Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/7GqlejtVg7Slr9gAX5nMw22Vi8g.roa
File:                     7GqlejtVg7Slr9gAX5nMw22Vi8g.roa (raw, json)
Hash identifier:          b8EeIcztmKdjBZ3t5Rm61WPDi3v246fOCgXbGaMqJ0I=
Subject key identifier:   EC:6A:A5:7A:3B:55:83:B4:A5:AF:D8:00:5F:99:CC:C3:6D:95:8B:C8
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01877971EACDB90C647889C8EE898F37DF05
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/7GqlejtVg7Slr9gAX5nMw22Vi8g.roa
Signing time:             Thu 13 Apr 2023 07:08:41 +0000
ROA not before:           Thu 13 Apr 2023 07:08:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:79:71:ea:cd:b9:0c:64:78:89:c8:ee:89:8f:37:df:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 13 07:08:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ec6aa57a3b5583b4a5afd8005f99ccc36d958bc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:5f:cc:9a:62:55:85:2c:e7:ef:3a:90:7b:6e:
                    c2:6e:23:df:61:64:f4:6c:c7:f2:10:d7:de:12:58:
                    de:74:f0:e8:5b:98:86:9d:80:f3:cc:66:d3:9d:fd:
                    24:26:d3:4c:9f:82:5d:32:6a:d4:95:9b:0c:c0:b1:
                    fb:69:e8:c9:ee:26:8d:7a:39:06:19:a4:fd:e1:7c:
                    54:38:1c:fb:38:4c:62:6d:7f:7e:3e:71:e5:72:bc:
                    d0:42:71:29:d6:34:bb:bf:e3:86:6d:38:99:9a:2f:
                    28:9a:a9:32:e0:db:1f:04:96:e4:63:cc:cf:f5:02:
                    c5:9a:5d:03:ba:d8:d2:e2:5b:b7:55:59:62:56:00:
                    da:b2:6e:db:99:92:9b:1b:f0:71:cb:ae:94:b2:90:
                    17:2c:56:87:95:2f:6b:56:52:bf:b7:3e:cd:16:5e:
                    81:fc:a0:a1:70:a0:fb:32:eb:a0:dd:50:3f:3c:88:
                    9f:84:5c:fe:01:a8:cd:90:a2:cb:f9:15:70:ba:f2:
                    56:4c:8d:19:ca:54:e9:55:bc:1b:cb:2d:d9:49:a4:
                    9d:b1:5f:c3:bc:55:07:d4:ee:5c:f4:ae:49:9e:e7:
                    de:e3:44:e6:eb:23:72:ac:fe:2b:4b:b0:2b:5e:50:
                    c6:e0:a9:75:2b:6a:60:6a:40:31:18:c5:1b:d4:fe:
                    ba:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:6A:A5:7A:3B:55:83:B4:A5:AF:D8:00:5F:99:CC:C3:6D:95:8B:C8
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/7GqlejtVg7Slr9gAX5nMw22Vi8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:3b:92:76:70:96:fa:fa:04:4c:f1:39:bf:98:a9:fe:6f:dd:
         d4:1b:7e:27:a8:b0:b7:ae:15:3d:a0:7c:05:a5:96:62:42:61:
         f7:21:67:b5:d8:f7:ec:29:dd:5c:d3:85:8d:ee:41:86:e5:c3:
         b7:94:7b:e8:10:84:ae:93:90:53:58:c2:dc:2a:20:38:3b:96:
         34:51:52:33:85:cb:1b:6e:52:ff:e5:87:7d:7a:5d:62:38:b8:
         5e:ce:c9:5e:de:f1:38:c5:de:ef:44:f2:62:c0:83:19:f2:2f:
         c8:fd:fd:f2:1f:d4:85:38:29:59:bb:60:53:eb:a1:63:e0:5f:
         75:8c:d9:09:a5:96:f1:87:0e:86:d9:bc:ef:c7:09:4d:ef:06:
         a9:ad:64:ea:52:ba:41:98:84:2d:72:d4:02:87:bc:1d:bd:48:
         95:11:e7:6f:58:1c:80:86:ea:ae:8a:ea:03:97:e9:85:25:78:
         05:cc:be:1e:4e:74:56:92:f2:d7:80:81:59:36:65:c7:96:21:
         79:71:f4:bb:2b:d2:3b:61:85:d8:51:d2:e7:fb:94:6c:37:2d:
         29:d5:2f:99:d6:07:7c:35:8f:e8:52:f6:ed:eb:43:f5:a1:b8:
         ee:b0:8a:84:ed:2a:89:0a:e1:cc:d7:9a:c7:38:b8:99:06:cc:
         af:4e:b9:31
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYd5cerNuQxkeInI7omPN98FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDEzMDcwODQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzZhYTU3YTNiNTU4M2I0YTVhZmQ4MDA1Zjk5Y2NjMzZkOTU4YmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqV/MmmJVhSzn7zqQe27CbiPfYWT0
bMfyENfeEljedPDoW5iGnYDzzGbTnf0kJtNMn4JdMmrUlZsMwLH7aejJ7iaNejkG
GaT94XxUOBz7OExibX9+PnHlcrzQQnEp1jS7v+OGbTiZmi8omqky4NsfBJbkY8zP
9QLFml0DutjS4lu3VVliVgDasm7bmZKbG/Bxy66UspAXLFaHlS9rVlK/tz7NFl6B
/KChcKD7Muug3VA/PIifhFz+AajNkKLL+RVwuvJWTI0ZylTpVbwbyy3ZSaSdsV/D
vFUH1O5c9K5Jnufe40Tm6yNyrP4rS7ArXlDG4Kl1K2pgakAxGMUb1P667wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOxqpXo7VYO0pa/YAF+ZzMNtlYvIMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvN0dxbGVqdFZnN1NscjlnQVg1bk13MjJWaThnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAG07knZwlvr6BEzxOb+Y
qf5v3dQbfieosLeuFT2gfAWllmJCYfchZ7XY9+wp3VzThY3uQYblw7eUe+gQhK6T
kFNYwtwqIDg7ljRRUjOFyxtuUv/lh316XWI4uF7OyV7e8TjF3u9E8mLAgxnyL8j9
/fIf1IU4KVm7YFProWPgX3WM2QmllvGHDobZvO/HCU3vBqmtZOpSukGYhC1y1AKH
vB29SJUR529YHICG6q6K6gOX6YUleAXMvh5OdFaS8teAgVk2ZceWIXlx9Lsr0jth
hdhR0uf7lGw3LSnVL5nWB3w1j+hS9u3rQ/WhuO6wioTtKokK4czXmsc4uJkGzK9O
uTE=
-----END CERTIFICATE-----