Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/un7TmWor7UMHLQrlMGJjEbd2vl0.roa
File:                     un7TmWor7UMHLQrlMGJjEbd2vl0.roa (raw, json)
Hash identifier:          oxrIoGidFDRKNs1xchA3zgGvEmKvNgTvDDLloxePm+I=
Subject key identifier:   BA:7E:D3:99:6A:2B:ED:43:07:2D:0A:E5:30:62:63:11:B7:76:BE:5D
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01872F370BE634CA47426F36FAE868B8E68A
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/un7TmWor7UMHLQrlMGJjEbd2vl0.roa
Signing time:             Wed 29 Mar 2023 21:12:29 +0000
ROA not before:           Wed 29 Mar 2023 21:12:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:2f:37:0b:e6:34:ca:47:42:6f:36:fa:e8:68:b8:e6:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 29 21:12:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ba7ed3996a2bed43072d0ae530626311b776be5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:9b:9a:30:63:4c:00:fc:0d:93:b8:f7:9c:09:
                    34:16:5f:6e:c8:42:9d:8e:d5:5d:0c:4e:7b:99:9f:
                    c6:ce:27:11:0a:d4:83:73:90:65:60:90:11:eb:c0:
                    e1:65:7f:9b:4c:94:57:c7:f3:e2:f4:83:b7:48:42:
                    e8:a2:aa:fc:44:4e:16:98:a1:5c:fb:35:f7:66:5d:
                    b3:f4:c5:42:cb:72:c7:df:8c:1d:33:ee:02:70:d4:
                    7a:2b:5d:96:58:3d:fa:b7:13:58:ff:ab:70:78:07:
                    23:b4:e1:20:48:68:63:77:5d:d8:7f:d8:ef:98:f8:
                    07:23:b3:c1:d3:55:d4:b6:cb:35:35:ce:af:7e:b1:
                    6d:91:64:ca:de:b5:fc:20:62:5a:b2:cb:8a:1d:d5:
                    67:44:bb:ce:44:06:f2:ab:cc:97:03:34:2e:e1:fd:
                    cc:2d:83:ab:3a:4e:8a:83:a5:07:be:64:d3:45:d6:
                    b4:c4:f8:4e:54:06:36:e3:22:e7:8a:cd:fe:90:39:
                    77:7f:68:f7:df:d2:f8:40:11:e8:87:42:bd:78:97:
                    18:c5:c5:90:ae:f8:40:c9:cb:dc:4a:6f:8e:27:fd:
                    ba:05:76:b6:66:a5:2e:c5:92:b5:b7:e2:55:52:b0:
                    ec:22:3c:1b:50:a5:88:30:22:79:a8:ee:b6:bc:2e:
                    96:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:7E:D3:99:6A:2B:ED:43:07:2D:0A:E5:30:62:63:11:B7:76:BE:5D
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/un7TmWor7UMHLQrlMGJjEbd2vl0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         01:5e:62:93:72:04:a0:ad:34:e3:71:d9:6b:2c:ef:55:bd:55:
         22:18:38:46:fd:b1:8c:0d:a5:d9:46:6a:9d:f4:68:26:ef:dc:
         ea:19:4c:98:00:1f:02:2d:02:98:bb:36:2e:7b:27:fb:66:e3:
         c8:5e:04:91:81:0a:fb:e1:0f:a1:c4:15:8d:e9:3c:a7:29:9e:
         cb:9e:bc:2e:50:89:75:46:b7:a2:af:dc:fd:4f:aa:ed:55:59:
         96:1f:71:b1:8e:4f:ca:07:5a:da:14:ea:ed:a5:3a:f8:b6:9c:
         dd:5a:23:8a:85:fe:9e:a4:97:51:68:73:d1:8f:e4:3b:cd:c1:
         7d:ea:20:3f:c6:40:35:5c:47:e9:cc:63:8b:4f:fb:6f:78:90:
         73:b7:69:ee:2d:f8:0c:00:5c:db:9d:4d:38:fb:d6:51:11:8b:
         7a:42:0f:e0:15:65:93:ad:70:26:f8:5f:28:32:3f:cd:27:06:
         3c:22:79:1c:4b:3b:81:03:dd:d0:6d:70:88:f6:71:37:c5:8f:
         cf:ae:45:e5:23:9f:2a:f6:3d:61:ea:98:49:8a:61:50:a1:41:
         c3:c8:f4:c0:9b:3e:8b:cf:96:12:d9:51:47:0c:54:9b:c5:09:
         7d:7e:04:1d:ef:bb:50:be:b5:6d:b4:ce:b1:7a:1b:2e:3f:e9:
         5c:bc:12:72
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcvNwvmNMpHQm82+uhouOaKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI5MjExMjI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTdlZDM5OTZhMmJlZDQzMDcyZDBhZTUzMDYyNjMxMWI3NzZiZTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0JuaMGNMAPwNk7j3nAk0Fl9uyEKd
jtVdDE57mZ/GzicRCtSDc5BlYJAR68DhZX+bTJRXx/Pi9IO3SELooqr8RE4WmKFc
+zX3Zl2z9MVCy3LH34wdM+4CcNR6K12WWD36txNY/6tweAcjtOEgSGhjd13Yf9jv
mPgHI7PB01XUtss1Nc6vfrFtkWTK3rX8IGJassuKHdVnRLvORAbyq8yXAzQu4f3M
LYOrOk6Kg6UHvmTTRda0xPhOVAY24yLnis3+kDl3f2j339L4QBHoh0K9eJcYxcWQ
rvhAycvcSm+OJ/26BXa2ZqUuxZK1t+JVUrDsIjwbUKWIMCJ5qO62vC6WEwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLp+05lqK+1DBy0K5TBiYxG3dr5dMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvdW43VG1Xb3I3VU1ITFFybE1HSmpFYmQydmwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAFeYpNyBKCtNONx2Wss
71W9VSIYOEb9sYwNpdlGap30aCbv3OoZTJgAHwItApi7Ni57J/tm48heBJGBCvvh
D6HEFY3pPKcpnsuevC5QiXVGt6Kv3P1Pqu1VWZYfcbGOT8oHWtoU6u2lOvi2nN1a
I4qF/p6kl1Foc9GP5DvNwX3qID/GQDVcR+nMY4tP+294kHO3ae4t+AwAXNudTTj7
1lERi3pCD+AVZZOtcCb4XygyP80nBjwieRxLO4ED3dBtcIj2cTfFj8+uReUjnyr2
PWHqmEmKYVChQcPI9MCbPovPlhLZUUcMVJvFCX1+BB3vu1C+tW20zrF6Gy4/6Vy8
EnI=
-----END CERTIFICATE-----