Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/7Bc2B7YB5DAAaycrLHGkPfwnFig.roa
File:                     7Bc2B7YB5DAAaycrLHGkPfwnFig.roa (raw, json)
Hash identifier:          JfxoMR7/e+aaF0eWkLKRROhOGRFxe6fDKsBe1prlcmI=
Subject key identifier:   EC:17:36:07:B6:01:E4:30:00:6B:27:2B:2C:71:A4:3D:FC:27:16:28
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188BE50C18D7E06F48664C1CD29F7CF1A21
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/7Bc2B7YB5DAAaycrLHGkPfwnFig.roa
Signing time:             Thu 15 Jun 2023 09:09:03 +0000
ROA not before:           Thu 15 Jun 2023 09:09:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:be:50:c1:8d:7e:06:f4:86:64:c1:cd:29:f7:cf:1a:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 15 09:09:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ec173607b601e430006b272b2c71a43dfc271628
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:30:5b:ab:9d:d5:06:ae:d4:fb:b1:0c:9a:07:
                    12:ab:56:06:70:6c:f3:3b:a1:49:3d:ee:2e:68:2a:
                    02:4c:28:4e:42:a9:fc:97:b5:6b:3f:ba:83:cc:e0:
                    ae:03:09:75:63:7c:14:85:24:38:ad:d7:ed:28:da:
                    c2:7b:0f:26:ce:40:52:18:10:07:b4:59:98:a0:de:
                    b0:73:49:0e:07:64:6d:f5:de:6e:09:01:cf:af:07:
                    53:ed:e5:5c:69:20:f5:92:53:d3:2a:07:cb:94:d6:
                    d0:85:11:fc:42:93:eb:fd:ba:33:df:1e:e4:59:52:
                    d8:32:75:6b:c0:93:97:ec:48:fd:c4:6a:fd:e5:5e:
                    83:c8:44:d7:4d:5e:66:07:9b:b4:42:2b:08:72:11:
                    25:03:49:08:64:e6:78:db:fd:52:e6:46:57:f4:b1:
                    8e:7f:89:2d:40:70:9a:43:24:67:88:ba:c4:2a:84:
                    e4:c9:ad:70:86:e2:53:fd:f8:43:5c:b1:88:7c:a8:
                    70:11:dc:4e:63:fd:df:f9:b5:bc:d9:e6:55:fa:45:
                    72:62:5a:95:28:f1:50:79:c5:c0:e8:f7:0f:c2:c4:
                    91:00:94:8e:80:d5:bf:29:dc:5f:4a:dc:d0:73:81:
                    09:76:fc:83:91:3c:a5:04:82:22:e7:9b:bb:45:0a:
                    59:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:17:36:07:B6:01:E4:30:00:6B:27:2B:2C:71:A4:3D:FC:27:16:28
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/7Bc2B7YB5DAAaycrLHGkPfwnFig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a1:8a:84:ae:60:4d:e7:ff:02:cc:a3:4a:c4:48:a3:81:2b:af:
         16:f4:1f:8f:06:ee:17:2a:5c:91:9e:e4:57:78:79:b2:e1:b1:
         d3:fa:29:0f:04:c1:6d:64:db:9b:94:a5:90:46:a8:a2:9c:7e:
         d3:59:ca:5d:b5:50:06:00:8f:bd:83:d3:90:ef:b3:8c:9d:b9:
         5d:04:06:6f:99:38:db:3f:97:b1:70:80:a2:fe:eb:96:64:2c:
         3a:df:9c:d5:2c:f0:9a:d8:41:35:f7:77:d3:ae:a9:fc:bc:14:
         84:fc:39:88:cb:ed:9b:c7:e6:cc:1b:52:ca:de:05:49:d0:bd:
         b3:5f:b7:ce:df:a1:35:e3:f9:24:8d:7a:40:d9:4b:82:64:c4:
         9e:2d:73:cb:aa:95:59:b4:d5:00:c6:e0:0d:0b:4f:c2:9f:af:
         b4:87:7c:f2:e6:51:b9:86:5b:4f:4b:ff:41:73:a0:c6:f7:b4:
         34:5a:b5:25:50:71:b1:d8:d9:98:37:ac:82:52:52:5b:6a:ac:
         96:8d:ee:f7:14:85:0c:b6:52:42:27:ff:f9:c5:a0:f2:47:03:
         9d:b0:dc:54:14:10:a7:0d:a5:33:21:64:bf:da:15:44:ff:16:
         4c:d1:b7:47:d2:de:02:db:07:af:48:da:53:79:5e:b7:87:ff:
         75:c6:64:20
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYi+UMGNfgb0hmTBzSn3zxohMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjE1MDkwOTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzE3MzYwN2I2MDFlNDMwMDA2YjI3MmIyYzcxYTQzZGZjMjcxNjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoTBbq53VBq7U+7EMmgcSq1YGcGzz
O6FJPe4uaCoCTChOQqn8l7VrP7qDzOCuAwl1Y3wUhSQ4rdftKNrCew8mzkBSGBAH
tFmYoN6wc0kOB2Rt9d5uCQHPrwdT7eVcaSD1klPTKgfLlNbQhRH8QpPr/boz3x7k
WVLYMnVrwJOX7Ej9xGr95V6DyETXTV5mB5u0QisIchElA0kIZOZ42/1S5kZX9LGO
f4ktQHCaQyRniLrEKoTkya1whuJT/fhDXLGIfKhwEdxOY/3f+bW82eZV+kVyYlqV
KPFQecXA6PcPwsSRAJSOgNW/KdxfStzQc4EJdvyDkTylBIIi55u7RQpZTwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOwXNge2AeQwAGsnKyxxpD38JxYoMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvN0JjMkI3WUI1REFBYXljckxIR2tQZnduRmlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKGKhK5gTef/AsyjSsRI
o4Errxb0H48G7hcqXJGe5Fd4ebLhsdP6KQ8EwW1k25uUpZBGqKKcftNZyl21UAYA
j72D05Dvs4yduV0EBm+ZONs/l7FwgKL+65ZkLDrfnNUs8JrYQTX3d9Ouqfy8FIT8
OYjL7ZvH5swbUsreBUnQvbNft87foTXj+SSNekDZS4JkxJ4tc8uqlVm01QDG4A0L
T8Kfr7SHfPLmUbmGW09L/0FzoMb3tDRatSVQcbHY2Zg3rIJSUltqrJaN7vcUhQy2
UkIn//nFoPJHA52w3FQUEKcNpTMhZL/aFUT/FkzRt0fS3gLbB69I2lN5XreH/3XG
ZCA=
-----END CERTIFICATE-----