Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QW2evhAiXBqKZSAB_w6Qi4aKFvU.roa
File:                     QW2evhAiXBqKZSAB_w6Qi4aKFvU.roa (raw, json)
Hash identifier:          oCCWNrW9caqn1uccjEKO+h3de3kQa4QgxBvlHKx/Ou0=
Subject key identifier:   41:6D:9E:BE:10:22:5C:1A:8A:65:20:01:FF:0E:90:8B:86:8A:16:F5
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018948BCFAC8B83BCF8263FEDD211BB49E46
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QW2evhAiXBqKZSAB_w6Qi4aKFvU.roa
Signing time:             Wed 12 Jul 2023 06:14:51 +0000
ROA not before:           Wed 12 Jul 2023 06:14:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:48:bc:fa:c8:b8:3b:cf:82:63:fe:dd:21:1b:b4:9e:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 12 06:14:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=416d9ebe10225c1a8a652001ff0e908b868a16f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:9a:ac:24:89:5a:f5:83:62:8d:7a:83:a9:c9:
                    c0:08:f1:38:04:6f:cc:f1:8a:17:d1:66:88:e2:1b:
                    ff:46:dc:e3:1e:78:04:52:79:10:1c:9c:1f:57:95:
                    81:cb:af:52:62:c0:46:28:10:bb:73:6e:6d:26:1f:
                    38:2c:f1:a2:61:1b:b7:69:86:5b:d4:79:db:47:0b:
                    60:f8:50:9c:aa:28:ad:0e:d4:dc:d8:69:be:d2:ae:
                    30:67:25:74:c1:4b:b7:c8:0d:08:38:fe:e8:80:ae:
                    14:b4:46:0e:60:70:2e:3a:d5:bc:22:b6:97:4f:f9:
                    48:21:25:e4:bb:d4:fe:01:fb:9c:b7:78:b2:5f:1d:
                    40:a5:ec:d1:4b:38:73:11:64:cb:2f:7d:63:eb:be:
                    0a:17:e1:ca:11:45:66:72:54:73:6d:c5:7b:91:af:
                    b0:63:05:60:b3:3e:31:01:f2:8e:48:2b:09:ef:7d:
                    68:f4:e1:e4:8f:44:c5:4a:56:6c:5d:73:99:be:ea:
                    21:8f:92:76:68:2c:20:e6:b2:5a:49:60:2e:fe:8b:
                    94:10:f4:b1:83:f1:d2:f8:d5:3b:30:7b:2f:30:72:
                    83:35:74:de:a2:ae:7d:dc:76:12:b5:1e:18:4c:42:
                    09:97:f2:ff:9d:e3:67:88:28:ca:c7:8a:83:d3:10:
                    5c:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:6D:9E:BE:10:22:5C:1A:8A:65:20:01:FF:0E:90:8B:86:8A:16:F5
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QW2evhAiXBqKZSAB_w6Qi4aKFvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         3f:8a:c5:05:e4:c2:cb:08:52:87:b9:d0:e5:c3:bc:92:04:89:
         be:d0:e7:be:36:0c:26:b3:78:00:1b:f8:9c:e1:cc:11:0d:09:
         8f:bf:3d:50:2d:8b:83:5c:ef:c2:c5:f4:59:5c:d8:29:32:a7:
         40:54:b9:07:a7:1b:a9:37:58:22:bb:6e:d5:62:40:ca:d3:6a:
         93:c9:8e:61:83:f1:e7:be:f4:b9:90:cb:ad:7d:41:93:dc:58:
         3b:05:cf:14:90:3c:15:03:cd:92:9c:5c:ce:af:f3:76:61:bf:
         d2:d1:34:36:5e:4b:eb:88:b6:d4:d1:ac:02:29:f2:55:01:46:
         7f:e4:e1:9d:09:8f:1f:40:a0:3f:7b:76:8a:72:1a:1d:2e:17:
         bc:8d:80:3d:b7:a8:34:76:54:60:44:a3:a7:42:ea:13:e7:4b:
         05:a3:4b:c2:90:91:ad:f3:43:2a:a8:cd:1e:25:c8:3f:31:27:
         a3:32:8f:3f:d2:90:8a:7f:1f:24:43:d5:15:7d:bc:c0:53:45:
         63:7e:bb:c9:0d:e9:f6:e6:84:b2:58:b5:a1:4d:0e:27:7e:86:
         25:f6:bc:8d:10:5b:53:cb:0c:ab:29:21:39:5d:6e:e4:32:a6:
         b9:0c:50:7d:5c:93:c0:f8:05:58:29:5e:0e:7b:4b:2e:68:22:
         e8:5d:e1:85
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlIvPrIuDvPgmP+3SEbtJ5GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzEyMDYxNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTZkOWViZTEwMjI1YzFhOGE2NTIwMDFmZjBlOTA4Yjg2OGExNmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhJqsJIla9YNijXqDqcnACPE4BG/M
8YoX0WaI4hv/RtzjHngEUnkQHJwfV5WBy69SYsBGKBC7c25tJh84LPGiYRu3aYZb
1HnbRwtg+FCcqiitDtTc2Gm+0q4wZyV0wUu3yA0IOP7ogK4UtEYOYHAuOtW8IraX
T/lIISXku9T+Afuct3iyXx1ApezRSzhzEWTLL31j674KF+HKEUVmclRzbcV7ka+w
YwVgsz4xAfKOSCsJ731o9OHkj0TFSlZsXXOZvuohj5J2aCwg5rJaSWAu/ouUEPSx
g/HS+NU7MHsvMHKDNXTeoq593HYStR4YTEIJl/L/neNniCjKx4qD0xBccwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEFtnr4QIlwaimUgAf8OkIuGihb1MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUVcyZXZoQWlYQnFLWlNBQl93NlFpNGFLRnZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAD+KxQXkwssIUoe50OXD
vJIEib7Q5742DCazeAAb+JzhzBENCY+/PVAti4Nc78LF9Flc2Ckyp0BUuQenG6k3
WCK7btViQMrTapPJjmGD8ee+9LmQy619QZPcWDsFzxSQPBUDzZKcXM6v83Zhv9LR
NDZeS+uIttTRrAIp8lUBRn/k4Z0Jjx9AoD97dopyGh0uF7yNgD23qDR2VGBEo6dC
6hPnSwWjS8KQka3zQyqozR4lyD8xJ6Myjz/SkIp/HyRD1RV9vMBTRWN+u8kN6fbm
hLJYtaFNDid+hiX2vI0QW1PLDKspITldbuQyprkMUH1ck8D4BVgpXg57Sy5oIuhd
4YU=
-----END CERTIFICATE-----