Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Q-mELPRCyIZCX360ekzezrGeqwE.roa
File:                     Q-mELPRCyIZCX360ekzezrGeqwE.roa (raw, json)
Hash identifier:          pky9q8g9FNk9Li+HVcS/4FCe3n2n+fpIMjxGvHsxvGM=
Subject key identifier:   43:E9:84:2C:F4:42:C8:86:42:5F:7E:B4:7A:4C:DE:CE:B1:9E:AB:01
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01876ADB7E1519FA6DF46FC11413A6AB2F45
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Q-mELPRCyIZCX360ekzezrGeqwE.roa
Signing time:             Mon 10 Apr 2023 11:09:42 +0000
ROA not before:           Mon 10 Apr 2023 11:09:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:6a:db:7e:15:19:fa:6d:f4:6f:c1:14:13:a6:ab:2f:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 10 11:09:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=43e9842cf442c886425f7eb47a4cdeceb19eab01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:6c:52:79:dc:f2:9e:07:06:46:b7:82:43:ca:
                    98:90:5e:2b:c5:c7:92:ec:0a:40:1a:18:02:94:2e:
                    e4:84:fd:5b:1d:be:d3:e8:ad:35:5c:b3:3e:f9:07:
                    ef:81:37:c5:b2:8c:c3:00:46:e9:b1:99:38:e9:57:
                    8b:00:8e:20:62:06:a8:a6:30:4f:9b:62:9a:ae:a1:
                    a2:ab:7e:af:64:ea:30:d2:f2:ab:9e:b1:e6:94:5e:
                    ca:98:d4:90:81:1e:22:03:02:c9:fd:3b:3b:90:a0:
                    dc:d9:37:60:61:92:f1:60:72:c8:64:f1:16:85:21:
                    65:5c:10:a4:fa:64:74:8b:a8:84:14:62:18:62:4e:
                    7d:4a:38:83:13:b5:15:fb:bc:7f:55:66:0b:bd:56:
                    9b:ee:c2:96:28:5e:ff:47:14:2f:2a:47:6b:5e:92:
                    5c:c5:0d:86:fe:80:54:05:c8:5f:07:4e:11:42:e5:
                    b4:09:24:6d:f8:30:bd:79:e8:0c:fb:9c:e3:46:07:
                    92:53:67:7e:98:7a:3a:f9:fb:49:8a:97:7a:4f:a5:
                    2e:76:1e:a2:1e:42:48:a9:d2:6e:8e:7f:1d:aa:ea:
                    6f:11:5b:00:bb:5b:31:4c:c5:d8:aa:5d:16:7d:39:
                    53:03:70:b1:f2:01:58:3c:55:20:32:c4:76:9d:dc:
                    a9:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:E9:84:2C:F4:42:C8:86:42:5F:7E:B4:7A:4C:DE:CE:B1:9E:AB:01
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Q-mELPRCyIZCX360ekzezrGeqwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         82:7f:cb:4d:a1:20:24:36:c4:50:dd:8c:96:76:17:a3:d1:22:
         0a:42:cc:cf:02:53:b1:f7:07:b6:2b:ac:79:a3:f7:c0:ce:20:
         00:fa:92:9f:db:8e:4d:9e:16:05:43:ff:0d:cc:b1:19:74:e0:
         16:2d:96:3e:b6:27:0c:87:ae:4e:63:15:d3:7c:e1:c1:b7:86:
         d8:c3:b5:98:95:d8:62:17:ed:d5:3d:56:a9:43:1b:fd:b5:3c:
         66:dc:d9:60:eb:99:22:31:e5:b2:bb:2e:87:76:58:b5:0d:46:
         15:13:e6:35:ab:d2:7b:39:a3:8f:15:ef:0d:a5:e1:df:3b:85:
         e3:77:dc:ce:a1:ad:45:ff:ad:2c:9a:03:66:7a:12:66:dd:38:
         8f:63:31:67:3f:d0:ec:35:a0:84:ed:93:5d:65:d0:06:61:82:
         79:f1:03:d1:f7:8c:2d:f9:9c:f3:53:94:cb:4a:e5:71:30:e7:
         49:48:53:15:ac:6f:f2:01:47:dd:3b:7a:8e:f8:89:8c:68:c2:
         d8:ea:45:d5:e9:9d:36:2a:bc:7e:b0:1b:4e:c5:a3:e6:ca:6e:
         17:24:08:dc:e0:4b:fd:5c:74:e7:72:9b:d5:15:c7:e6:e0:5b:
         3b:98:fb:be:c7:db:6e:1c:34:92:81:e6:ba:d2:65:8c:a8:02:
         15:47:7f:4c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdq234VGfpt9G/BFBOmqy9FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDEwMTEwOTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2U5ODQyY2Y0NDJjODg2NDI1ZjdlYjQ3YTRjZGVjZWIxOWVhYjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGxSedzyngcGRreCQ8qYkF4rxceS
7ApAGhgClC7khP1bHb7T6K01XLM++QfvgTfFsozDAEbpsZk46VeLAI4gYgaopjBP
m2KarqGiq36vZOow0vKrnrHmlF7KmNSQgR4iAwLJ/Ts7kKDc2TdgYZLxYHLIZPEW
hSFlXBCk+mR0i6iEFGIYYk59SjiDE7UV+7x/VWYLvVab7sKWKF7/RxQvKkdrXpJc
xQ2G/oBUBchfB04RQuW0CSRt+DC9eegM+5zjRgeSU2d+mHo6+ftJipd6T6Uudh6i
HkJIqdJujn8dqupvEVsAu1sxTMXYql0WfTlTA3Cx8gFYPFUgMsR2ndypHwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEPphCz0QsiGQl9+tHpM3s6xnqsBMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUS1tRUxQUkN5SVpDWDM2MGVremV6ckdlcXdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIJ/y02hICQ2xFDdjJZ2
F6PRIgpCzM8CU7H3B7YrrHmj98DOIAD6kp/bjk2eFgVD/w3MsRl04BYtlj62JwyH
rk5jFdN84cG3htjDtZiV2GIX7dU9VqlDG/21PGbc2WDrmSIx5bK7Lod2WLUNRhUT
5jWr0ns5o48V7w2l4d87heN33M6hrUX/rSyaA2Z6EmbdOI9jMWc/0Ow1oITtk11l
0AZhgnnxA9H3jC35nPNTlMtK5XEw50lIUxWsb/IBR907eo74iYxowtjqRdXpnTYq
vH6wG07Fo+bKbhckCNzgS/1cdOdym9UVx+bgWzuY+77H224cNJKB5rrSZYyoAhVH
f0w=
-----END CERTIFICATE-----