Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/esjjBZL-d34RXKZwNRMIVyB90dg.roa
File:                     esjjBZL-d34RXKZwNRMIVyB90dg.roa (raw, json)
Hash identifier:          BidTWRFgsmY2DNCsvYfOj98Er/H3Phbct8mJdvcf95I=
Subject key identifier:   7A:C8:E3:05:92:FE:77:7E:11:5C:A6:70:35:13:08:57:20:7D:D1:D8
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01887939217C337141A330D7A709CE76BAA8
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/esjjBZL-d34RXKZwNRMIVyB90dg.roa
Signing time:             Thu 01 Jun 2023 23:09:27 +0000
ROA not before:           Thu 01 Jun 2023 23:09:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:79:39:21:7c:33:71:41:a3:30:d7:a7:09:ce:76:ba:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  1 23:09:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7ac8e30592fe777e115ca67035130857207dd1d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:19:15:5b:71:88:5c:72:a3:17:65:95:59:39:
                    61:42:68:9d:7c:18:22:94:87:35:af:83:81:f8:c9:
                    be:d6:c4:d4:31:6b:23:41:36:d8:43:1a:14:35:47:
                    f0:b2:37:ad:35:1e:ca:e5:ce:a8:c2:e7:0a:3a:06:
                    43:42:a4:94:53:28:90:c1:b9:46:c3:d1:96:39:f7:
                    63:d6:03:a9:fb:22:ac:d7:6f:60:7d:7e:d5:b3:04:
                    21:db:34:4b:fb:8d:ac:87:81:47:e2:6f:ad:65:61:
                    c3:8e:2d:85:cc:ab:22:6b:35:a1:33:2f:b9:ff:da:
                    c3:8b:dd:4a:9b:6a:5f:2c:c0:21:9c:8f:08:d2:e2:
                    80:03:39:a6:81:3b:5d:d5:91:84:3f:ad:1c:e6:8f:
                    e6:5a:62:1b:9e:39:b0:bf:2a:ba:f2:7e:1d:ea:2b:
                    d2:a2:c9:56:82:ee:75:61:e7:71:ed:a5:70:16:8a:
                    8f:09:74:f0:17:2e:bb:fe:a6:cd:b4:1c:e9:3c:22:
                    aa:43:56:aa:4e:4a:54:e6:7e:e0:cc:93:ec:60:4a:
                    ff:23:85:08:be:42:1f:e6:4e:a9:aa:9d:f8:c3:58:
                    8b:52:3b:c8:4c:8f:2f:52:b6:2b:74:ec:f2:67:9d:
                    20:ae:a4:d9:6b:c9:73:48:8e:84:f0:cb:09:7c:36:
                    ad:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:C8:E3:05:92:FE:77:7E:11:5C:A6:70:35:13:08:57:20:7D:D1:D8
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/esjjBZL-d34RXKZwNRMIVyB90dg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         49:07:70:3c:47:3b:56:d6:86:e3:39:38:f2:c1:ef:3c:54:e8:
         1d:89:8a:5b:09:8f:f7:df:6a:86:35:8d:9c:0c:a6:49:88:7e:
         e5:6f:df:58:ff:f6:0e:c7:c2:53:f4:b4:8d:73:8c:63:d5:74:
         e9:9f:08:d4:20:b9:f3:69:71:c9:cf:d0:12:3f:65:5a:23:2b:
         f8:c6:c9:ca:94:3b:13:0b:8a:2c:44:45:1a:6a:71:5f:33:22:
         de:48:75:3b:9a:32:ce:8a:4c:f0:aa:47:4c:60:bd:b9:f3:6c:
         d8:7e:ba:a3:12:ae:c6:cd:24:a2:6b:cd:f4:71:b1:1a:07:0a:
         54:00:d2:96:fa:51:2c:45:5d:d0:b6:0e:13:00:3f:f1:c5:80:
         b2:d8:ee:f4:6f:43:ea:6b:f7:e5:a1:1c:aa:09:0c:59:d3:d5:
         43:27:33:66:61:58:18:fe:13:e3:65:7d:b7:a5:f9:74:e2:c2:
         c2:32:16:d7:65:3c:4f:dc:eb:15:a1:29:04:e0:52:b9:80:86:
         7a:0c:d5:8c:cd:26:f0:2c:c7:13:b8:a6:cb:f4:c0:a2:3f:87:
         4e:93:c2:76:32:ae:e6:d0:92:44:91:0c:bf:c5:8a:f1:4f:5f:
         a4:67:33:bc:ce:74:b0:4b:4f:52:91:76:68:ea:17:ca:4c:a6:
         7f:13:bd:96
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYh5OSF8M3FBozDXpwnOdrqoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjAxMjMwOTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWM4ZTMwNTkyZmU3NzdlMTE1Y2E2NzAzNTEzMDg1NzIwN2RkMWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxkVW3GIXHKjF2WVWTlhQmidfBgi
lIc1r4OB+Mm+1sTUMWsjQTbYQxoUNUfwsjetNR7K5c6owucKOgZDQqSUUyiQwblG
w9GWOfdj1gOp+yKs129gfX7VswQh2zRL+42sh4FH4m+tZWHDji2FzKsiazWhMy+5
/9rDi91Km2pfLMAhnI8I0uKAAzmmgTtd1ZGEP60c5o/mWmIbnjmwvyq68n4d6ivS
oslWgu51Yedx7aVwFoqPCXTwFy67/qbNtBzpPCKqQ1aqTkpU5n7gzJPsYEr/I4UI
vkIf5k6pqp34w1iLUjvITI8vUrYrdOzyZ50grqTZa8lzSI6E8MsJfDatcwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHrI4wWS/nd+EVymcDUTCFcgfdHYMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvZXNqakJaTC1kMzRSWEtad05STUlWeUI5MGRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEkHcDxHO1bWhuM5OPLB
7zxU6B2JilsJj/ffaoY1jZwMpkmIfuVv31j/9g7HwlP0tI1zjGPVdOmfCNQgufNp
ccnP0BI/ZVojK/jGycqUOxMLiixERRpqcV8zIt5IdTuaMs6KTPCqR0xgvbnzbNh+
uqMSrsbNJKJrzfRxsRoHClQA0pb6USxFXdC2DhMAP/HFgLLY7vRvQ+pr9+WhHKoJ
DFnT1UMnM2ZhWBj+E+Nlfbel+XTiwsIyFtdlPE/c6xWhKQTgUrmAhnoM1YzNJvAs
xxO4psv0wKI/h06TwnYyrubQkkSRDL/FivFPX6RnM7zOdLBLT1KRdmjqF8pMpn8T
vZY=
-----END CERTIFICATE-----