:99:1b:b3:51:fc:42:aa:8d:b8:16:ad:23:e2:94:8e:8a:7c:
         ec:df:62:8c:0b:55:47:e4:09:3c:76:2d:9d:ab:8b:58:a0:56:
         80:c4:e6:65:bd:93:1c:9d:b6:39:1e:11:69:d9:3e:b8:90:1c:
         d0:10:9a:9b:3b:12:b0:15:b4:d3:dd:89:f0:85:c5:7e:69:90:
         ce:77:6c:54:87:99:16:6b:0e:20:7b:8d:ed:5b:b7:cd:2c:bc:
         f7:38:62:93:1e:8d:30:c1:1d:61:de:70:04:53:3e:7e:e5:85:
         6b:c2:fc:1e:fd:0d:02:5a:36:b1:da:31:74:30:fc:c2:ee:af:
         2c:18:7f:fd:ad:4d:8f:b9:e9:9a:84:04:69:d5:af:a2:d2:fe:
         fd:45:44:5e:e3:5b:52:73:70:15:0c:88:74:f9:8f:a4:94:c7:
         e5:2d:68:8a:91:33:56:1c:eb:a3:13:d4:ae:ac:90:eb:79:10:
         c0:ec:35:a9:c8:b5:74:f5:76:e8:08:41:78:96:71:53:c6:71:
         62:a9:9f:4a:6b:d6:43:b9:3f:94:f5:5d:e3:9c:7c:70:0b:12:
         1d:a7:b6:2b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYeUgMy16qPQLGW6a34GWngmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDE4MTMxNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmZlYzY0MzY1NjkyMjYxYjJkYjU5MzM0ZDg4NGE2N2I3Nzc4YzZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTyQ4wCpU45kjpy5tcUWtL5Fay1d
OsCaoQJld2dPcN0OhF0x6WY4HZ/w8nkTsjb9ImMNaWaS2f/lWSFuAbuM8C7r+yy6
YENVxIBNR+cJ5b6owhb/gEQ6iqI3Fq90UEIdpvEEGJHKQVHRm0dRHHx+wINbubma
XMu9XmxfF2u8xK/tJLmzqR6skip8krI6eRVeuZtZG27iyqJoN3DlGMtSdtimxwH7
TQgGkRiYlSOIRo/DfcorQJ5Yb4RfL5ke1SsmH0li2i9X2Du7pBGcPhCAH9LTzhnl
EDthDk61Vp1X1RO99d1URb0K1LpV0I5rhBwX7h6YaxXGZvtBfQwVmea9qQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFI/+xkNlaSJhsttZM02ISme3d4xqMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEval83R1EyVnBJbUd5MjFrelRZaEtaN2QzakdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFERdP7/NDsTqz91+C+q
g4fnGP5qBADCrahUUFtRqbOnodJfg+aZG7NR/EKqjbgWrSPilI6KfOzfYowLVUfk
CTx2LZ2ri1igVoDE5mW9kxydtjkeEWnZPriQHNAQmps7ErAVtNPdifCFxX5pkM53
bFSHmRZrDiB7je1bt80svPc4YpMejTDBHWHecARTPn7lhWvC/B79DQJaNrHaMXQw
/MLurywYf/2tTY+56ZqEBGnVr6LS/v1FRF7jW1JzcBUMiHT5j6SUx+UtaIqRM1Yc
66MT1K6skOt5EMDsNanItXT1dugIQXiWcVPGcWKpn0pr1kO5P5T1XeOcfHALEh2n
tis=
-----END CERTIFICATE-----