Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QZkGY1DttiLZUVVqyaL2sTsA0gM.roa
File:                     QZkGY1DttiLZUVVqyaL2sTsA0gM.roa (raw, json)
Hash identifier:          v853ddjenUPYz6Kheh/3SiG2Mct9kiaDLvlEM3+1yRI=
Subject key identifier:   41:99:06:63:50:ED:B6:22:D9:51:55:6A:C9:A2:F6:B1:3B:00:D2:03
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187A3B85E1F244D180E469741365DF06574
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QZkGY1DttiLZUVVqyaL2sTsA0gM.roa
Signing time:             Fri 21 Apr 2023 12:09:41 +0000
ROA not before:           Fri 21 Apr 2023 12:09:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:a3:b8:5e:1f:24:4d:18:0e:46:97:41:36:5d:f0:65:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 21 12:09:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4199066350edb622d951556ac9a2f6b13b00d203
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:23:b9:84:13:8f:ee:47:69:ce:9e:0e:25:bf:
                    6d:a7:20:be:de:78:6f:6d:83:f8:02:73:c0:9d:65:
                    2e:f8:d8:ef:d6:35:20:63:eb:41:db:2a:65:b4:98:
                    3c:e8:dd:d0:75:8f:68:fa:7c:05:b9:b3:84:fc:de:
                    28:3f:bd:d8:c2:61:b8:ba:45:91:57:e2:c1:2b:74:
                    d4:43:a1:df:67:9a:9a:3a:98:a1:ef:89:fc:95:4c:
                    22:4a:d6:c2:11:a8:1e:1e:58:25:f1:e8:91:30:c6:
                    87:32:d2:ec:22:c7:1e:51:c3:9f:ab:c1:a9:d2:46:
                    82:0d:27:2b:af:75:a6:02:b1:54:69:df:f3:d6:c9:
                    43:bd:9f:80:8a:3c:29:4f:b6:78:0e:5d:d2:2a:af:
                    d5:60:e9:e7:97:f1:83:47:c8:b8:c9:21:22:5c:de:
                    e0:dd:af:33:7e:5d:03:53:bf:78:ab:6f:8b:7d:44:
                    8e:9a:10:73:03:50:f0:b8:08:f0:c3:2c:e8:08:7e:
                    a8:31:90:bb:0d:9a:b0:8e:1c:4e:b2:70:f7:95:7a:
                    f8:d4:91:fb:4a:15:d2:22:d5:eb:bc:7e:4d:42:75:
                    df:5b:a4:72:22:2d:2d:03:b5:95:34:75:ed:56:37:
                    e7:7b:a2:fb:09:d1:db:10:20:0f:16:2b:6d:f7:05:
                    eb:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:99:06:63:50:ED:B6:22:D9:51:55:6A:C9:A2:F6:B1:3B:00:D2:03
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QZkGY1DttiLZUVVqyaL2sTsA0gM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:0a:ac:0e:96:51:c9:ce:d8:aa:c7:2c:7c:74:09:58:a8:85:
         0b:17:fa:6d:24:a7:ee:80:62:85:df:4f:6f:17:f8:d9:64:e0:
         8d:63:89:26:31:04:c5:88:29:03:fe:fd:2a:24:9c:0d:9b:66:
         24:4d:4d:b6:68:30:d4:43:47:28:9e:aa:4e:45:e5:44:88:d7:
         24:23:99:9c:82:26:0f:dc:1c:4c:2e:46:33:d8:91:54:df:49:
         27:59:ac:64:37:e0:bd:f3:ed:bb:45:a7:44:7d:62:02:7d:6d:
         2e:08:26:bd:0a:fc:69:dc:c8:b2:6f:9a:22:3b:eb:f3:88:95:
         06:de:a7:88:f3:2f:55:93:b8:d8:df:f6:75:60:d1:c1:84:7a:
         53:51:f7:0f:97:54:b1:87:01:6f:20:8d:6f:68:cf:e9:d1:ed:
         a7:fd:cd:28:ae:34:40:1d:5a:ca:0e:9e:ba:2c:57:7b:ff:7e:
         8a:0c:81:d3:c0:8a:69:68:c8:c2:f9:67:ee:0b:37:ad:ec:fe:
         55:89:e7:db:17:3a:d6:3c:92:e3:88:e5:a7:2c:90:2f:ad:62:
         b5:f4:93:01:31:24:b3:11:8c:b5:ac:9e:14:91:51:9a:ec:84:
         fe:3b:6b:25:8b:f5:8f:1d:6a:2c:92:91:5e:c6:8c:36:49:d7:
         d4:3d:84:33
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYejuF4fJE0YDkaXQTZd8GV0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDIxMTIwOTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTk5MDY2MzUwZWRiNjIyZDk1MTU1NmFjOWEyZjZiMTNiMDBkMjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyCO5hBOP7kdpzp4OJb9tpyC+3nhv
bYP4AnPAnWUu+Njv1jUgY+tB2ypltJg86N3QdY9o+nwFubOE/N4oP73YwmG4ukWR
V+LBK3TUQ6HfZ5qaOpih74n8lUwiStbCEageHlgl8eiRMMaHMtLsIsceUcOfq8Gp
0kaCDScrr3WmArFUad/z1slDvZ+AijwpT7Z4Dl3SKq/VYOnnl/GDR8i4ySEiXN7g
3a8zfl0DU794q2+LfUSOmhBzA1DwuAjwwyzoCH6oMZC7DZqwjhxOsnD3lXr41JH7
ShXSItXrvH5NQnXfW6RyIi0tA7WVNHXtVjfne6L7CdHbECAPFitt9wXr6wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEGZBmNQ7bYi2VFVasmi9rE7ANIDMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUVprR1kxRHR0aUxaVVZWcXlhTDJzVHNBMGdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFEKrA6WUcnO2KrHLHx0
CViohQsX+m0kp+6AYoXfT28X+Nlk4I1jiSYxBMWIKQP+/SoknA2bZiRNTbZoMNRD
Ryieqk5F5USI1yQjmZyCJg/cHEwuRjPYkVTfSSdZrGQ34L3z7btFp0R9YgJ9bS4I
Jr0K/GncyLJvmiI76/OIlQbep4jzL1WTuNjf9nVg0cGEelNR9w+XVLGHAW8gjW9o
z+nR7af9zSiuNEAdWsoOnrosV3v/fooMgdPAimloyML5Z+4LN63s/lWJ59sXOtY8
kuOI5acskC+tYrX0kwExJLMRjLWsnhSRUZrshP47ayWL9Y8daiySkV7GjDZJ19Q9
hDM=
-----END CERTIFICATE-----