Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/AvqIEYhEMWpyc3j1QLLiboJQskU.roa
File:                     AvqIEYhEMWpyc3j1QLLiboJQskU.roa (raw, json)
Hash identifier:          eJ5l80GJIoIdzyOfApJwp32EP6ryWGH6ceaXfsbQwLs=
Subject key identifier:   02:FA:88:11:88:44:31:6A:72:73:78:F5:40:B2:E2:6E:82:50:B2:45
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01882D47679624A46FDD2A313DAC18F107B3
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/AvqIEYhEMWpyc3j1QLLiboJQskU.roa
Signing time:             Thu 18 May 2023 05:13:54 +0000
ROA not before:           Thu 18 May 2023 05:13:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:2d:47:67:96:24:a4:6f:dd:2a:31:3d:ac:18:f1:07:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 18 05:13:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=02fa88118844316a727378f540b2e26e8250b245
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:cd:10:a6:6f:23:d2:fc:18:3c:68:19:82:5a:
                    37:92:cb:4e:1b:6f:dc:75:9b:1e:0c:f9:09:59:70:
                    69:9e:aa:a0:f4:55:57:98:9c:da:0d:b3:73:d8:90:
                    db:cc:61:12:3a:7e:c9:2a:a3:6f:08:ca:6c:dd:a7:
                    14:9b:0c:5a:75:4f:da:9c:81:02:a2:0a:ac:11:50:
                    72:94:4c:94:e1:c7:c3:48:67:d6:c4:35:18:c4:d1:
                    18:c0:9c:70:1d:1c:16:58:f2:32:16:c9:49:51:e0:
                    e1:f5:6b:b4:e8:d9:49:45:24:51:52:e2:0d:22:01:
                    0c:07:73:7a:09:06:00:3a:53:34:4e:a3:d8:31:87:
                    d4:e4:b0:aa:e5:36:09:69:de:f3:2d:e9:02:f5:73:
                    a2:b0:71:d6:ac:5a:7a:ac:e7:6c:2e:1d:39:be:ba:
                    9f:16:a3:44:28:e9:63:57:8f:d5:38:53:16:ee:47:
                    27:67:95:b6:ea:a1:b7:ee:e1:2a:1c:76:63:2c:bc:
                    22:7a:2b:88:72:1a:d8:eb:b7:1f:16:79:99:9a:69:
                    86:3e:7a:e8:b6:06:29:28:36:f9:e6:6d:80:1e:85:
                    f8:e5:6d:52:a6:3b:10:ac:28:d4:13:ef:57:d2:52:
                    90:37:ea:39:86:2c:2a:63:00:ba:2e:b8:bb:83:a5:
                    62:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:FA:88:11:88:44:31:6A:72:73:78:F5:40:B2:E2:6E:82:50:B2:45
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/AvqIEYhEMWpyc3j1QLLiboJQskU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         ae:3c:a0:08:87:75:02:0e:9b:87:45:bf:3b:cc:e4:59:0e:98:
         f1:50:69:f5:26:d0:38:e4:40:a6:e2:06:5f:d6:3e:ae:83:4f:
         73:26:b9:b8:78:0a:3e:78:27:73:9b:06:8b:e4:8f:f3:ed:e0:
         0e:08:b1:bc:3e:e6:cd:c8:ad:32:3c:5d:b1:0a:5f:cc:f0:e1:
         05:3f:ff:95:7b:73:a0:8d:5e:21:60:4c:f2:c7:5e:cb:22:c5:
         14:25:85:43:3b:f5:43:c0:e0:3a:1c:2f:3e:c1:0a:6e:80:c8:
         14:0a:fd:19:82:5f:b9:fb:6c:84:3d:bd:74:8e:42:74:29:c5:
         69:fd:6b:6c:57:f4:68:09:60:b4:04:74:d9:00:51:48:2d:17:
         ae:26:78:7d:7a:72:5b:cc:df:6f:ab:f0:2c:0a:be:30:5d:f4:
         b7:36:fb:15:ef:0f:97:6b:4b:e6:7e:69:e2:77:ee:36:6a:14:
         aa:7c:6a:9d:5d:4d:72:df:bf:32:3c:01:14:f5:4e:2d:36:14:
         7a:a3:27:ac:d1:53:82:8e:9c:2e:b8:83:49:06:d6:4b:1d:da:
         09:4e:41:6c:c8:63:1f:b0:34:05:90:03:f3:9e:6e:bd:98:1f:
         d2:45:02:7a:a1:d3:bd:1c:10:1c:f7:83:db:93:d0:15:1c:da:
         5b:dd:40:ac
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgtR2eWJKRv3SoxPawY8QezMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTE4MDUxMzU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmZhODgxMTg4NDQzMTZhNzI3Mzc4ZjU0MGIyZTI2ZTgyNTBiMjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsM0Qpm8j0vwYPGgZglo3kstOG2/c
dZseDPkJWXBpnqqg9FVXmJzaDbNz2JDbzGESOn7JKqNvCMps3acUmwxadU/anIEC
ogqsEVBylEyU4cfDSGfWxDUYxNEYwJxwHRwWWPIyFslJUeDh9Wu06NlJRSRRUuIN
IgEMB3N6CQYAOlM0TqPYMYfU5LCq5TYJad7zLekC9XOisHHWrFp6rOdsLh05vrqf
FqNEKOljV4/VOFMW7kcnZ5W26qG37uEqHHZjLLwieiuIchrY67cfFnmZmmmGPnro
tgYpKDb55m2AHoX45W1SpjsQrCjUE+9X0lKQN+o5hiwqYwC6Lri7g6Vi7wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAL6iBGIRDFqcnN49UCy4m6CULJFMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQXZxSUVZaEVNV3B5YzNqMVFMTGlib0pRc2tVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAK48oAiHdQIOm4dFvzvM
5FkOmPFQafUm0DjkQKbiBl/WPq6DT3Mmubh4Cj54J3ObBovkj/Pt4A4Isbw+5s3I
rTI8XbEKX8zw4QU//5V7c6CNXiFgTPLHXssixRQlhUM79UPA4DocLz7BCm6AyBQK
/RmCX7n7bIQ9vXSOQnQpxWn9a2xX9GgJYLQEdNkAUUgtF64meH16clvM32+r8CwK
vjBd9Lc2+xXvD5drS+Z+aeJ37jZqFKp8ap1dTXLfvzI8ART1Ti02FHqjJ6zRU4KO
nC64g0kG1ksd2glOQWzIYx+wNAWQA/Oebr2YH9JFAnqh070cEBz3g9uT0BUc2lvd
QKw=
-----END CERTIFICATE-----