Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/7AfbT_M2SWjJM8YaOREI8T4NBmo.roa
File:                     7AfbT_M2SWjJM8YaOREI8T4NBmo.roa (raw, json)
Hash identifier:          jdzUPiQ+8vMFJt5RdGdgXOXARMnPjDa3Dkak4miMAUY=
Subject key identifier:   EC:07:DB:4F:F3:36:49:68:C9:33:C6:1A:39:11:08:F1:3E:0D:06:6A
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187266BDF5AE3344A346248F885249BAA80
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/7AfbT_M2SWjJM8YaOREI8T4NBmo.roa
Signing time:             Tue 28 Mar 2023 04:13:36 +0000
ROA not before:           Tue 28 Mar 2023 04:13:36 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:26:6b:df:5a:e3:34:4a:34:62:48:f8:85:24:9b:aa:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 28 04:13:36 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ec07db4ff3364968c933c61a391108f13e0d066a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:31:10:b6:d2:f5:e9:ea:5f:be:20:c5:c6:67:
                    32:de:17:1c:d8:2c:2a:3b:8d:89:7f:7d:82:0c:36:
                    e4:72:a4:30:4c:b0:9f:8e:99:f9:61:df:e7:22:ca:
                    7b:b4:af:d1:8f:5d:b6:28:d6:5b:13:e1:ee:22:cf:
                    6c:3c:44:a8:df:87:a6:ac:ee:e8:7a:1f:f8:2e:39:
                    3a:40:f0:59:15:8f:20:c7:00:5c:33:3f:77:20:a4:
                    5a:0e:4b:b2:94:87:44:92:4f:02:58:bc:b5:16:e9:
                    0b:56:aa:4b:f8:21:60:fd:df:27:68:05:8a:b7:f8:
                    5d:39:e7:e6:89:8f:8b:57:d7:e3:56:00:46:88:ce:
                    06:45:3e:35:d3:bf:58:08:5b:81:88:46:cf:cc:f5:
                    af:81:55:3b:31:f9:80:e8:41:82:ca:4c:a1:13:64:
                    ea:54:5c:fb:ec:e3:18:8f:0a:c7:10:6c:ea:1e:56:
                    d1:7e:10:24:2c:bb:6f:71:5f:16:22:e0:a7:3e:86:
                    ef:1a:3f:5d:01:7e:30:d2:18:f2:6b:04:6d:d4:c2:
                    ad:e8:54:8d:7c:3e:58:47:79:c4:62:ff:0e:2b:dd:
                    55:3c:a6:7f:90:b2:d3:ce:cd:88:80:c7:98:c8:82:
                    b8:db:97:1e:1a:f9:30:4a:d5:2f:26:40:58:97:f1:
                    84:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:07:DB:4F:F3:36:49:68:C9:33:C6:1A:39:11:08:F1:3E:0D:06:6A
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/7AfbT_M2SWjJM8YaOREI8T4NBmo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         5f:95:bb:5e:61:3b:c8:9d:9c:2c:f1:a7:0d:65:f0:b7:4c:28:
         7f:38:f1:83:62:b0:58:7f:14:4e:3b:24:d0:b3:f7:1e:39:c1:
         57:41:f0:da:e7:c2:91:c0:f8:f6:63:da:9b:0e:55:41:40:d3:
         65:08:58:4f:de:c3:29:a2:e6:3a:55:f5:ff:12:66:7a:55:26:
         91:7c:ef:2f:9b:9c:a8:99:18:cd:3d:a7:5e:2b:c5:dd:34:51:
         40:2a:97:a4:9c:f6:89:b0:4c:9c:89:3f:9c:6c:30:35:9b:d6:
         3b:aa:a0:05:5c:5e:62:af:ef:6b:2c:79:fa:b5:7f:5a:e5:11:
         70:ba:35:d1:be:17:e9:ad:7b:5c:47:10:2f:8c:1d:c6:b2:84:
         f6:69:f9:63:75:f4:f1:34:9f:4a:a6:68:4e:3e:67:f3:25:e4:
         4a:48:ec:99:8b:bb:14:6f:d5:e1:ce:e0:20:38:9c:36:44:bd:
         84:5e:56:3d:d1:b6:eb:4f:de:32:a3:0e:45:5d:53:c4:7e:56:
         35:03:f9:c3:f1:8f:18:09:6a:0e:80:23:cf:ba:c5:5e:f1:2a:
         1a:bf:77:22:be:96:f2:67:a2:1d:31:94:d0:d9:d3:2a:7a:c4:
         06:db:20:b2:cf:eb:b1:ef:c5:71:c8:59:e3:7d:cf:e2:67:b5:
         dc:bf:88:2e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcma99a4zRKNGJI+IUkm6qAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI4MDQxMzM2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzA3ZGI0ZmYzMzY0OTY4YzkzM2M2MWEzOTExMDhmMTNlMGQwNjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1DEQttL16epfviDFxmcy3hcc2Cwq
O42Jf32CDDbkcqQwTLCfjpn5Yd/nIsp7tK/Rj122KNZbE+HuIs9sPESo34emrO7o
eh/4Ljk6QPBZFY8gxwBcMz93IKRaDkuylIdEkk8CWLy1FukLVqpL+CFg/d8naAWK
t/hdOefmiY+LV9fjVgBGiM4GRT41079YCFuBiEbPzPWvgVU7MfmA6EGCykyhE2Tq
VFz77OMYjwrHEGzqHlbRfhAkLLtvcV8WIuCnPobvGj9dAX4w0hjyawRt1MKt6FSN
fD5YR3nEYv8OK91VPKZ/kLLTzs2IgMeYyIK425ceGvkwStUvJkBYl/GEtwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOwH20/zNkloyTPGGjkRCPE+DQZqMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvN0FmYlRfTTJTV2pKTThZYU9SRUk4VDROQm1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAF+Vu15hO8idnCzxpw1l
8LdMKH848YNisFh/FE47JNCz9x45wVdB8NrnwpHA+PZj2psOVUFA02UIWE/ewymi
5jpV9f8SZnpVJpF87y+bnKiZGM09p14rxd00UUAql6Sc9omwTJyJP5xsMDWb1juq
oAVcXmKv72ssefq1f1rlEXC6NdG+F+mte1xHEC+MHcayhPZp+WN19PE0n0qmaE4+
Z/Ml5EpI7JmLuxRv1eHO4CA4nDZEvYReVj3RtutP3jKjDkVdU8R+VjUD+cPxjxgJ
ag6AI8+6xV7xKhq/dyK+lvJnoh0xlNDZ0yp6xAbbILLP67HvxXHIWeN9z+Jntdy/
iC4=
-----END CERTIFICATE-----