Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/h7iQZgili-26m-3Pd6VWfRtk-mY.roa
File:                     h7iQZgili-26m-3Pd6VWfRtk-mY.roa (raw, json)
Hash identifier:          sZ1l1NeawBvM460LSzs8I3/ewUsMMI8TQ8xNvnE4IhQ=
Subject key identifier:   87:B8:90:66:08:A5:8B:ED:BA:9B:ED:CF:77:A5:56:7D:1B:64:FA:66
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01887781B51D6696B504DBBD734D1B38B313
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/h7iQZgili-26m-3Pd6VWfRtk-mY.roa
Signing time:             Thu 01 Jun 2023 15:09:29 +0000
ROA not before:           Thu 01 Jun 2023 15:09:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:77:81:b5:1d:66:96:b5:04:db:bd:73:4d:1b:38:b3:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  1 15:09:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=87b8906608a58bedba9bedcf77a5567d1b64fa66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:db:09:bb:38:fb:a1:f9:78:f5:2f:75:4b:66:
                    a5:25:8d:91:ca:32:e3:41:cb:35:f1:10:16:b6:4d:
                    a4:78:52:55:32:97:b4:0b:f8:13:64:83:c7:ed:c2:
                    95:9d:07:b0:11:66:c9:bb:bc:87:fb:55:c1:b6:b0:
                    5a:a5:fa:12:90:2a:c2:b4:4a:41:19:63:7e:02:46:
                    77:0a:15:87:2f:0a:38:96:dc:77:e0:8d:13:d7:6c:
                    da:27:06:03:5b:7f:97:4d:bf:86:82:e8:dc:39:db:
                    1d:66:88:98:33:47:18:ef:35:17:96:55:50:e0:c4:
                    ad:c4:27:52:a2:b2:8a:52:53:d8:f8:67:83:84:cd:
                    c6:73:e3:c7:35:c5:5f:60:97:02:2d:aa:f2:e7:3c:
                    ba:53:8a:88:07:87:bd:a8:70:0f:8a:5b:3e:fb:21:
                    3b:50:0d:9e:f3:4e:11:4f:09:4e:84:ba:9e:29:4e:
                    f3:f0:fe:50:6f:ce:ab:85:d3:a7:01:5f:0e:8c:02:
                    1b:cf:66:5d:c0:6a:d8:d0:91:91:45:77:2a:1a:34:
                    2c:1a:3a:24:19:b7:47:58:fc:ab:8c:d6:3f:28:36:
                    a9:74:4d:9c:64:73:a8:8e:5b:ca:71:eb:c0:db:be:
                    6e:12:31:48:6e:fd:e2:31:36:d8:1c:4b:0c:df:58:
                    b4:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:B8:90:66:08:A5:8B:ED:BA:9B:ED:CF:77:A5:56:7D:1B:64:FA:66
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/h7iQZgili-26m-3Pd6VWfRtk-mY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:6d:44:c2:20:16:ce:1a:d9:98:1c:da:e3:e6:ce:72:f8:8b:
         e3:30:33:fa:10:11:e4:0b:78:3b:55:c7:50:76:54:c8:ac:a2:
         dc:d4:8d:ef:ef:4c:73:61:73:7b:8a:db:6c:aa:25:7a:a2:ff:
         74:dd:5b:96:01:20:a6:3f:61:72:10:cb:4a:cf:0b:8b:d7:cd:
         05:bb:ce:32:d8:b3:ab:a4:dc:ae:d7:15:9b:6c:a2:0f:68:c4:
         eb:ab:ec:25:85:4a:5e:6c:69:a6:78:30:30:22:05:e7:d5:09:
         e1:62:c4:e7:36:27:dd:48:da:c5:f0:bf:6d:55:a6:f4:fa:b0:
         e6:1b:4d:6b:61:34:f1:dc:1e:e0:e0:0f:3b:14:84:69:17:85:
         fe:59:2f:f2:d2:90:d5:9d:b6:5a:74:11:16:ad:c9:83:96:d3:
         cc:12:f2:b1:ff:d2:bd:7a:8d:40:ab:9c:ac:d8:ff:a6:09:aa:
         db:a6:ec:0e:e5:77:41:77:53:78:a0:56:b8:d6:05:b8:ca:91:
         5f:63:28:cc:74:74:cd:9c:43:c0:a0:3d:85:38:ab:9a:49:85:
         17:7a:08:59:82:6c:67:77:35:ad:f3:bd:2e:93:a6:ef:ce:dc:
         61:11:d4:cf:6c:cb:e7:df:80:9f:95:33:23:5e:9b:47:97:25:
         d6:1e:3b:bc
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYh3gbUdZpa1BNu9c00bOLMTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjAxMTUwOTI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2I4OTA2NjA4YTU4YmVkYmE5YmVkY2Y3N2E1NTY3ZDFiNjRmYTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt9sJuzj7ofl49S91S2alJY2RyjLj
Qcs18RAWtk2keFJVMpe0C/gTZIPH7cKVnQewEWbJu7yH+1XBtrBapfoSkCrCtEpB
GWN+AkZ3ChWHLwo4ltx34I0T12zaJwYDW3+XTb+GgujcOdsdZoiYM0cY7zUXllVQ
4MStxCdSorKKUlPY+GeDhM3Gc+PHNcVfYJcCLary5zy6U4qIB4e9qHAPils++yE7
UA2e804RTwlOhLqeKU7z8P5Qb86rhdOnAV8OjAIbz2ZdwGrY0JGRRXcqGjQsGjok
GbdHWPyrjNY/KDapdE2cZHOojlvKcevA275uEjFIbv3iMTbYHEsM31i09wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIe4kGYIpYvtupvtz3elVn0bZPpmMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvaDdpUVpnaWxpLTI2bS0zUGQ2VldmUnRrLW1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADJtRMIgFs4a2Zgc2uPm
znL4i+MwM/oQEeQLeDtVx1B2VMisotzUje/vTHNhc3uK22yqJXqi/3TdW5YBIKY/
YXIQy0rPC4vXzQW7zjLYs6uk3K7XFZtsog9oxOur7CWFSl5saaZ4MDAiBefVCeFi
xOc2J91I2sXwv21VpvT6sOYbTWthNPHcHuDgDzsUhGkXhf5ZL/LSkNWdtlp0ERat
yYOW08wS8rH/0r16jUCrnKzY/6YJqtum7A7ld0F3U3igVrjWBbjKkV9jKMx0dM2c
Q8CgPYU4q5pJhRd6CFmCbGd3Na3zvS6Tpu/O3GER1M9sy+ffgJ+VMyNem0eXJdYe
O7w=
-----END CERTIFICATE-----