Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/7XdKnMNr1_fIQzdj4Sytuvgf6tM.roa
File:                     7XdKnMNr1_fIQzdj4Sytuvgf6tM.roa (raw, json)
Hash identifier:          vFnllc2KKatQjV02ZJxjX6FBUt9FAb7slyBfLaBIvsE=
Subject key identifier:   ED:77:4A:9C:C3:6B:D7:F7:C8:43:37:63:E1:2C:AD:BA:F8:1F:EA:D3
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01893756ECDAF8973BC92F5B2F7D316A218A
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/7XdKnMNr1_fIQzdj4Sytuvgf6tM.roa
Signing time:             Sat 08 Jul 2023 21:09:50 +0000
ROA not before:           Sat 08 Jul 2023 21:09:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:37:56:ec:da:f8:97:3b:c9:2f:5b:2f:7d:31:6a:21:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul  8 21:09:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ed774a9cc36bd7f7c8433763e12cadbaf81fead3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:e4:12:85:97:0c:08:7a:2d:3a:6c:cb:4b:82:
                    56:6c:68:7a:1f:17:f8:ab:f3:db:fa:82:f3:ff:f5:
                    30:c0:50:46:cc:f0:28:97:10:04:fe:2d:de:6e:84:
                    c7:04:ed:d7:64:d4:4f:f1:00:d0:56:c5:e9:cc:81:
                    2c:e5:39:61:1a:61:7d:3b:70:21:45:b0:0f:bb:d0:
                    7f:8d:af:5d:f7:27:87:fb:0e:8a:18:39:0e:bf:19:
                    af:33:d1:83:7a:4f:63:d5:fa:89:fb:e9:6f:e5:bf:
                    ed:bd:bd:ef:f9:a6:61:de:22:a6:4b:af:4d:8b:7c:
                    92:e5:2a:79:16:32:ea:f7:24:b7:c0:77:9e:9d:f5:
                    ce:b6:82:b7:d0:42:68:60:89:b6:6f:02:dc:f4:11:
                    39:77:e0:62:19:77:ba:67:3d:ca:ca:ef:eb:b8:3f:
                    9c:c1:27:1f:c6:65:b7:61:d7:9c:e3:a5:39:27:1e:
                    16:82:61:d8:cb:f1:d1:66:2c:dd:d5:8c:c0:7d:47:
                    40:35:8e:09:b4:02:fd:ad:1c:9d:4f:23:05:fd:c0:
                    c0:8a:83:e8:e5:61:13:77:13:b1:e7:47:bc:db:38:
                    f9:80:a2:3a:68:73:15:0f:10:a6:75:71:e6:67:59:
                    16:4c:b7:33:24:7c:69:8f:b7:ed:1f:32:27:88:b1:
                    49:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:77:4A:9C:C3:6B:D7:F7:C8:43:37:63:E1:2C:AD:BA:F8:1F:EA:D3
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/7XdKnMNr1_fIQzdj4Sytuvgf6tM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         58:47:24:2a:d6:74:ac:d4:59:b5:3a:0e:d7:90:b1:2e:b3:2a:
         f3:40:0c:6c:57:0f:1b:6a:bc:ec:c7:9a:68:d6:4f:d7:ee:c5:
         8d:09:d2:49:4e:c5:b4:62:be:a0:c6:b9:43:c1:e2:a9:dd:48:
         af:03:d0:b6:37:30:e5:79:c4:80:2a:db:65:43:0f:5c:13:a7:
         e2:67:0b:b0:b3:ac:31:dd:47:77:ad:e4:d2:32:a5:4e:29:57:
         15:03:d2:c7:a7:4c:57:84:03:49:d8:85:2e:17:fa:38:b5:35:
         ee:6a:11:e5:1c:bc:79:61:d5:db:5f:42:59:65:d8:b1:70:4e:
         11:3f:6f:2a:05:c5:43:4c:15:41:1e:7d:a3:72:05:96:a3:dc:
         ff:43:7b:d0:c2:68:1a:20:c0:bd:7a:81:d0:7c:d0:2f:fd:e1:
         3e:58:a4:d1:53:c7:83:e3:52:1f:02:4c:24:b5:b1:d8:82:6d:
         b2:f3:3b:c1:cc:88:2a:98:9f:70:99:a5:a4:cd:60:36:3e:e3:
         34:2a:00:00:79:76:17:df:77:ab:5d:c5:b3:b7:93:19:83:8b:
         91:69:64:91:08:54:8e:f3:52:b0:d3:c4:54:17:ba:3f:63:26:
         e9:82:24:b3:74:59:2a:67:9a:7f:0f:c4:99:33:73:10:23:28:
         ed:2b:31:53
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYk3Vuza+Jc7yS9bL30xaiGKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzA4MjEwOTUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDc3NGE5Y2MzNmJkN2Y3Yzg0MzM3NjNlMTJjYWRiYWY4MWZlYWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkeQShZcMCHotOmzLS4JWbGh6Hxf4
q/Pb+oLz//UwwFBGzPAolxAE/i3eboTHBO3XZNRP8QDQVsXpzIEs5TlhGmF9O3Ah
RbAPu9B/ja9d9yeH+w6KGDkOvxmvM9GDek9j1fqJ++lv5b/tvb3v+aZh3iKmS69N
i3yS5Sp5FjLq9yS3wHeenfXOtoK30EJoYIm2bwLc9BE5d+BiGXe6Zz3Kyu/ruD+c
wScfxmW3Ydec46U5Jx4WgmHYy/HRZizd1YzAfUdANY4JtAL9rRydTyMF/cDAioPo
5WETdxOx50e82zj5gKI6aHMVDxCmdXHmZ1kWTLczJHxpj7ftHzIniLFJvQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFO13SpzDa9f3yEM3Y+Esrbr4H+rTMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvN1hkS25NTnIxX2ZJUXpkajRTeXR1dmdmNnRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFhHJCrWdKzUWbU6DteQ
sS6zKvNADGxXDxtqvOzHmmjWT9fuxY0J0klOxbRivqDGuUPB4qndSK8D0LY3MOV5
xIAq22VDD1wTp+JnC7CzrDHdR3et5NIypU4pVxUD0senTFeEA0nYhS4X+ji1Ne5q
EeUcvHlh1dtfQlll2LFwThE/byoFxUNMFUEefaNyBZaj3P9De9DCaBogwL16gdB8
0C/94T5YpNFTx4PjUh8CTCS1sdiCbbLzO8HMiCqYn3CZpaTNYDY+4zQqAAB5dhff
d6tdxbO3kxmDi5FpZJEIVI7zUrDTxFQXuj9jJumCJLN0WSpnmn8PxJkzcxAjKO0r
MVM=
-----END CERTIFICATE-----