Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hSb-s0oSCLCq_f6vb0Zvt1agBWY.roa
File:                     hSb-s0oSCLCq_f6vb0Zvt1agBWY.roa (raw, json)
Hash identifier:          TS9oWRCDThmX5MCAo9FhBNU0dhpkn8lAR3CmXtt9wWg=
Subject key identifier:   85:26:FE:B3:4A:12:08:B0:AA:FD:FE:AF:6F:46:6F:B7:56:A0:05:66
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01897DB3929CCCEB760CD33123613651A21B
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hSb-s0oSCLCq_f6vb0Zvt1agBWY.roa
Signing time:             Sat 22 Jul 2023 13:04:27 +0000
ROA not before:           Sat 22 Jul 2023 13:04:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:189:7db3:7df0/128 maxlen: 128
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:7d:b3:92:9c:cc:eb:76:0c:d3:31:23:61:36:51:a2:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 22 13:04:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8526feb34a1208b0aafdfeaf6f466fb756a00566
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:91:da:38:30:46:ab:fa:d2:f4:26:02:5a:01:
                    a8:ac:d3:33:c4:f5:b8:ef:7a:69:91:e3:81:51:bf:
                    c0:c6:8c:87:9a:23:c3:0c:e0:06:ad:a9:df:e0:b5:
                    7d:7f:9e:d1:2e:2e:4e:20:69:37:4d:bd:b2:1b:e2:
                    4b:e4:d4:ea:80:e7:10:e6:13:e2:42:7f:10:37:59:
                    50:ae:43:06:76:0b:49:33:9b:9a:09:a1:c2:8a:9a:
                    2f:76:09:84:b9:39:27:62:6a:00:7c:6d:d1:99:aa:
                    5e:89:80:f7:42:83:4a:13:4f:83:9d:78:42:54:0d:
                    55:0b:c2:c9:43:5b:d1:b2:8a:21:04:14:bc:0f:3c:
                    b8:29:d2:75:92:4b:f3:10:1a:77:87:a4:0c:89:48:
                    2e:f9:e7:c1:a3:f5:0f:c9:87:42:80:8c:7a:56:a5:
                    4a:36:f0:71:d0:7d:16:90:c6:f6:3f:f3:f4:57:14:
                    4f:a8:97:41:c9:03:80:ea:63:59:85:ed:67:eb:2d:
                    e1:7d:e3:08:7a:8e:17:00:0a:bf:27:13:80:43:ac:
                    cc:ff:87:05:ad:e3:cf:bb:eb:93:39:c0:04:7d:b9:
                    23:5b:9e:78:c4:2a:f8:c6:45:5d:8c:4d:b3:ce:b5:
                    82:70:a3:35:bb:4c:eb:1e:0b:8a:d7:e7:54:2a:4f:
                    2a:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:26:FE:B3:4A:12:08:B0:AA:FD:FE:AF:6F:46:6F:B7:56:A0:05:66
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hSb-s0oSCLCq_f6vb0Zvt1agBWY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a9:e8:bf:4f:c1:a1:94:b4:1a:8a:d7:76:a6:ff:9f:7b:a9:ba:
         c9:43:ad:15:61:3b:f8:ae:70:bc:d8:27:43:c3:35:41:3b:46:
         87:84:5c:60:bd:43:8a:69:9e:be:f7:ba:63:fc:3d:d3:54:74:
         3f:96:99:6a:83:eb:08:00:d9:13:56:ee:29:55:81:4b:d4:b0:
         40:f4:bf:c4:1b:a9:10:2b:1f:d5:3b:41:1c:84:41:c4:e3:ae:
         02:51:b9:ad:cf:0b:92:39:13:93:d8:18:e9:f6:fa:6c:b7:47:
         a4:a7:12:e9:7d:87:48:46:23:42:92:ce:d8:02:89:17:61:58:
         c4:82:04:45:66:e0:27:bd:ec:86:b4:c2:e8:ff:83:f4:9d:08:
         c2:9e:d2:af:24:46:75:63:62:c4:c4:a9:14:8c:4f:d8:48:26:
         b0:55:85:3d:75:c5:f5:79:89:fb:7e:3f:27:df:65:67:eb:3a:
         ea:17:1b:b0:52:e2:6a:38:ac:d0:10:10:b4:cd:9e:4b:f9:e9:
         9f:09:93:d0:69:42:6a:1f:b1:1e:f8:8e:3b:a6:c4:d6:c4:45:
         02:c1:d3:a7:4b:f5:15:b6:50:96:d3:f2:29:86:07:bb:42:e9:
         36:2f:c2:13:0d:7c:5f:05:79:31:b7:75:82:5e:a4:db:33:4b:
         3c:73:f6:3d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYl9s5KczOt2DNMxI2E2UaIbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzIyMTMwNDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTI2ZmViMzRhMTIwOGIwYWFmZGZlYWY2ZjQ2NmZiNzU2YTAwNTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlpHaODBGq/rS9CYCWgGorNMzxPW4
73ppkeOBUb/AxoyHmiPDDOAGranf4LV9f57RLi5OIGk3Tb2yG+JL5NTqgOcQ5hPi
Qn8QN1lQrkMGdgtJM5uaCaHCipovdgmEuTknYmoAfG3RmapeiYD3QoNKE0+DnXhC
VA1VC8LJQ1vRsoohBBS8Dzy4KdJ1kkvzEBp3h6QMiUgu+efBo/UPyYdCgIx6VqVK
NvBx0H0WkMb2P/P0VxRPqJdByQOA6mNZhe1n6y3hfeMIeo4XAAq/JxOAQ6zM/4cF
rePPu+uTOcAEfbkjW554xCr4xkVdjE2zzrWCcKM1u0zrHguK1+dUKk8qIwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIUm/rNKEgiwqv3+r29Gb7dWoAVmMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvaFNiLXMwb1NDTENxX2Y2dmIwWnZ0MWFnQldZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKnov0/BoZS0GorXdqb/
n3upuslDrRVhO/iucLzYJ0PDNUE7RoeEXGC9Q4ppnr73umP8PdNUdD+WmWqD6wgA
2RNW7ilVgUvUsED0v8QbqRArH9U7QRyEQcTjrgJRua3PC5I5E5PYGOn2+my3R6Sn
Eul9h0hGI0KSztgCiRdhWMSCBEVm4Ce97Ia0wuj/g/SdCMKe0q8kRnVjYsTEqRSM
T9hIJrBVhT11xfV5ift+PyffZWfrOuoXG7BS4mo4rNAQELTNnkv56Z8Jk9BpQmof
sR74jjumxNbERQLB06dL9RW2UJbT8imGB7tC6TYvwhMNfF8FeTG3dYJepNszSzxz
9j0=
-----END CERTIFICATE-----