Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/6qR3CHhMcndpAMGbZ-6hBsv6l9Q.roa
File:                     6qR3CHhMcndpAMGbZ-6hBsv6l9Q.roa (raw, json)
Hash identifier:          ttgX3ozxrD7QtbkXC2XWR1yCfd33j6tTcTpmyjfIINk=
Subject key identifier:   EA:A4:77:08:78:4C:72:77:69:00:C1:9B:67:EE:A1:06:CB:FA:97:D4
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187D0FE076EACCDE7FC056B94BBA455C308
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/6qR3CHhMcndpAMGbZ-6hBsv6l9Q.roa
Signing time:             Sun 30 Apr 2023 07:08:41 +0000
ROA not before:           Sun 30 Apr 2023 07:08:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:d0:fe:07:6e:ac:cd:e7:fc:05:6b:94:bb:a4:55:c3:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 30 07:08:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=eaa47708784c72776900c19b67eea106cbfa97d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:82:a3:61:f3:0e:a2:47:86:79:4e:73:0e:e3:
                    15:e1:5b:f5:1d:92:83:11:15:38:e7:b1:d3:a8:f6:
                    57:38:9c:2d:d3:85:10:3b:2e:0a:31:36:94:b3:6b:
                    2e:93:06:c0:3a:a5:bb:87:25:5e:71:74:3f:9a:46:
                    37:16:21:70:b5:17:59:90:99:d1:39:57:bf:fa:c4:
                    89:31:05:7d:e0:55:74:7d:49:21:79:bf:8b:5b:59:
                    80:d0:97:0c:4b:17:9f:33:2d:97:4b:1f:e6:d8:df:
                    c8:1e:0a:8c:ea:8b:24:bf:90:3d:2b:ed:68:77:bc:
                    cd:41:47:b3:c9:22:3a:3b:98:03:18:80:64:f9:c4:
                    33:72:59:e9:42:d3:4e:5c:77:84:58:54:eb:dc:12:
                    3a:7f:03:10:0f:75:59:da:a6:6e:8a:d5:d6:6f:03:
                    a8:e3:e3:08:83:90:08:dd:64:34:9a:dd:dc:28:28:
                    c0:37:c3:9a:4f:74:2b:b9:24:ae:4c:6d:70:36:8e:
                    07:74:62:5d:cc:a7:ad:0e:a1:e6:29:91:78:de:49:
                    eb:a4:d8:fa:39:2b:0c:45:cc:ae:b2:26:c8:55:03:
                    a8:ca:32:54:17:08:1a:c8:df:6e:a5:84:fe:e0:c1:
                    81:54:8f:8c:e4:e9:85:71:fe:5a:80:71:23:b8:95:
                    70:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:A4:77:08:78:4C:72:77:69:00:C1:9B:67:EE:A1:06:CB:FA:97:D4
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/6qR3CHhMcndpAMGbZ-6hBsv6l9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:9a:dc:b3:c9:71:e9:d0:e6:5b:bc:2a:a5:04:1f:ed:19:61:
         44:fa:3a:6e:07:c4:5c:42:c4:63:85:88:3a:60:c7:b8:93:c6:
         b6:21:38:d2:db:26:e8:a5:19:c1:de:83:94:93:8b:a4:f4:97:
         14:1b:67:30:6a:8e:11:c9:ca:28:ba:3e:ce:8a:78:3c:6d:cb:
         2d:63:e8:99:a2:fb:7d:70:ac:81:e4:73:03:33:81:f7:d1:34:
         12:64:94:51:f8:2b:09:be:40:c8:a0:9e:ca:d6:f9:e4:3e:ab:
         34:40:53:08:1b:e9:6b:bc:e5:97:53:5d:9b:53:64:8e:73:ab:
         66:6f:3c:7d:be:31:44:80:6c:26:91:3d:27:b1:cf:af:9d:4f:
         99:48:02:e5:c2:5f:9e:7a:1d:cd:53:95:dc:cf:03:dc:ac:28:
         09:6e:e1:8c:94:9f:2d:ed:90:28:d7:af:a1:4a:9d:c2:ed:69:
         5e:24:4b:96:0c:fe:64:9d:ee:ba:d8:36:a4:5c:73:c8:07:b6:
         b7:87:da:96:c6:b1:f3:95:49:23:1f:92:4a:87:67:1c:c9:28:
         ad:c1:47:56:83:92:c3:3b:45:65:ad:4e:c2:df:e4:b8:c8:2b:
         57:3d:6a:c9:32:07:fd:35:5e:7e:22:ef:05:9e:f2:23:99:25:
         20:8a:0a:14
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfQ/gdurM3n/AVrlLukVcMIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDMwMDcwODQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWE0NzcwODc4NGM3Mjc3NjkwMGMxOWI2N2VlYTEwNmNiZmE5N2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy4KjYfMOokeGeU5zDuMV4Vv1HZKD
ERU457HTqPZXOJwt04UQOy4KMTaUs2sukwbAOqW7hyVecXQ/mkY3FiFwtRdZkJnR
OVe/+sSJMQV94FV0fUkheb+LW1mA0JcMSxefMy2XSx/m2N/IHgqM6oskv5A9K+1o
d7zNQUezySI6O5gDGIBk+cQzclnpQtNOXHeEWFTr3BI6fwMQD3VZ2qZuitXWbwOo
4+MIg5AI3WQ0mt3cKCjAN8OaT3QruSSuTG1wNo4HdGJdzKetDqHmKZF43knrpNj6
OSsMRcyusibIVQOoyjJUFwgayN9upYT+4MGBVI+M5OmFcf5agHEjuJVwdQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOqkdwh4THJ3aQDBm2fuoQbL+pfUMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNnFSM0NIaE1jbmRwQU1HYlotNmhCc3Y2bDlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAASa3LPJcenQ5lu8KqUE
H+0ZYUT6Om4HxFxCxGOFiDpgx7iTxrYhONLbJuilGcHeg5STi6T0lxQbZzBqjhHJ
yii6Ps6KeDxtyy1j6Jmi+31wrIHkcwMzgffRNBJklFH4Kwm+QMignsrW+eQ+qzRA
Uwgb6Wu85ZdTXZtTZI5zq2ZvPH2+MUSAbCaRPSexz6+dT5lIAuXCX556Hc1TldzP
A9ysKAlu4YyUny3tkCjXr6FKncLtaV4kS5YM/mSd7rrYNqRcc8gHtreH2pbGsfOV
SSMfkkqHZxzJKK3BR1aDksM7RWWtTsLf5LjIK1c9askyB/01Xn4i7wWe8iOZJSCK
ChQ=
-----END CERTIFICATE-----