Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/MEQFy5-LtYcnmxgtAT5Q6Scjb1Q.roa
File:                     MEQFy5-LtYcnmxgtAT5Q6Scjb1Q.roa (raw, json)
Hash identifier:          fWcp6BAHrmwiIMS92uDr1PE4z0UNfpHLXoOXEd+KtEw=
Subject key identifier:   30:44:05:CB:9F:8B:B5:87:27:9B:18:2D:01:3E:50:E9:27:23:6F:54
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188D5B53D75ED9AAE3515E91E6ACEE97B53
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/MEQFy5-LtYcnmxgtAT5Q6Scjb1Q.roa
Signing time:             Mon 19 Jun 2023 22:10:04 +0000
ROA not before:           Mon 19 Jun 2023 22:10:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:d5:b5:3d:75:ed:9a:ae:35:15:e9:1e:6a:ce:e9:7b:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 19 22:10:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=304405cb9f8bb587279b182d013e50e927236f54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:1f:83:2d:bd:60:41:8e:bb:7a:f1:4c:20:82:
                    39:6c:45:28:b3:b1:f9:70:1f:dd:13:17:b3:a3:91:
                    d8:34:9b:07:a1:68:3f:5a:a9:bd:d1:aa:9e:ad:19:
                    7d:4b:68:81:37:69:a2:fc:eb:a1:fb:40:7c:0d:73:
                    b7:c8:a0:6f:1a:3f:48:0c:41:d4:29:02:3e:e6:ff:
                    57:81:6b:68:f3:e4:83:df:f5:b9:13:44:72:d2:bf:
                    ca:0f:9a:25:e2:91:61:1c:31:b6:46:19:3a:1d:70:
                    10:ce:ff:ef:28:e5:49:09:45:bf:38:13:21:25:43:
                    70:4c:6c:ad:53:c5:88:6e:ee:64:cb:79:b1:64:a9:
                    8e:62:d5:e5:c2:f2:1e:7f:e5:57:03:ad:bc:a4:3f:
                    35:50:da:47:f7:6e:53:85:57:e4:7f:bd:df:ec:c6:
                    b2:b1:ba:9c:e7:89:5a:fc:d9:e7:ba:0e:1d:92:ba:
                    b6:4a:cb:c5:48:fc:1a:8a:05:ca:80:87:88:33:cb:
                    79:c4:9f:f2:fd:99:bf:21:72:c7:d2:97:d6:34:46:
                    36:de:e7:d8:4e:8c:4c:43:34:c2:29:59:a2:69:76:
                    46:51:13:02:cb:30:0f:8e:f6:06:ff:38:6e:b3:d6:
                    5e:33:12:fb:c6:0c:77:72:38:27:c3:56:81:11:8c:
                    06:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:44:05:CB:9F:8B:B5:87:27:9B:18:2D:01:3E:50:E9:27:23:6F:54
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/MEQFy5-LtYcnmxgtAT5Q6Scjb1Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a2:62:67:23:04:c8:be:ea:ff:c2:e1:95:f8:c8:b6:09:20:0f:
         a0:fc:26:01:31:98:0b:ff:2e:fe:c4:a0:52:38:c8:84:2f:ee:
         cc:12:2f:1e:58:2c:90:24:53:a1:ab:71:29:9a:6a:06:7a:d4:
         61:6c:07:53:d1:07:6e:88:8e:23:fd:b0:0c:b9:f7:83:69:59:
         3c:4a:51:66:b3:b0:1a:50:39:ad:a3:62:8d:33:fe:01:22:e0:
         f5:da:fa:fd:be:6f:f6:27:84:34:c7:ed:f0:0f:67:33:fa:d3:
         72:c0:26:3a:9d:10:90:2f:bd:49:49:b7:0f:01:a1:a5:20:58:
         bf:ff:47:50:dd:98:71:26:82:9b:77:2e:91:e8:eb:e2:b5:47:
         f1:46:39:16:29:3c:b0:1a:23:10:6a:cc:b7:80:06:54:17:88:
         93:31:00:88:19:8b:f1:18:af:cd:28:01:22:4b:5e:4a:c3:b1:
         4c:e4:17:15:75:09:f8:5b:59:53:04:63:ed:aa:73:93:b2:9f:
         a9:b7:2f:e7:7f:66:86:c7:ab:ab:fd:34:c5:de:83:45:82:c0:
         40:ad:88:ba:c1:0c:74:bc:23:c1:1f:b5:8d:7f:d7:e7:b7:13:
         9e:eb:ef:5a:db:60:df:b4:1f:21:0b:94:aa:7e:97:11:f6:e8:
         e8:17:f2:b3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYjVtT117ZquNRXpHmrO6XtTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjE5MjIxMDA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDQ0MDVjYjlmOGJiNTg3Mjc5YjE4MmQwMTNlNTBlOTI3MjM2ZjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh+DLb1gQY67evFMIII5bEUos7H5
cB/dExezo5HYNJsHoWg/Wqm90aqerRl9S2iBN2mi/Ouh+0B8DXO3yKBvGj9IDEHU
KQI+5v9XgWto8+SD3/W5E0Ry0r/KD5ol4pFhHDG2Rhk6HXAQzv/vKOVJCUW/OBMh
JUNwTGytU8WIbu5ky3mxZKmOYtXlwvIef+VXA628pD81UNpH925ThVfkf73f7May
sbqc54la/Nnnug4dkrq2SsvFSPwaigXKgIeIM8t5xJ/y/Zm/IXLH0pfWNEY23ufY
ToxMQzTCKVmiaXZGURMCyzAPjvYG/zhus9ZeMxL7xgx3cjgnw1aBEYwGPwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDBEBcufi7WHJ5sYLQE+UOknI29UMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvTUVRRnk1LUx0WWNubXhndEFUNVE2U2NqYjFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKJiZyMEyL7q/8LhlfjI
tgkgD6D8JgExmAv/Lv7EoFI4yIQv7swSLx5YLJAkU6GrcSmaagZ61GFsB1PRB26I
jiP9sAy594NpWTxKUWazsBpQOa2jYo0z/gEi4PXa+v2+b/YnhDTH7fAPZzP603LA
JjqdEJAvvUlJtw8BoaUgWL//R1DdmHEmgpt3LpHo6+K1R/FGORYpPLAaIxBqzLeA
BlQXiJMxAIgZi/EYr80oASJLXkrDsUzkFxV1CfhbWVMEY+2qc5Oyn6m3L+d/ZobH
q6v9NMXeg0WCwECtiLrBDHS8I8EftY1/1+e3E57r71rbYN+0HyELlKp+lxH26OgX
8rM=
-----END CERTIFICATE-----