Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/MQPCGyQ-ClUtEElALyKP5AiJCus.roa
File:                     MQPCGyQ-ClUtEElALyKP5AiJCus.roa (raw, json)
Hash identifier:          /SF32Y08Fqb/KR1eGxUrVwMsOTyx67jxzO9HcSIJMNo=
Subject key identifier:   31:03:C2:1B:24:3E:0A:55:2D:10:49:40:2F:22:8F:E4:08:89:0A:EB
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01877F3E02B1CB604C0F90343EF925EE4D62
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/MQPCGyQ-ClUtEElALyKP5AiJCus.roa
Signing time:             Fri 14 Apr 2023 10:09:42 +0000
ROA not before:           Fri 14 Apr 2023 10:09:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:7f:3e:02:b1:cb:60:4c:0f:90:34:3e:f9:25:ee:4d:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 14 10:09:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3103c21b243e0a552d1049402f228fe408890aeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:6f:24:54:7c:8c:83:72:2c:a2:f4:fd:9d:8f:
                    4f:93:24:48:c1:f3:fa:38:a5:ce:bd:93:5f:91:96:
                    a7:01:78:cb:9f:de:f8:2a:41:a2:92:7e:2c:29:7e:
                    c5:b9:60:2b:b6:da:d7:84:ac:3d:b2:2b:0b:89:b0:
                    79:01:a2:83:c1:af:46:34:61:b1:3c:77:07:a3:52:
                    e8:53:8c:b4:ca:4b:aa:0b:d1:69:9d:42:29:a8:c5:
                    0b:31:db:8d:84:df:6c:b6:cb:a4:7c:40:aa:0d:5a:
                    46:1b:b7:d1:d1:1c:87:71:b4:82:5a:24:0c:4d:db:
                    b2:1c:68:fd:e8:8e:5d:93:7f:16:d1:4c:e9:f7:80:
                    47:e1:97:c7:15:fd:35:7b:23:b4:5e:f3:b3:f9:38:
                    0c:87:09:e4:c4:fb:7a:e3:45:6f:b5:7f:ea:29:a3:
                    55:81:e1:62:f2:d5:41:ff:20:c2:28:a6:9c:f2:10:
                    1e:e1:66:60:7e:04:ef:e4:83:a4:65:86:68:d6:e4:
                    3e:01:9e:e1:ca:a7:a3:aa:bb:d8:97:14:8d:38:ac:
                    47:b1:6a:f8:6c:6d:ac:9e:ef:c3:ed:58:bb:e7:ea:
                    2b:b3:1b:42:62:09:63:5e:c9:32:08:df:28:5c:89:
                    98:62:57:1d:ca:01:89:e4:e6:32:80:11:4f:0e:5c:
                    8d:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:03:C2:1B:24:3E:0A:55:2D:10:49:40:2F:22:8F:E4:08:89:0A:EB
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/MQPCGyQ-ClUtEElALyKP5AiJCus.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a1:3c:6c:23:dd:4f:3f:c5:59:2c:19:40:96:0c:c7:e2:07:fa:
         02:8a:da:31:18:bc:1d:58:24:05:33:46:fb:2e:2d:a2:fc:f8:
         b0:a8:d8:0d:9f:7a:fc:a8:87:a4:46:fe:a6:dc:2a:7c:1c:b2:
         b1:ea:f1:6d:f6:d8:c9:9a:b8:4c:8e:c1:93:25:ff:7a:58:59:
         9a:19:67:9e:6d:aa:be:85:80:d7:f4:82:54:9b:07:6d:aa:7b:
         39:cd:38:6a:30:e4:5b:d0:59:d8:c6:c5:bc:e9:d1:50:fd:f2:
         69:69:9f:04:3d:ba:5d:cc:e8:e0:b6:2c:ae:04:78:92:1b:4e:
         aa:ce:1f:70:49:43:14:cb:e2:93:8a:62:a4:7b:b5:29:21:f7:
         fa:c6:46:c1:a9:98:ec:b3:2b:2f:68:66:d3:65:52:7c:62:9d:
         97:02:9b:53:cd:0a:b9:35:d4:5a:d8:94:82:0c:f0:a4:38:d6:
         e0:c1:9b:d9:e8:22:f1:be:ee:33:3b:f0:b4:a8:8d:c5:b2:90:
         38:db:96:9a:fa:d8:b6:c5:0d:52:36:a8:6e:2a:e9:d6:9d:ab:
         e5:6a:bc:8a:27:44:00:0f:99:09:ec:a7:d9:06:5a:8d:c0:fd:
         51:de:5f:82:e7:a4:40:a5:5a:cb:d4:b6:78:5e:03:dc:78:d7:
         fd:77:92:10
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYd/PgKxy2BMD5A0Pvkl7k1iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDE0MTAwOTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTAzYzIxYjI0M2UwYTU1MmQxMDQ5NDAyZjIyOGZlNDA4ODkwYWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw28kVHyMg3IsovT9nY9PkyRIwfP6
OKXOvZNfkZanAXjLn974KkGikn4sKX7FuWArttrXhKw9sisLibB5AaKDwa9GNGGx
PHcHo1LoU4y0ykuqC9FpnUIpqMULMduNhN9stsukfECqDVpGG7fR0RyHcbSCWiQM
TduyHGj96I5dk38W0Uzp94BH4ZfHFf01eyO0XvOz+TgMhwnkxPt640VvtX/qKaNV
geFi8tVB/yDCKKac8hAe4WZgfgTv5IOkZYZo1uQ+AZ7hyqejqrvYlxSNOKxHsWr4
bG2snu/D7Vi75+orsxtCYgljXskyCN8oXImYYlcdygGJ5OYygBFPDlyNNwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDEDwhskPgpVLRBJQC8ij+QIiQrrMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvTVFQQ0d5US1DbFV0RUVsQUx5S1A1QWlKQ3VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKE8bCPdTz/FWSwZQJYM
x+IH+gKK2jEYvB1YJAUzRvsuLaL8+LCo2A2fevyoh6RG/qbcKnwcsrHq8W322Mma
uEyOwZMl/3pYWZoZZ55tqr6FgNf0glSbB22qeznNOGow5FvQWdjGxbzp0VD98mlp
nwQ9ul3M6OC2LK4EeJIbTqrOH3BJQxTL4pOKYqR7tSkh9/rGRsGpmOyzKy9oZtNl
UnxinZcCm1PNCrk11FrYlIIM8KQ41uDBm9noIvG+7jM78LSojcWykDjblpr62LbF
DVI2qG4q6dadq+VqvIonRAAPmQnsp9kGWo3A/VHeX4LnpEClWsvUtnheA9x41/13
khA=
-----END CERTIFICATE-----