Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/7jOFrxJdb2iKx54z9KKbxzeNwWg.roa
File:                     7jOFrxJdb2iKx54z9KKbxzeNwWg.roa (raw, json)
Hash identifier:          1qitPbQ7RqE0hfWoUnpnhPtyrnoc9WZ7VmIWTjq8Y/o=
Subject key identifier:   EE:33:85:AF:12:5D:6F:68:8A:C7:9E:33:F4:A2:9B:C7:37:8D:C1:68
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018825F2ECDE030E875BF4EC1C84E1208B3C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/7jOFrxJdb2iKx54z9KKbxzeNwWg.roa
Signing time:             Tue 16 May 2023 19:04:17 +0000
ROA not before:           Tue 16 May 2023 19:04:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:188:25f2:d869/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:25:f2:ec:de:03:0e:87:5b:f4:ec:1c:84:e1:20:8b:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 16 19:04:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ee3385af125d6f688ac79e33f4a29bc7378dc168
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:03:b4:09:12:cc:16:df:19:c9:d0:a2:ba:76:
                    45:d1:e3:b0:dd:7f:cf:2c:9d:f1:7a:3b:99:1a:34:
                    ab:a0:b5:38:ab:b1:b5:3c:63:8d:34:70:04:d3:fa:
                    b6:4b:78:72:33:f7:91:90:aa:36:f4:2f:3d:8f:58:
                    cb:2f:04:82:32:94:b8:4e:14:9c:02:d8:21:3c:57:
                    b5:2c:20:f6:f6:2c:b7:f4:cc:88:4a:84:b5:ad:f0:
                    e3:75:a6:3d:68:88:8f:3e:8b:e7:4b:61:16:8c:3a:
                    16:02:07:08:8c:99:a3:39:a1:2d:e8:46:6a:ef:fe:
                    ea:39:c3:63:b8:78:02:d6:23:7e:57:8c:81:98:a3:
                    5b:f2:c1:35:e0:0b:45:a4:49:7e:bb:4f:cf:c0:16:
                    9b:e2:3d:a6:27:70:17:95:d6:41:b7:f0:74:db:5f:
                    bc:b7:c9:c0:b4:a4:e0:b2:4e:f0:1c:56:29:6a:0d:
                    74:a6:9a:95:25:66:42:59:2a:84:5f:ad:25:6c:68:
                    2a:d1:f4:4d:34:13:c5:ec:64:ed:e4:63:f2:32:fb:
                    2a:fb:b1:92:b6:d1:49:46:3c:3e:f5:7a:eb:12:4a:
                    eb:b5:16:bb:ff:fd:40:27:3a:66:fd:c9:d8:11:07:
                    a9:b9:c4:6c:7a:2b:0d:ce:58:7a:ce:88:09:28:e8:
                    8e:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:33:85:AF:12:5D:6F:68:8A:C7:9E:33:F4:A2:9B:C7:37:8D:C1:68
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/7jOFrxJdb2iKx54z9KKbxzeNwWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a3:72:29:a4:51:77:77:a3:12:ea:61:de:58:06:49:e3:bd:1a:
         51:c4:67:ef:46:4c:d7:ad:fc:4b:87:25:9f:37:95:41:77:54:
         a4:81:09:51:2b:9d:9e:44:fb:24:a6:20:5e:c9:73:b6:e6:4b:
         b4:db:b7:74:56:26:a6:b1:c7:6e:3d:b1:3d:30:df:24:22:ba:
         3c:18:63:e1:13:45:29:c6:b1:cd:3b:e7:07:02:33:f1:de:9d:
         a2:fa:f3:a9:51:fb:cb:38:b0:61:7a:c1:d2:2f:f5:93:fb:9c:
         40:10:2c:c4:df:ca:5f:2f:43:d5:16:6f:f4:19:78:b6:c2:7c:
         c8:fc:1d:6b:33:6c:90:26:80:0c:d1:5a:da:d2:67:ab:76:82:
         cc:b0:6e:d4:7b:1f:be:bb:22:a9:74:a3:b5:ae:d6:80:85:67:
         53:b4:c2:01:3d:17:c1:cf:38:a6:99:72:26:fe:19:96:ed:6d:
         ca:37:71:ce:14:18:86:ce:05:2a:ac:52:dc:a0:e0:94:4a:fc:
         73:cd:07:9e:57:33:69:11:ed:bb:86:b5:32:3e:90:b7:72:18:
         1b:4d:ea:61:54:d9:1d:be:d0:45:ad:a0:7b:5d:16:bc:8d:db:
         01:e2:07:11:d9:bf:a5:84:44:d4:96:fb:ea:ab:93:46:0d:25:
         15:ed:2e:bb
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgl8uzeAw6HW/TsHIThIIs8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTE2MTkwNDE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTMzODVhZjEyNWQ2ZjY4OGFjNzllMzNmNGEyOWJjNzM3OGRjMTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhgO0CRLMFt8ZydCiunZF0eOw3X/P
LJ3xejuZGjSroLU4q7G1PGONNHAE0/q2S3hyM/eRkKo29C89j1jLLwSCMpS4ThSc
AtghPFe1LCD29iy39MyISoS1rfDjdaY9aIiPPovnS2EWjDoWAgcIjJmjOaEt6EZq
7/7qOcNjuHgC1iN+V4yBmKNb8sE14AtFpEl+u0/PwBab4j2mJ3AXldZBt/B021+8
t8nAtKTgsk7wHFYpag10ppqVJWZCWSqEX60lbGgq0fRNNBPF7GTt5GPyMvsq+7GS
ttFJRjw+9XrrEkrrtRa7//1AJzpm/cnYEQepucRseisNzlh6zogJKOiOkwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFO4zha8SXW9oiseeM/Sim8c3jcFoMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvN2pPRnJ4SmRiMmlLeDU0ejlLS2J4emVOd1dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKNyKaRRd3ejEuph3lgG
SeO9GlHEZ+9GTNet/EuHJZ83lUF3VKSBCVErnZ5E+ySmIF7Jc7bmS7Tbt3RWJqax
x249sT0w3yQiujwYY+ETRSnGsc075wcCM/HenaL686lR+8s4sGF6wdIv9ZP7nEAQ
LMTfyl8vQ9UWb/QZeLbCfMj8HWszbJAmgAzRWtrSZ6t2gsywbtR7H767Iql0o7Wu
1oCFZ1O0wgE9F8HPOKaZcib+GZbtbco3cc4UGIbOBSqsUtyg4JRK/HPNB55XM2kR
7buGtTI+kLdyGBtN6mFU2R2+0EWtoHtdFryN2wHiBxHZv6WERNSW++qrk0YNJRXt
Lrs=
-----END CERTIFICATE-----