Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ogN7sUvG3PDw151Y8quT9Y1R-7U.roa
File:                     ogN7sUvG3PDw151Y8quT9Y1R-7U.roa (raw, json)
Hash identifier:          3h5XzWx54c+EzMwTb2K+yzlNlpusJwM/JVpS9Ljbpbo=
Subject key identifier:   A2:03:7B:B1:4B:C6:DC:F0:F0:D7:9D:58:F2:AB:93:F5:8D:51:FB:B5
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018716C4C511D8365F428998FC77EF9927AE
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ogN7sUvG3PDw151Y8quT9Y1R-7U.roa
Signing time:             Sat 25 Mar 2023 03:16:46 +0000
ROA not before:           Sat 25 Mar 2023 03:16:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:16:c4:c5:11:d8:36:5f:42:89:98:fc:77:ef:99:27:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 25 03:16:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a2037bb14bc6dcf0f0d79d58f2ab93f58d51fbb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:b3:8b:76:b5:fd:82:81:f3:c8:a2:5d:6b:39:
                    8f:23:3a:03:e1:bd:14:ce:d2:98:00:33:75:1d:33:
                    b2:66:67:7d:3d:27:ca:2c:42:8f:e0:7d:d6:b1:b7:
                    08:e6:7f:6b:50:69:94:8b:f4:b4:f0:86:b3:a1:6b:
                    a9:d5:5e:f5:84:83:f2:3b:3a:8d:75:73:20:8e:f7:
                    2c:8c:d3:61:fd:09:1b:ed:2b:8a:4d:7b:51:4d:43:
                    cf:f3:5f:60:2d:60:79:13:f0:fa:a0:75:0f:59:21:
                    47:9b:de:1a:50:57:1a:a0:0f:ee:b2:89:a3:a3:18:
                    09:1c:45:28:1a:09:da:06:c2:1b:07:f9:eb:4c:46:
                    fb:cf:62:cb:cc:28:a0:c9:53:99:66:58:01:a6:25:
                    f7:fd:14:82:2c:db:16:32:20:81:2e:ce:f4:14:34:
                    fd:26:51:fb:4d:55:33:9c:de:e0:02:97:73:6d:42:
                    68:54:be:85:39:f7:98:47:01:f4:70:e4:e1:92:f0:
                    7f:45:93:e7:1e:71:cf:39:d3:9a:26:16:64:93:4f:
                    df:ee:95:16:c2:c3:d3:77:b5:81:da:e9:fe:8e:e1:
                    31:02:14:4b:b0:ab:76:a6:90:8c:c3:61:3e:51:b2:
                    53:fd:ae:ff:05:a5:ba:75:0f:8b:0b:0b:61:5b:c5:
                    cc:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:03:7B:B1:4B:C6:DC:F0:F0:D7:9D:58:F2:AB:93:F5:8D:51:FB:B5
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ogN7sUvG3PDw151Y8quT9Y1R-7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2b:8c:77:3a:34:d3:e3:b7:fd:61:d4:62:65:c6:97:07:d9:1e:
         4d:cd:46:81:7f:06:98:b5:bb:1e:da:23:9d:e3:67:0a:5b:54:
         27:53:c3:bf:56:71:71:95:be:02:96:5b:89:ad:cf:e8:74:13:
         85:d9:b5:e8:be:ac:13:c8:93:fa:8a:c5:bf:2d:73:e1:98:ef:
         f3:56:cb:41:32:b7:98:11:2e:fc:50:b9:47:0b:0a:ab:10:84:
         b7:f0:a1:c6:6d:88:85:4a:28:4e:76:bf:23:99:91:68:d7:b8:
         57:a7:c2:2b:c7:4d:06:0d:b6:f0:f4:51:68:44:37:0c:a4:00:
         59:82:12:d1:31:d9:1b:61:6d:61:f7:b1:f7:95:0f:ce:f9:af:
         96:eb:aa:c5:eb:02:39:8c:d3:d1:17:52:a6:79:5d:36:1a:bb:
         6b:2e:e9:37:e9:27:67:c6:10:6f:91:27:e6:f1:bf:ce:ec:9f:
         a3:5e:cd:ec:d6:90:1b:30:de:c8:29:24:c3:c8:82:18:ad:31:
         ee:ef:81:4d:c0:16:39:71:4c:d1:56:8d:5d:0b:45:af:e1:50:
         71:3c:45:0a:9a:5c:7f:a6:24:81:e8:ca:ae:02:aa:35:aa:44:
         eb:fe:d6:e9:cb:b1:23:d6:a8:2a:bd:a8:9e:aa:48:e8:49:1c:
         7b:4b:c7:d2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcWxMUR2DZfQomY/HfvmSeuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI1MDMxNjQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjAzN2JiMTRiYzZkY2YwZjBkNzlkNThmMmFiOTNmNThkNTFmYmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwbOLdrX9goHzyKJdazmPIzoD4b0U
ztKYADN1HTOyZmd9PSfKLEKP4H3WsbcI5n9rUGmUi/S08IazoWup1V71hIPyOzqN
dXMgjvcsjNNh/Qkb7SuKTXtRTUPP819gLWB5E/D6oHUPWSFHm94aUFcaoA/usomj
oxgJHEUoGgnaBsIbB/nrTEb7z2LLzCigyVOZZlgBpiX3/RSCLNsWMiCBLs70FDT9
JlH7TVUznN7gApdzbUJoVL6FOfeYRwH0cOThkvB/RZPnHnHPOdOaJhZkk0/f7pUW
wsPTd7WB2un+juExAhRLsKt2ppCMw2E+UbJT/a7/BaW6dQ+LCwthW8XMFwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKIDe7FLxtzw8NedWPKrk/WNUfu1MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvb2dON3NVdkczUER3MTUxWThxdVQ5WTFSLTdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACuMdzo00+O3/WHUYmXG
lwfZHk3NRoF/Bpi1ux7aI53jZwpbVCdTw79WcXGVvgKWW4mtz+h0E4XZtei+rBPI
k/qKxb8tc+GY7/NWy0Eyt5gRLvxQuUcLCqsQhLfwocZtiIVKKE52vyOZkWjXuFen
wivHTQYNtvD0UWhENwykAFmCEtEx2RthbWH3sfeVD875r5brqsXrAjmM09EXUqZ5
XTYau2su6TfpJ2fGEG+RJ+bxv87sn6NezezWkBsw3sgpJMPIghitMe7vgU3AFjlx
TNFWjV0LRa/hUHE8RQqaXH+mJIHoyq4CqjWqROv+1unLsSPWqCq9qJ6qSOhJHHtL
x9I=
-----END CERTIFICATE-----