Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/6t-QZEC6oJKS_EtVnL_hNS-IZyY.roa
File:                     6t-QZEC6oJKS_EtVnL_hNS-IZyY.roa (raw, json)
Hash identifier:          XMWOwTdhUYDSv9WA8eOCESkKmi26MiQJRfc2OrfrbbY=
Subject key identifier:   EA:DF:90:64:40:BA:A0:92:92:FC:4B:55:9C:BF:E1:35:2F:88:67:26
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01880BC8CE323607DE6C2F1CA705647EA8C4
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/6t-QZEC6oJKS_EtVnL_hNS-IZyY.roa
Signing time:             Thu 11 May 2023 17:08:09 +0000
ROA not before:           Thu 11 May 2023 17:08:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:0b:c8:ce:32:36:07:de:6c:2f:1c:a7:05:64:7e:a8:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 11 17:08:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=eadf906440baa09292fc4b559cbfe1352f886726
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:05:51:8f:10:fe:6b:e3:6a:0d:05:bc:4f:9e:
                    76:7e:d9:c0:31:fc:67:a4:1f:31:4c:ea:fe:b9:d6:
                    8a:cd:e1:b2:42:f8:51:11:3b:2d:35:21:0c:5e:cd:
                    ac:e8:19:26:f6:ec:0c:f5:3a:b7:ba:27:81:9a:b2:
                    f9:cf:ad:c8:5d:a7:ae:98:bd:87:78:55:cb:cf:3c:
                    5a:59:47:92:b5:6b:13:81:91:7a:b4:c7:43:bb:7c:
                    94:70:80:28:86:c4:89:f5:9f:00:9b:d2:eb:9a:01:
                    82:47:9c:a7:2b:95:5f:0e:b8:55:db:19:ad:70:68:
                    34:ee:5d:fb:3d:ff:17:c3:75:b9:28:ec:ce:24:6b:
                    30:29:9d:03:ee:87:12:c0:0a:f1:3b:a4:5d:60:51:
                    fc:85:96:a3:a6:23:f7:1d:02:79:28:71:75:9b:df:
                    55:25:99:69:4d:cd:e0:86:f1:c7:a6:2d:5b:0e:a2:
                    37:6a:40:68:d0:42:07:90:6f:35:8b:b5:51:b5:b6:
                    6a:2e:b9:48:5a:81:6e:94:ce:df:70:24:30:f1:80:
                    80:4c:72:73:0c:eb:ea:e5:ea:66:9e:b7:a9:f7:64:
                    6f:87:10:a6:67:2e:3b:60:84:dc:e7:9e:21:c1:73:
                    a9:8e:e1:b1:4b:c7:bf:7c:d8:25:73:ce:4a:ff:11:
                    6d:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:DF:90:64:40:BA:A0:92:92:FC:4B:55:9C:BF:E1:35:2F:88:67:26
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/6t-QZEC6oJKS_EtVnL_hNS-IZyY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:90:66:e3:a4:d3:01:d9:99:56:c9:dd:f1:72:8c:f1:7c:d1:
         eb:b1:f0:3b:98:ef:67:7b:7b:4e:43:0c:ae:91:0f:ee:0b:37:
         7e:70:ce:12:c3:fc:cc:f9:45:11:a7:3c:83:1c:72:6d:58:68:
         46:c5:21:a8:d1:90:65:50:71:22:71:07:11:fa:80:ef:c0:ca:
         c2:24:b9:71:f8:d6:1c:66:71:35:9f:c0:7f:69:e5:4f:9a:e7:
         71:71:ae:a1:28:9b:e3:71:63:75:30:61:1e:bd:55:ca:77:0b:
         6c:a4:d6:52:bc:86:4d:f9:11:50:94:7b:4d:03:f1:bb:5d:c0:
         c9:6c:fb:86:35:2a:9a:26:3b:21:66:4a:ef:d3:05:48:c0:05:
         ad:ea:09:66:00:f8:44:36:25:22:bf:fc:ce:ba:70:29:ec:91:
         df:49:e8:fc:0b:a3:02:1e:3e:97:80:ce:52:55:8a:a9:2f:97:
         03:ec:83:0c:62:c0:15:fd:ee:69:71:ea:9c:f2:04:eb:8b:c6:
         39:ac:69:6f:b2:26:50:b2:f6:d7:62:5d:9d:fb:0b:c2:9c:31:
         b2:dc:26:0a:61:1b:6e:f4:51:e6:f2:7e:29:22:cb:e9:39:33:
         fd:ce:fd:57:74:44:cb:73:2d:05:d3:0d:10:38:e6:77:07:af:
         fa:95:37:58
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgLyM4yNgfebC8cpwVkfqjEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTExMTcwODA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWRmOTA2NDQwYmFhMDkyOTJmYzRiNTU5Y2JmZTEzNTJmODg2NzI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQVRjxD+a+NqDQW8T552ftnAMfxn
pB8xTOr+udaKzeGyQvhRETstNSEMXs2s6Bkm9uwM9Tq3uieBmrL5z63IXaeumL2H
eFXLzzxaWUeStWsTgZF6tMdDu3yUcIAohsSJ9Z8Am9LrmgGCR5ynK5VfDrhV2xmt
cGg07l37Pf8Xw3W5KOzOJGswKZ0D7ocSwArxO6RdYFH8hZajpiP3HQJ5KHF1m99V
JZlpTc3ghvHHpi1bDqI3akBo0EIHkG81i7VRtbZqLrlIWoFulM7fcCQw8YCATHJz
DOvq5epmnrep92RvhxCmZy47YITc554hwXOpjuGxS8e/fNglc85K/xFtrQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOrfkGRAuqCSkvxLVZy/4TUviGcmMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNnQtUVpFQzZvSktTX0V0Vm5MX2hOUy1JWnlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAA2QZuOk0wHZmVbJ3fFy
jPF80eux8DuY72d7e05DDK6RD+4LN35wzhLD/Mz5RRGnPIMccm1YaEbFIajRkGVQ
cSJxBxH6gO/AysIkuXH41hxmcTWfwH9p5U+a53FxrqEom+NxY3UwYR69Vcp3C2yk
1lK8hk35EVCUe00D8btdwMls+4Y1KpomOyFmSu/TBUjABa3qCWYA+EQ2JSK//M66
cCnskd9J6PwLowIePpeAzlJViqkvlwPsgwxiwBX97mlx6pzyBOuLxjmsaW+yJlCy
9tdiXZ37C8KcMbLcJgphG270Uebyfikiy+k5M/3O/Vd0RMtzLQXTDRA45ncHr/qV
N1g=
-----END CERTIFICATE-----