Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/o1-7-XIX7KH4MNBqSpkXzz1uDXE.roa
File:                     o1-7-XIX7KH4MNBqSpkXzz1uDXE.roa (raw, json)
Hash identifier:          UjkHo/POkvLCjWkg/69+91XwBfKMFnUhbY8a6NuYtQ4=
Subject key identifier:   A3:5F:BB:F9:72:17:EC:A1:F8:30:D0:6A:4A:99:17:CF:3D:6E:0D:71
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01886BB551D0A4417E84FDE2F7CF0E553F29
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/o1-7-XIX7KH4MNBqSpkXzz1uDXE.roa
Signing time:             Tue 30 May 2023 08:10:24 +0000
ROA not before:           Tue 30 May 2023 08:10:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:6b:b5:51:d0:a4:41:7e:84:fd:e2:f7:cf:0e:55:3f:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 30 08:10:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a35fbbf97217eca1f830d06a4a9917cf3d6e0d71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ee:65:62:6b:00:c0:bf:fa:9a:ae:07:47:9d:
                    77:1c:13:66:1f:48:b1:15:9c:9d:e6:13:15:00:2d:
                    71:16:c1:4e:01:af:70:8f:a4:01:a8:3c:b4:b0:98:
                    44:96:15:7b:e8:51:86:9f:95:0f:91:d5:a0:2d:6a:
                    90:d5:d4:74:29:42:e4:23:a1:6e:a5:ea:d9:a9:da:
                    b9:92:81:74:04:dd:e3:93:ed:97:c0:bf:35:32:ac:
                    b8:b4:b2:62:c0:6d:38:63:81:45:a7:46:49:fb:2e:
                    b9:1b:62:55:a9:19:f8:b5:c5:9f:6a:7e:60:4b:06:
                    eb:1f:66:d2:b6:3d:81:76:a2:4d:c7:d4:80:17:7f:
                    85:83:ab:9c:d7:31:cd:d7:f1:f3:41:2d:8c:18:af:
                    42:72:77:b0:d0:40:f5:29:d0:be:2d:3d:c0:50:68:
                    4c:f9:c8:2a:46:fa:9c:76:60:7c:ee:73:5a:a1:fe:
                    e5:02:fc:1f:d6:c5:94:29:f2:81:23:5b:0b:99:5e:
                    80:67:87:f8:f3:5a:e5:de:2d:7a:11:b6:f5:26:8f:
                    52:80:82:fc:69:03:c1:bc:a3:e9:51:e9:d9:e4:65:
                    4f:8e:7f:36:b9:69:91:10:a6:c2:23:5a:0b:22:6c:
                    ce:8c:31:e4:fd:24:ba:ec:ce:89:d1:91:6d:8a:08:
                    96:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:5F:BB:F9:72:17:EC:A1:F8:30:D0:6A:4A:99:17:CF:3D:6E:0D:71
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/o1-7-XIX7KH4MNBqSpkXzz1uDXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         98:a6:14:4d:03:c5:39:62:f5:19:f0:6e:01:e7:14:85:12:bc:
         c7:11:34:e3:c4:91:23:65:45:86:53:bc:94:19:46:97:a9:61:
         6f:0e:86:ca:ac:ab:99:c2:f4:1b:53:3b:94:58:2c:c7:0f:6b:
         8e:99:b2:dd:02:03:9e:59:96:03:94:06:aa:da:90:8c:b2:71:
         a3:d2:f5:94:12:ea:a7:3e:65:3a:e6:89:27:8b:f8:d3:61:bf:
         20:15:2d:6c:e5:09:d2:cf:8b:64:bf:ca:95:ee:5b:9e:96:53:
         85:88:5e:00:3c:27:d4:28:a2:0e:f6:b2:a8:79:2c:be:29:28:
         cd:b4:bb:3b:8f:64:db:68:0d:4d:84:4f:e4:40:10:10:70:7f:
         ef:87:89:e2:89:48:f2:e6:e0:c1:2a:c5:84:52:23:67:e6:a1:
         7c:8b:1e:d4:1d:45:a0:b7:82:d2:13:18:1c:57:44:83:0d:ee:
         df:11:bc:50:62:0c:33:76:f6:77:13:83:71:c8:5f:63:ee:63:
         a6:86:5f:b9:7e:65:2a:14:40:5d:4f:2e:d8:78:40:36:e0:10:
         1d:6b:ef:45:06:5f:fe:97:a4:48:fd:86:71:c5:3b:43:d4:45:
         44:40:0f:de:eb:9f:f0:98:58:3e:58:a4:a6:7e:d8:b2:e9:09:
         45:4d:56:b5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhrtVHQpEF+hP3i988OVT8pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTMwMDgxMDI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzVmYmJmOTcyMTdlY2ExZjgzMGQwNmE0YTk5MTdjZjNkNmUwZDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqu5lYmsAwL/6mq4HR513HBNmH0ix
FZyd5hMVAC1xFsFOAa9wj6QBqDy0sJhElhV76FGGn5UPkdWgLWqQ1dR0KULkI6Fu
perZqdq5koF0BN3jk+2XwL81Mqy4tLJiwG04Y4FFp0ZJ+y65G2JVqRn4tcWfan5g
SwbrH2bStj2BdqJNx9SAF3+Fg6uc1zHN1/HzQS2MGK9Ccnew0ED1KdC+LT3AUGhM
+cgqRvqcdmB87nNaof7lAvwf1sWUKfKBI1sLmV6AZ4f481rl3i16Ebb1Jo9SgIL8
aQPBvKPpUenZ5GVPjn82uWmREKbCI1oLImzOjDHk/SS67M6J0ZFtigiWSwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKNfu/lyF+yh+DDQakqZF889bg1xMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbzEtNy1YSVg3S0g0TU5CcVNwa1h6ejF1RFhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJimFE0DxTli9RnwbgHn
FIUSvMcRNOPEkSNlRYZTvJQZRpepYW8Ohsqsq5nC9BtTO5RYLMcPa46Zst0CA55Z
lgOUBqrakIyycaPS9ZQS6qc+ZTrmiSeL+NNhvyAVLWzlCdLPi2S/ypXuW56WU4WI
XgA8J9Qoog72sqh5LL4pKM20uzuPZNtoDU2ET+RAEBBwf++HieKJSPLm4MEqxYRS
I2fmoXyLHtQdRaC3gtITGBxXRIMN7t8RvFBiDDN29ncTg3HIX2PuY6aGX7l+ZSoU
QF1PLth4QDbgEB1r70UGX/6XpEj9hnHFO0PURURAD97rn/CYWD5YpKZ+2LLpCUVN
VrU=
-----END CERTIFICATE-----