Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/EqPOSZi2Fedn2bCiuDZ56Xi_HEw.roa
File:                     EqPOSZi2Fedn2bCiuDZ56Xi_HEw.roa (raw, json)
Hash identifier:          bxlqug+oGftrp5EY2Bi1dSNHJxFUlGI8/D/60EhDkIQ=
Subject key identifier:   12:A3:CE:49:98:B6:15:E7:67:D9:B0:A2:B8:36:79:E9:78:BF:1C:4C
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186F20E94A93F84A9C8AFFF23DC962E11CD
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/EqPOSZi2Fedn2bCiuDZ56Xi_HEw.roa
Signing time:             Sat 18 Mar 2023 00:11:27 +0000
ROA not before:           Sat 18 Mar 2023 00:11:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:f2:0e:94:a9:3f:84:a9:c8:af:ff:23:dc:96:2e:11:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 18 00:11:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=12a3ce4998b615e767d9b0a2b83679e978bf1c4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:10:8d:3e:30:a9:92:00:16:4d:9c:70:6a:9a:
                    32:ad:7b:64:fd:02:3d:91:d5:c7:6c:50:35:64:1a:
                    7a:30:fa:b9:3a:54:2c:22:15:19:d5:44:c6:56:78:
                    4c:92:3e:be:19:d3:43:92:54:4e:e9:e7:69:6f:57:
                    58:33:4f:37:a7:09:05:21:1d:72:99:f7:96:68:ac:
                    36:7b:cc:bb:b3:b8:4c:dc:03:8d:f0:08:4a:24:0b:
                    2c:c1:22:e3:99:af:bb:25:c5:02:36:ea:07:31:c8:
                    56:5a:ae:65:43:e9:3b:8a:8a:96:d1:b6:98:e2:a4:
                    11:66:8f:0f:d6:76:df:8f:f7:cd:03:71:e2:9e:bc:
                    d5:08:8c:5a:ad:65:c8:03:ac:82:db:a7:06:f0:67:
                    7e:16:10:6a:92:d5:c8:21:72:17:06:04:07:38:c8:
                    d7:9c:0e:b5:9b:25:bf:20:ef:c0:85:87:cd:ba:78:
                    c0:b3:5c:d1:ba:b2:91:d8:23:80:f5:73:0c:a2:0d:
                    47:15:da:f4:b5:b7:b8:c4:45:71:0c:c0:2e:55:ec:
                    d4:0f:f8:7c:23:93:4f:a4:29:13:2d:af:df:26:53:
                    89:63:c2:58:7a:eb:82:79:08:29:e4:2b:95:49:84:
                    a3:05:ee:97:8d:06:8e:90:db:22:9c:39:15:f9:5a:
                    22:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:A3:CE:49:98:B6:15:E7:67:D9:B0:A2:B8:36:79:E9:78:BF:1C:4C
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/EqPOSZi2Fedn2bCiuDZ56Xi_HEw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         66:f0:e3:62:77:dd:28:97:1b:1b:c6:37:f2:83:14:49:58:e3:
         58:dc:61:53:d8:27:34:5d:d7:38:fa:23:68:31:4c:ac:16:c0:
         15:38:ff:a0:1f:cb:47:4a:6d:0d:eb:cd:6f:e3:ee:60:c6:fd:
         38:35:40:4e:5b:87:44:cf:82:2b:3f:ee:55:f3:9c:e4:69:e0:
         94:e5:60:33:4f:ea:bd:b2:7d:d7:46:83:96:06:b8:9e:73:02:
         7b:d8:49:3a:4d:95:f2:d9:ee:88:06:c7:d7:69:1f:08:1d:39:
         2a:cb:12:bb:05:bc:6e:e5:55:92:bd:c7:b8:18:21:d2:8f:d4:
         fa:4b:f1:df:9b:60:38:32:d0:a4:10:be:eb:91:cc:43:51:25:
         15:4d:86:9c:c0:09:f4:85:08:fa:cc:12:e8:f3:c8:b8:c7:dd:
         5d:f2:ab:21:ea:3d:be:43:d4:e3:f8:41:f0:27:d1:6f:cb:60:
         4f:e5:26:48:0c:d5:64:10:ab:4e:cc:3a:a9:47:16:ad:93:d5:
         7a:cf:c7:bd:ca:2b:fa:44:9c:bb:8b:ef:4a:96:3d:58:33:2b:
         b8:7e:10:e7:f6:53:72:07:9c:27:e3:0a:17:0a:7b:22:d9:85:
         83:db:30:c9:81:c2:a9:da:8a:41:18:44:8e:ec:88:66:6b:5a:
         c3:11:67:3a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbyDpSpP4SpyK//I9yWLhHNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzE4MDAxMTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmEzY2U0OTk4YjYxNWU3NjdkOWIwYTJiODM2NzllOTc4YmYxYzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhCNPjCpkgAWTZxwapoyrXtk/QI9
kdXHbFA1ZBp6MPq5OlQsIhUZ1UTGVnhMkj6+GdNDklRO6edpb1dYM083pwkFIR1y
mfeWaKw2e8y7s7hM3AON8AhKJAsswSLjma+7JcUCNuoHMchWWq5lQ+k7ioqW0baY
4qQRZo8P1nbfj/fNA3HinrzVCIxarWXIA6yC26cG8Gd+FhBqktXIIXIXBgQHOMjX
nA61myW/IO/AhYfNunjAs1zRurKR2COA9XMMog1HFdr0tbe4xEVxDMAuVezUD/h8
I5NPpCkTLa/fJlOJY8JYeuuCeQgp5CuVSYSjBe6XjQaOkNsinDkV+VoisQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBKjzkmYthXnZ9mworg2eel4vxxMMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvRXFQT1NaaTJGZWRuMmJDaXVEWjU2WGlfSEV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGbw42J33SiXGxvGN/KD
FElY41jcYVPYJzRd1zj6I2gxTKwWwBU4/6Afy0dKbQ3rzW/j7mDG/Tg1QE5bh0TP
gis/7lXznORp4JTlYDNP6r2yfddGg5YGuJ5zAnvYSTpNlfLZ7ogGx9dpHwgdOSrL
ErsFvG7lVZK9x7gYIdKP1PpL8d+bYDgy0KQQvuuRzENRJRVNhpzACfSFCPrMEujz
yLjH3V3yqyHqPb5D1OP4QfAn0W/LYE/lJkgM1WQQq07MOqlHFq2T1XrPx73KK/pE
nLuL70qWPVgzK7h+EOf2U3IHnCfjChcKeyLZhYPbMMmBwqnaikEYRI7siGZrWsMR
Zzo=
-----END CERTIFICATE-----