Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/7vOXMI00V4RYSix_XnMWyoYom_Y.roa
File:                     7vOXMI00V4RYSix_XnMWyoYom_Y.roa (raw, json)
Hash identifier:          3U98gDBbPlVSsaoYKMH6zVjDJu+26Ia13ecnvdRN05I=
Subject key identifier:   EE:F3:97:30:8D:34:57:84:58:4A:2C:7F:5E:73:16:CA:86:28:9B:F6
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01871080C36301A221C88C40F34794EF7472
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/7vOXMI00V4RYSix_XnMWyoYom_Y.roa
Signing time:             Thu 23 Mar 2023 22:04:46 +0000
ROA not before:           Thu 23 Mar 2023 22:04:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:187:1080:4d76/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:10:80:c3:63:01:a2:21:c8:8c:40:f3:47:94:ef:74:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 23 22:04:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=eef397308d345784584a2c7f5e7316ca86289bf6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f0:c2:d2:f6:bd:e1:8c:82:20:98:97:66:07:
                    1e:46:a8:9a:9a:3f:a4:b8:3d:68:2e:de:7a:f7:f4:
                    1a:94:a7:d1:9a:27:53:8c:dd:bc:eb:a7:13:a4:d3:
                    d9:41:88:38:bd:43:ac:cd:88:fb:42:4c:c5:00:d8:
                    40:a4:d1:b9:24:43:cf:21:e0:69:01:01:b1:b2:df:
                    33:ba:b3:3a:16:b7:08:fc:80:9f:2a:10:48:72:68:
                    e1:3d:44:ba:ca:02:29:d6:27:58:92:50:77:37:01:
                    34:5a:50:74:e9:af:72:1f:08:ca:fb:5b:e3:09:d3:
                    d1:85:0d:ec:f4:cb:4a:a7:8c:db:4a:74:5a:02:ca:
                    3f:56:04:03:5e:ab:93:aa:0f:35:19:6f:40:da:e3:
                    97:a2:66:c4:a5:e7:4c:53:a1:b3:9c:72:9d:fe:84:
                    e6:27:72:60:7d:81:13:5c:7e:04:79:cd:b6:d3:b9:
                    3e:02:55:8f:f9:e7:2f:73:76:3d:c0:e3:94:88:09:
                    9d:17:b0:0d:cd:82:8e:eb:c9:1f:6c:a2:0f:19:91:
                    24:82:91:22:f0:f0:1b:60:e9:fd:0e:27:d8:97:99:
                    98:58:b0:49:cd:51:82:01:69:e4:f1:72:fb:4a:b3:
                    34:2e:b0:25:45:f6:c7:52:6c:68:29:8f:48:54:22:
                    df:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:F3:97:30:8D:34:57:84:58:4A:2C:7F:5E:73:16:CA:86:28:9B:F6
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/7vOXMI00V4RYSix_XnMWyoYom_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         7e:3f:8d:61:b9:72:ff:e4:d7:40:27:b3:b8:d2:6b:ec:91:02:
         52:41:9b:8e:8d:20:c2:0e:2a:d1:69:d9:dd:0c:2d:b4:b6:0c:
         25:1c:d6:23:8c:d1:43:c5:db:85:e3:49:a4:87:b5:cd:7e:80:
         9f:ac:e5:33:bb:60:04:e8:b7:8f:18:ea:48:ef:8c:96:17:1d:
         e0:bd:32:44:2c:ed:e7:63:6f:49:ec:30:a6:df:9c:28:ac:0e:
         86:0f:bd:bf:3f:9e:21:87:fa:f1:61:7e:02:df:dc:34:8d:e9:
         66:6e:09:22:36:3e:5c:20:5c:d1:e9:f5:c0:9d:8f:56:44:37:
         36:b9:7e:5c:9e:e7:a5:d6:44:b8:9c:45:2f:b0:c3:a6:8f:27:
         8f:b7:78:5f:36:3d:ea:35:11:17:f5:1b:3b:08:91:67:8a:f3:
         91:46:44:0d:3d:4a:08:77:96:ba:fa:39:90:b5:85:91:dc:3d:
         01:3b:14:ad:f2:4b:31:fa:47:67:70:47:01:1e:cc:8e:83:de:
         a2:99:9e:1e:61:55:d6:9b:5a:0d:a2:a5:79:4e:73:2d:aa:f8:
         ad:38:10:66:bb:10:3c:ba:d1:a5:ff:84:4e:eb:3b:65:77:ab:
         dc:6c:08:5e:6c:cd:10:d1:ca:04:90:10:c9:62:a3:4c:f7:3a:
         0f:29:29:68
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcQgMNjAaIhyIxA80eU73RyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzIzMjIwNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWYzOTczMDhkMzQ1Nzg0NTg0YTJjN2Y1ZTczMTZjYTg2Mjg5YmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvDC0va94YyCIJiXZgceRqiamj+k
uD1oLt569/QalKfRmidTjN2866cTpNPZQYg4vUOszYj7QkzFANhApNG5JEPPIeBp
AQGxst8zurM6FrcI/ICfKhBIcmjhPUS6ygIp1idYklB3NwE0WlB06a9yHwjK+1vj
CdPRhQ3s9MtKp4zbSnRaAso/VgQDXquTqg81GW9A2uOXombEpedMU6GznHKd/oTm
J3JgfYETXH4Eec2207k+AlWP+ecvc3Y9wOOUiAmdF7ANzYKO68kfbKIPGZEkgpEi
8PAbYOn9DifYl5mYWLBJzVGCAWnk8XL7SrM0LrAlRfbHUmxoKY9IVCLfCwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFO7zlzCNNFeEWEosf15zFsqGKJv2MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvN3ZPWE1JMDBWNFJZU2l4X1huTVd5b1lvbV9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAH4/jWG5cv/k10Ans7jS
a+yRAlJBm46NIMIOKtFp2d0MLbS2DCUc1iOM0UPF24XjSaSHtc1+gJ+s5TO7YATo
t48Y6kjvjJYXHeC9MkQs7edjb0nsMKbfnCisDoYPvb8/niGH+vFhfgLf3DSN6WZu
CSI2PlwgXNHp9cCdj1ZENza5flye56XWRLicRS+ww6aPJ4+3eF82Peo1ERf1GzsI
kWeK85FGRA09Sgh3lrr6OZC1hZHcPQE7FK3ySzH6R2dwRwEezI6D3qKZnh5hVdab
Wg2ipXlOcy2q+K04EGa7EDy60aX/hE7rO2V3q9xsCF5szRDRygSQEMlio0z3Og8p
KWg=
-----END CERTIFICATE-----