Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/15p7CscbXV7t2lQfAq0W7fsqVOk.roa
File:                     15p7CscbXV7t2lQfAq0W7fsqVOk.roa (raw, json)
Hash identifier:          h/Crblo5VJwrl21H72NnkCcI9zyCDTej6s/aMLwEOqE=
Subject key identifier:   D7:9A:7B:0A:C7:1B:5D:5E:ED:DA:54:1F:02:AD:16:ED:FB:2A:54:E9
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01887F08A2B00B6E34133BB4192924E76574
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/15p7CscbXV7t2lQfAq0W7fsqVOk.roa
Signing time:             Sat 03 Jun 2023 02:14:12 +0000
ROA not before:           Sat 03 Jun 2023 02:14:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:7f:08:a2:b0:0b:6e:34:13:3b:b4:19:29:24:e7:65:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  3 02:14:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d79a7b0ac71b5d5eedda541f02ad16edfb2a54e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:14:3c:ef:b6:dc:18:61:9f:2d:fb:5f:51:59:
                    41:16:b4:74:2c:96:29:99:a3:c0:77:aa:3a:1e:14:
                    a0:e7:2d:59:72:6a:5c:ab:e3:ba:e9:1d:8c:58:6d:
                    8a:3d:5e:a0:3a:1d:7b:b9:57:d2:0c:c6:e7:51:6d:
                    16:71:15:e4:27:6f:3d:4d:10:f1:c8:ec:41:db:fa:
                    75:17:8f:8c:b4:87:c9:42:2b:a2:40:61:e2:42:d7:
                    40:ac:ce:af:58:75:ac:64:1a:f0:e2:b8:10:e9:8f:
                    c4:f4:4e:b8:31:32:84:cb:bc:01:75:0f:5b:37:e4:
                    c5:df:29:87:25:b8:c6:98:9b:57:cf:40:ab:a8:7c:
                    f5:a6:68:b7:a2:0c:91:ff:a7:20:02:50:4f:a2:3e:
                    67:32:17:f7:73:29:b7:0f:95:1e:80:ab:cb:3b:34:
                    ef:76:d1:32:46:62:86:a8:f5:ad:9d:60:b4:03:27:
                    f0:05:c8:2f:5c:e7:c2:05:75:34:b9:b6:ca:88:9d:
                    b9:c6:6b:1a:9a:a4:6f:f0:1c:23:6d:29:95:7b:6f:
                    4c:99:02:a7:50:3f:08:ea:e5:be:d0:f0:f8:ab:44:
                    ee:bb:a4:d8:b9:f9:6d:b5:3e:f1:d9:d7:84:96:c1:
                    fb:83:02:c5:22:33:42:9c:d6:f6:19:17:45:ab:fc:
                    51:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:9A:7B:0A:C7:1B:5D:5E:ED:DA:54:1F:02:AD:16:ED:FB:2A:54:E9
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/15p7CscbXV7t2lQfAq0W7fsqVOk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         6f:2c:28:e6:68:d4:94:8d:68:26:8a:62:ff:1a:f6:da:2e:9d:
         25:50:2b:ac:22:bc:86:05:a7:41:24:11:0b:2e:ce:74:45:79:
         6e:51:aa:b4:20:3c:d1:8f:f5:bd:52:ba:18:c1:f3:68:f7:9f:
         5f:94:e4:a2:74:2e:0c:7a:af:2b:3a:41:05:78:1f:ec:cb:7f:
         0d:e0:bb:8b:0a:c3:17:0b:3f:28:cb:9e:1d:ff:8c:fe:23:c5:
         c2:bb:0b:27:53:5a:a4:82:55:f1:16:a1:be:30:46:75:28:7e:
         90:01:9d:a9:9b:ac:b3:7c:d8:33:8d:5b:8a:38:77:01:2c:2d:
         a4:ee:70:3d:44:7b:bc:ca:9f:83:34:df:6d:37:fc:fb:ac:ce:
         24:01:59:53:24:ab:9b:5a:a6:59:8a:4a:6a:63:5e:b8:c0:e3:
         f2:b3:2b:11:e1:ab:bf:25:6e:d8:1d:59:26:e3:0f:e0:62:12:
         fc:b7:17:34:d3:c1:36:ef:72:fb:97:c5:a9:86:45:e5:db:84:
         91:f6:9f:0b:39:ea:fc:a9:ed:c2:6c:b6:83:57:3e:47:5d:e5:
         08:0f:2b:d4:50:6f:dc:f7:48:3f:1b:d0:ec:fb:25:20:87:bc:
         2e:37:98:04:e8:54:ab:4e:4a:1e:b1:d2:0f:8e:cc:f8:d0:26:
         dd:4f:ce:c8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYh/CKKwC240Ezu0GSkk52V0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjAzMDIxNDEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzlhN2IwYWM3MWI1ZDVlZWRkYTU0MWYwMmFkMTZlZGZiMmE1NGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBQ877bcGGGfLftfUVlBFrR0LJYp
maPAd6o6HhSg5y1Zcmpcq+O66R2MWG2KPV6gOh17uVfSDMbnUW0WcRXkJ289TRDx
yOxB2/p1F4+MtIfJQiuiQGHiQtdArM6vWHWsZBrw4rgQ6Y/E9E64MTKEy7wBdQ9b
N+TF3ymHJbjGmJtXz0CrqHz1pmi3ogyR/6cgAlBPoj5nMhf3cym3D5UegKvLOzTv
dtEyRmKGqPWtnWC0AyfwBcgvXOfCBXU0ubbKiJ25xmsamqRv8BwjbSmVe29MmQKn
UD8I6uW+0PD4q0Tuu6TYuflttT7x2deElsH7gwLFIjNCnNb2GRdFq/xRkwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNeaewrHG11e7dpUHwKtFu37KlTpMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMTVwN0NzY2JYVjd0MmxRZkFxMFc3ZnNxVk9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAG8sKOZo1JSNaCaKYv8a
9tounSVQK6wivIYFp0EkEQsuznRFeW5RqrQgPNGP9b1SuhjB82j3n1+U5KJ0Lgx6
rys6QQV4H+zLfw3gu4sKwxcLPyjLnh3/jP4jxcK7CydTWqSCVfEWob4wRnUofpAB
nambrLN82DONW4o4dwEsLaTucD1Ee7zKn4M03203/PusziQBWVMkq5taplmKSmpj
XrjA4/KzKxHhq78lbtgdWSbjD+BiEvy3FzTTwTbvcvuXxamGReXbhJH2nws56vyp
7cJstoNXPkdd5QgPK9RQb9z3SD8b0Oz7JSCHvC43mAToVKtOSh6x0g+OzPjQJt1P
zsg=
-----END CERTIFICATE-----