Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/q7TcLg95jWrYl3NJ_ZD_we5fw70.roa
File:                     q7TcLg95jWrYl3NJ_ZD_we5fw70.roa (raw, json)
Hash identifier:          Uipsi0lL02i/snNrq/hDAW1LWUpRfYx3aa6BgtnhJkg=
Subject key identifier:   AB:B4:DC:2E:0F:79:8D:6A:D8:97:73:49:FD:90:FF:C1:EE:5F:C3:BD
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188CF0F42534FAA8153D17845BF1228E158
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/q7TcLg95jWrYl3NJ_ZD_we5fw70.roa
Signing time:             Sun 18 Jun 2023 15:11:03 +0000
ROA not before:           Sun 18 Jun 2023 15:11:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:cf:0f:42:53:4f:aa:81:53:d1:78:45:bf:12:28:e1:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 18 15:11:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=abb4dc2e0f798d6ad8977349fd90ffc1ee5fc3bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:57:b4:4e:9f:cd:ee:e6:9d:9a:cf:4a:5d:db:
                    99:51:f8:d8:d4:84:4b:58:86:44:38:e0:51:e8:60:
                    4d:51:e6:1e:81:75:1d:3e:59:72:17:6d:14:20:4b:
                    71:3f:79:42:93:f1:ff:8f:07:32:8d:70:4e:34:66:
                    09:5a:d1:8c:52:61:f4:f6:ab:cf:10:d0:26:d6:c9:
                    84:7e:10:bd:cd:28:29:54:b5:b8:ff:2c:c4:12:5b:
                    e2:8a:4a:25:3a:cc:c9:2d:d8:17:ac:7c:50:15:11:
                    e3:22:d4:b0:86:ec:be:b9:a0:d7:45:e1:6f:4b:83:
                    00:eb:53:fc:87:af:85:5c:be:80:61:4d:3a:8a:ec:
                    82:fb:28:b0:72:ef:00:8e:d6:cb:ea:43:13:79:bb:
                    12:9c:83:5d:ff:6a:cb:7d:92:94:f2:95:56:db:a8:
                    c5:61:6a:ff:dc:17:ef:7e:b3:4e:18:b9:eb:58:c2:
                    ea:a4:5e:3c:53:56:ca:83:67:8d:04:3b:49:46:bd:
                    2b:22:df:b0:2a:17:ae:dd:30:5a:03:d1:6e:82:6e:
                    18:62:fd:12:50:82:25:d9:39:60:0a:e3:17:3f:11:
                    3f:bb:16:c9:e5:f5:33:61:32:23:0e:75:76:46:09:
                    b9:03:07:fa:40:51:fc:1b:85:4f:6d:27:ac:4e:5a:
                    97:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:B4:DC:2E:0F:79:8D:6A:D8:97:73:49:FD:90:FF:C1:EE:5F:C3:BD
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/q7TcLg95jWrYl3NJ_ZD_we5fw70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         5a:86:06:c4:17:cb:a6:f0:dd:ee:d4:19:ea:46:f4:5a:5d:2f:
         ae:7f:1b:44:5b:3c:d5:50:27:e2:e5:bc:b6:d5:34:69:11:ff:
         e0:3d:78:62:a0:ff:32:69:02:cd:ae:80:bb:9d:54:95:0d:15:
         5b:55:a9:4b:72:45:94:e3:8f:a7:0b:81:93:ae:76:4d:84:24:
         ff:55:df:9f:90:c5:02:3c:35:f3:4b:76:46:d5:fb:76:2b:b2:
         05:7d:ad:7f:40:3b:66:2b:ad:3c:0a:0a:23:7a:0e:00:42:b0:
         34:ed:98:47:01:85:20:2c:39:60:9b:f4:6f:d4:e3:80:dd:0d:
         f8:e3:e8:0f:e7:5f:b3:75:08:e1:40:ca:eb:f5:99:55:25:05:
         24:36:9c:3b:7b:73:d9:73:06:cd:5c:b1:9e:95:10:cc:20:ca:
         71:9d:81:73:68:61:d8:c1:52:ea:d6:e8:94:c7:5b:4e:6f:f8:
         5f:49:d8:43:f6:dd:b3:c8:23:f8:8f:0a:91:54:f7:f8:01:ad:
         98:d4:2a:27:ae:a9:17:56:e1:03:c3:44:60:51:54:78:32:3a:
         db:7f:fb:41:9c:75:b9:75:14:dc:93:77:71:2f:e1:9f:27:93:
         d5:e8:8c:de:c2:9b:27:6d:b7:44:d9:a7:72:e2:5d:b1:5f:3c:
         06:af:b3:a3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYjPD0JTT6qBU9F4Rb8SKOFYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjE4MTUxMTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmI0ZGMyZTBmNzk4ZDZhZDg5NzczNDlmZDkwZmZjMWVlNWZjM2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxle0Tp/N7uadms9KXduZUfjY1IRL
WIZEOOBR6GBNUeYegXUdPllyF20UIEtxP3lCk/H/jwcyjXBONGYJWtGMUmH09qvP
ENAm1smEfhC9zSgpVLW4/yzEElviikolOszJLdgXrHxQFRHjItSwhuy+uaDXReFv
S4MA61P8h6+FXL6AYU06iuyC+yiwcu8AjtbL6kMTebsSnINd/2rLfZKU8pVW26jF
YWr/3BfvfrNOGLnrWMLqpF48U1bKg2eNBDtJRr0rIt+wKheu3TBaA9Fugm4YYv0S
UIIl2TlgCuMXPxE/uxbJ5fUzYTIjDnV2Rgm5Awf6QFH8G4VPbSesTlqXdQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKu03C4PeY1q2JdzSf2Q/8HuX8O9MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcTdUY0xnOTVqV3JZbDNOSl9aRF93ZTVmdzcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFqGBsQXy6bw3e7UGepG
9FpdL65/G0RbPNVQJ+LlvLbVNGkR/+A9eGKg/zJpAs2ugLudVJUNFVtVqUtyRZTj
j6cLgZOudk2EJP9V35+QxQI8NfNLdkbV+3YrsgV9rX9AO2YrrTwKCiN6DgBCsDTt
mEcBhSAsOWCb9G/U44DdDfjj6A/nX7N1COFAyuv1mVUlBSQ2nDt7c9lzBs1csZ6V
EMwgynGdgXNoYdjBUurW6JTHW05v+F9J2EP23bPII/iPCpFU9/gBrZjUKieuqRdW
4QPDRGBRVHgyOtt/+0Gcdbl1FNyTd3Ev4Z8nk9XojN7Cmydtt0TZp3LiXbFfPAav
s6M=
-----END CERTIFICATE-----