Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/t7HrLLhaMSMbhbgStzKMzZzQdRc.roa
File:                     t7HrLLhaMSMbhbgStzKMzZzQdRc.roa (raw, json)
Hash identifier:          rPnItBDrOBycsWneP98NKPSvxiRd9HK+zSMCG+DtNRk=
Subject key identifier:   B7:B1:EB:2C:B8:5A:31:23:1B:85:B8:12:B7:32:8C:CD:9C:D0:75:17
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01898687FE63CA708EB969A6E553569D3219
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/t7HrLLhaMSMbhbgStzKMzZzQdRc.roa
Signing time:             Mon 24 Jul 2023 06:13:26 +0000
ROA not before:           Mon 24 Jul 2023 06:13:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:86:87:fe:63:ca:70:8e:b9:69:a6:e5:53:56:9d:32:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 24 06:13:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b7b1eb2cb85a31231b85b812b7328ccd9cd07517
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:19:4b:cf:62:2b:6d:3c:94:ba:76:a6:cf:30:
                    68:73:13:c9:9f:b5:8e:43:5b:da:31:7e:3b:a0:e5:
                    07:de:b4:dd:93:67:a4:55:f6:27:b7:0a:8f:95:1e:
                    8d:7b:9c:1d:d7:1a:85:d2:75:89:ba:a9:cf:74:66:
                    0a:eb:30:48:4f:5c:7e:1d:04:12:8a:e6:be:24:c6:
                    fb:5a:7d:a2:17:3e:ce:46:e2:67:2a:67:d2:1f:84:
                    37:77:a8:c0:77:b6:96:b2:9b:67:5a:2e:3e:f2:36:
                    71:6f:4a:23:a5:5f:02:2c:91:7d:5b:4d:0a:b8:77:
                    5d:2a:14:a4:db:d1:18:4c:0d:8f:aa:0b:e5:61:36:
                    41:42:38:f4:3b:f8:fd:e8:7c:10:ee:3b:2d:e3:ec:
                    2f:5c:fa:9c:3b:54:55:b3:1a:05:7d:9c:da:91:41:
                    91:14:bc:45:27:0c:78:22:f2:54:8c:45:5a:8f:9c:
                    3b:88:b7:cc:57:d0:43:e4:98:e0:d9:ec:62:ad:09:
                    96:24:76:58:d9:c9:99:2e:0a:10:e3:d4:83:84:3c:
                    b1:75:27:a6:ce:e4:d8:92:da:7f:5c:8b:8c:b5:ad:
                    13:bc:0f:e4:25:0d:cf:9c:6a:a9:55:9a:37:f0:c0:
                    46:0f:86:cb:82:bb:27:b2:1c:89:02:1e:07:db:d7:
                    d8:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:B1:EB:2C:B8:5A:31:23:1B:85:B8:12:B7:32:8C:CD:9C:D0:75:17
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/t7HrLLhaMSMbhbgStzKMzZzQdRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         8b:4c:d4:ae:85:23:3a:b0:04:a2:67:89:11:a9:25:5b:e3:73:
         83:8d:47:b6:d8:82:f3:45:ea:20:18:8e:2d:3d:c4:28:81:4f:
         6d:95:7a:fb:1b:ef:aa:01:e6:bd:9f:5e:07:41:40:d0:0d:c1:
         13:28:08:57:92:17:8d:3a:0d:b1:08:0c:ed:6e:ec:6e:83:b1:
         63:2f:5d:35:14:eb:f2:35:29:83:17:f7:c0:ae:ba:51:69:60:
         46:ea:bc:c9:f7:55:65:72:3e:20:36:6b:c1:91:8e:d6:c8:c3:
         5f:24:2a:b0:48:ed:1f:f0:63:52:d6:35:fa:42:62:81:8b:fa:
         72:f7:0f:cb:1b:e4:38:e2:c8:83:1c:50:83:c4:a7:26:27:82:
         36:eb:4b:1a:a3:b8:51:ff:28:11:e5:ba:a1:13:59:99:47:6c:
         8d:bb:ea:03:84:57:c2:47:4b:5b:3c:b1:9f:ae:1c:5b:ae:54:
         3b:8d:cc:a3:27:77:d1:75:b6:88:c2:1b:fe:9d:ac:42:52:22:
         08:05:b8:ca:b6:93:e6:8e:66:47:88:e7:b8:db:da:48:61:84:
         a6:c8:c4:26:ce:28:fc:6e:20:35:11:3b:a1:89:81:10:f0:74:
         1d:61:e1:61:fc:18:91:3d:1c:5f:36:d2:51:9d:58:c7:41:4c:
         18:17:4b:d5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYmGh/5jynCOuWmm5VNWnTIZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzI0MDYxMzI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2IxZWIyY2I4NWEzMTIzMWI4NWI4MTJiNzMyOGNjZDljZDA3NTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxBlLz2IrbTyUunamzzBocxPJn7WO
Q1vaMX47oOUH3rTdk2ekVfYntwqPlR6Ne5wd1xqF0nWJuqnPdGYK6zBIT1x+HQQS
iua+JMb7Wn2iFz7ORuJnKmfSH4Q3d6jAd7aWsptnWi4+8jZxb0ojpV8CLJF9W00K
uHddKhSk29EYTA2PqgvlYTZBQjj0O/j96HwQ7jst4+wvXPqcO1RVsxoFfZzakUGR
FLxFJwx4IvJUjEVaj5w7iLfMV9BD5Jjg2exirQmWJHZY2cmZLgoQ49SDhDyxdSem
zuTYktp/XIuMta0TvA/kJQ3PnGqpVZo38MBGD4bLgrsnshyJAh4H29fY0QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLex6yy4WjEjG4W4ErcyjM2c0HUXMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvdDdIckxMaGFNU01iaGJnU3R6S016WnpRZFJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAItM1K6FIzqwBKJniRGp
JVvjc4ONR7bYgvNF6iAYji09xCiBT22Vevsb76oB5r2fXgdBQNANwRMoCFeSF406
DbEIDO1u7G6DsWMvXTUU6/I1KYMX98CuulFpYEbqvMn3VWVyPiA2a8GRjtbIw18k
KrBI7R/wY1LWNfpCYoGL+nL3D8sb5DjiyIMcUIPEpyYngjbrSxqjuFH/KBHluqET
WZlHbI276gOEV8JHS1s8sZ+uHFuuVDuNzKMnd9F1tojCG/6drEJSIggFuMq2k+aO
ZkeI57jb2khhhKbIxCbOKPxuIDURO6GJgRDwdB1h4WH8GJE9HF820lGdWMdBTBgX
S9U=
-----END CERTIFICATE-----