Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/W7QNMMHC5uhghkXtC-jHugODGdw.roa
File:                     W7QNMMHC5uhghkXtC-jHugODGdw.roa (raw, json)
Hash identifier:          CLD2iI1uJPhLNeHon1ZXLVl3BJ1vHMS0zsdVeK431s0=
Subject key identifier:   5B:B4:0D:30:C1:C2:E6:E8:60:86:45:ED:0B:E8:C7:BA:03:83:19:DC
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01898CBF30C0AC5F1A1113796F9809FAD2B4
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/W7QNMMHC5uhghkXtC-jHugODGdw.roa
Signing time:             Tue 25 Jul 2023 11:11:27 +0000
ROA not before:           Tue 25 Jul 2023 11:11:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:8c:bf:30:c0:ac:5f:1a:11:13:79:6f:98:09:fa:d2:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 25 11:11:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5bb40d30c1c2e6e8608645ed0be8c7ba038319dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:a9:4b:3e:d6:62:db:fb:25:b4:a9:b9:7b:d6:
                    59:1a:58:a2:b9:6b:20:88:5e:ef:49:d0:c3:12:8b:
                    3b:80:98:29:2c:27:dd:69:b1:b6:1c:dd:f3:f0:2e:
                    c3:3d:17:ae:7d:80:d2:bf:c2:2a:f8:9d:dd:c9:45:
                    c1:57:a7:a2:53:d9:26:08:ec:31:f9:aa:c1:f4:b0:
                    04:e0:80:05:98:4d:c5:08:6b:b4:b7:64:a0:60:70:
                    49:49:4f:61:ad:38:f0:f0:42:68:79:19:37:61:44:
                    8d:81:8e:b1:82:05:53:79:98:ae:ba:e9:31:a2:2a:
                    e6:09:90:e6:40:12:35:00:6c:56:58:5a:d8:a5:35:
                    9a:4f:6e:fb:dc:72:88:03:d0:07:22:9e:6f:6c:8c:
                    16:8d:b0:4c:e6:fd:1d:45:2a:19:9a:b5:b6:e3:6d:
                    1c:ae:77:ac:3a:94:cd:5f:ab:29:9f:39:b8:15:e1:
                    4a:a7:da:2f:3a:9a:d0:0e:bd:46:a2:81:13:b6:81:
                    41:83:ed:5e:4e:d8:3b:00:b0:25:40:e6:da:73:5c:
                    07:b9:b5:7b:37:33:db:a6:8b:bd:03:59:42:41:ed:
                    7c:4d:ae:75:0a:c7:f5:7d:42:80:39:59:a1:e2:b8:
                    77:87:bf:21:cb:15:d6:2d:47:b0:89:9e:9c:b8:3d:
                    d0:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:B4:0D:30:C1:C2:E6:E8:60:86:45:ED:0B:E8:C7:BA:03:83:19:DC
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/W7QNMMHC5uhghkXtC-jHugODGdw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         9d:6e:9a:d7:46:ed:5c:7e:05:c6:04:81:ff:0b:6a:b2:28:70:
         81:d3:74:0e:f3:12:cf:dd:d7:d5:e7:e7:ec:b0:4f:25:ad:0a:
         8c:04:8c:f8:4d:0a:79:10:d0:f5:1a:ae:ab:26:eb:7f:57:aa:
         88:dc:bd:b3:a0:de:3e:f0:f8:4f:0e:4a:a0:13:63:cf:18:5c:
         38:d7:06:a3:23:b7:df:4d:f3:33:fe:16:2f:6e:ac:3c:97:7f:
         d7:b2:fd:a2:19:53:6d:b5:43:3d:ec:84:55:2e:73:e7:7a:aa:
         84:72:99:63:34:57:8d:d3:b1:e1:4a:f1:29:db:46:24:85:ab:
         57:13:98:09:6d:1b:4e:79:53:d5:19:9d:f2:9e:6a:0f:d6:c3:
         43:63:56:70:fb:28:9a:4c:f1:a2:08:a0:80:87:60:fb:77:50:
         1f:fb:15:62:20:4c:e6:ee:e3:ec:ff:42:d4:eb:3e:d2:fa:e2:
         8c:03:e3:f8:e2:26:cc:ef:86:d7:28:54:94:f5:57:f4:89:3e:
         7a:c9:a8:05:a2:c3:e8:e9:16:92:fc:ab:b7:30:95:55:ec:5a:
         01:1b:ca:9e:b3:72:10:3c:c0:51:d9:25:57:c8:4f:1e:56:ec:
         46:98:6f:46:67:37:88:7f:13:ba:64:06:9c:a9:29:df:fd:a4:
         df:30:bc:20
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYmMvzDArF8aERN5b5gJ+tK0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzI1MTExMTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmI0MGQzMGMxYzJlNmU4NjA4NjQ1ZWQwYmU4YzdiYTAzODMxOWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1KlLPtZi2/sltKm5e9ZZGliiuWsg
iF7vSdDDEos7gJgpLCfdabG2HN3z8C7DPReufYDSv8Iq+J3dyUXBV6eiU9kmCOwx
+arB9LAE4IAFmE3FCGu0t2SgYHBJSU9hrTjw8EJoeRk3YUSNgY6xggVTeZiuuukx
oirmCZDmQBI1AGxWWFrYpTWaT2773HKIA9AHIp5vbIwWjbBM5v0dRSoZmrW2420c
rnesOpTNX6spnzm4FeFKp9ovOprQDr1GooETtoFBg+1eTtg7ALAlQObac1wHubV7
NzPbpou9A1lCQe18Ta51Csf1fUKAOVmh4rh3h78hyxXWLUewiZ6cuD3QWwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFu0DTDBwuboYIZF7Qvox7oDgxncMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvVzdRTk1NSEM1dWhnaGtYdEMtakh1Z09ER2R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJ1umtdG7Vx+BcYEgf8L
arIocIHTdA7zEs/d19Xn5+ywTyWtCowEjPhNCnkQ0PUarqsm639XqojcvbOg3j7w
+E8OSqATY88YXDjXBqMjt99N8zP+Fi9urDyXf9ey/aIZU221Qz3shFUuc+d6qoRy
mWM0V43TseFK8SnbRiSFq1cTmAltG055U9UZnfKeag/Ww0NjVnD7KJpM8aIIoICH
YPt3UB/7FWIgTObu4+z/QtTrPtL64owD4/jiJszvhtcoVJT1V/SJPnrJqAWiw+jp
FpL8q7cwlVXsWgEbyp6zchA8wFHZJVfITx5W7EaYb0ZnN4h/E7pkBpypKd/9pN8w
vCA=
-----END CERTIFICATE-----