Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QrvRDqCOOvjSiN9Gobq4nej1lP8.roa
File:                     QrvRDqCOOvjSiN9Gobq4nej1lP8.roa (raw, json)
Hash identifier:          raoHto4HwADUbtHXMTK3PoloahNi3X15sSrBYPbChz4=
Subject key identifier:   42:BB:D1:0E:A0:8E:3A:F8:D2:88:DF:46:A1:BA:B8:9D:E8:F5:94:FF
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188771021CF164669C86BE5FA3D4E0FFBAC
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QrvRDqCOOvjSiN9Gobq4nej1lP8.roa
Signing time:             Thu 01 Jun 2023 13:05:25 +0000
ROA not before:           Thu 01 Jun 2023 13:05:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:188:770f:28a9/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:77:10:21:cf:16:46:69:c8:6b:e5:fa:3d:4e:0f:fb:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  1 13:05:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=42bbd10ea08e3af8d288df46a1bab89de8f594ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:2f:cb:d6:47:2b:42:2a:b4:a7:00:e7:eb:3d:
                    78:b7:da:6e:fc:c8:7a:2d:74:65:9c:20:08:d3:3f:
                    08:9b:bd:0c:dc:3a:f3:0f:a6:bc:73:65:fe:ae:a2:
                    43:ce:e6:5d:cd:1a:4b:00:ef:08:6c:1b:0a:53:f1:
                    49:8b:a9:3b:e7:cc:fb:e9:51:f9:b5:b4:b4:7a:93:
                    ab:39:1e:27:15:00:eb:03:83:8f:da:3b:56:7d:58:
                    6d:ed:68:71:a4:18:87:ab:e6:18:fd:b8:b0:d6:02:
                    06:f8:b4:92:43:89:79:fd:c3:14:37:b4:d6:d2:1d:
                    22:d3:70:65:48:21:77:60:f1:1c:0c:f5:3d:bf:f7:
                    d1:8f:4f:c0:03:88:57:17:18:7b:83:01:96:f7:e8:
                    fc:92:fa:2d:e6:f8:2e:8b:a5:e5:ac:d6:47:fc:ef:
                    a9:72:9d:cd:3a:b5:33:25:20:c2:79:06:71:53:fb:
                    e7:c3:8f:7a:1b:98:ff:69:b6:49:04:29:67:ef:42:
                    2b:5b:f5:8e:c8:ba:31:65:4d:47:90:68:57:22:e0:
                    35:ee:aa:42:0b:57:58:bf:20:54:bf:cc:99:89:80:
                    47:20:28:d0:79:be:42:bd:63:a7:e6:b2:8d:d2:e2:
                    6d:3b:a6:f3:a5:fe:0b:a7:c0:45:50:8b:b9:a8:82:
                    23:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:BB:D1:0E:A0:8E:3A:F8:D2:88:DF:46:A1:BA:B8:9D:E8:F5:94:FF
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QrvRDqCOOvjSiN9Gobq4nej1lP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         b2:56:c5:88:e3:8e:ab:a6:f2:4a:fe:cb:16:6c:32:61:c2:06:
         b6:a3:65:e4:06:23:bb:56:33:1e:bb:00:3b:23:d4:04:74:ee:
         31:f4:36:db:33:6b:55:2b:a7:ab:b9:e3:56:fc:f7:ae:87:97:
         35:d1:bc:bb:9f:64:70:9f:a8:2c:36:73:87:7b:45:86:51:ce:
         17:02:8a:eb:26:ca:5d:ef:66:55:ae:a9:71:1f:93:1d:02:5b:
         83:cd:11:11:13:90:16:2f:43:d0:27:35:bb:88:3e:bd:f4:88:
         c1:fd:d9:0e:60:59:24:09:c7:e4:63:e2:b9:cf:8e:2a:ff:3f:
         a4:64:8a:dc:b3:eb:be:c0:c5:38:f5:9b:40:db:02:6c:c6:a3:
         d7:30:8c:8d:9d:8b:ac:ce:23:dc:0d:7b:83:aa:07:68:2c:b2:
         78:b5:0e:7f:a5:c1:b4:64:ce:42:fe:2e:de:e2:0c:37:52:34:
         3c:13:1b:44:1e:81:a5:a2:55:b1:aa:25:97:95:45:bf:a0:b8:
         94:db:68:7b:f3:6b:8c:9c:6c:d6:d4:01:eb:a4:0a:bc:56:3d:
         d3:d4:66:46:12:be:64:ac:e2:a8:ef:92:17:b6:2e:a2:2b:8a:
         c5:c7:6b:4b:27:cf:d9:0f:a2:f7:eb:a5:67:d8:41:e7:68:be:
         8b:fc:7c:7b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYh3ECHPFkZpyGvl+j1OD/usMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjAxMTMwNTI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmJiZDEwZWEwOGUzYWY4ZDI4OGRmNDZhMWJhYjg5ZGU4ZjU5NGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjC/L1kcrQiq0pwDn6z14t9pu/Mh6
LXRlnCAI0z8Im70M3DrzD6a8c2X+rqJDzuZdzRpLAO8IbBsKU/FJi6k758z76VH5
tbS0epOrOR4nFQDrA4OP2jtWfVht7WhxpBiHq+YY/biw1gIG+LSSQ4l5/cMUN7TW
0h0i03BlSCF3YPEcDPU9v/fRj0/AA4hXFxh7gwGW9+j8kvot5vgui6XlrNZH/O+p
cp3NOrUzJSDCeQZxU/vnw496G5j/abZJBCln70IrW/WOyLoxZU1HkGhXIuA17qpC
C1dYvyBUv8yZiYBHICjQeb5CvWOn5rKN0uJtO6bzpf4Lp8BFUIu5qIIj1wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEK70Q6gjjr40ojfRqG6uJ3o9ZT/MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUXJ2UkRxQ09PdmpTaU45R29icTRuZWoxbFA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBALJWxYjjjqum8kr+yxZs
MmHCBrajZeQGI7tWMx67ADsj1AR07jH0Ntsza1Urp6u541b8966HlzXRvLufZHCf
qCw2c4d7RYZRzhcCiusmyl3vZlWuqXEfkx0CW4PNERETkBYvQ9AnNbuIPr30iMH9
2Q5gWSQJx+Rj4rnPjir/P6Rkityz677AxTj1m0DbAmzGo9cwjI2di6zOI9wNe4Oq
B2gssni1Dn+lwbRkzkL+Lt7iDDdSNDwTG0QegaWiVbGqJZeVRb+guJTbaHvza4yc
bNbUAeukCrxWPdPUZkYSvmSs4qjvkhe2LqIrisXHa0snz9kPovfrpWfYQedovov8
fHs=
-----END CERTIFICATE-----