Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/RMq72wzPZm9In0hVcLP8WNaXmLs.roa
File:                     RMq72wzPZm9In0hVcLP8WNaXmLs.roa (raw, json)
Hash identifier:          C7UzvIDWiMfb0ArrYn8XSXPXB+2EXL5Vv5g76JfQ4zY=
Subject key identifier:   44:CA:BB:DB:0C:CF:66:6F:48:9F:48:55:70:B3:FC:58:D6:97:98:BB
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01881127041CD47C12E0EB48242EC658BCEC
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/RMq72wzPZm9In0hVcLP8WNaXmLs.roa
Signing time:             Fri 12 May 2023 18:09:09 +0000
ROA not before:           Fri 12 May 2023 18:09:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:11:27:04:1c:d4:7c:12:e0:eb:48:24:2e:c6:58:bc:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 12 18:09:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=44cabbdb0ccf666f489f485570b3fc58d69798bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:c3:ac:2f:79:8d:3a:93:77:b9:6e:1e:e0:a9:
                    01:a6:e0:74:53:e6:c5:ea:5d:b6:08:f5:1b:86:91:
                    83:26:c0:f0:5d:1c:e2:56:a1:16:9e:4d:2b:1b:8b:
                    bb:20:59:3b:1f:4f:fa:ee:0e:5e:49:42:53:0b:c2:
                    c9:47:51:2a:f0:be:b9:1f:aa:93:82:fb:5f:eb:47:
                    44:9e:e8:5c:69:ed:8f:47:14:eb:09:22:f2:54:36:
                    09:06:43:a7:b2:86:c3:c2:b5:33:bd:44:9a:40:51:
                    af:c1:8c:69:fc:d1:52:d9:aa:c7:3b:23:0d:e6:cf:
                    3e:c9:92:9f:b7:a0:cb:35:7e:f4:52:d7:24:22:1a:
                    3d:f9:63:46:51:d0:37:3a:97:fd:32:e5:8d:a2:82:
                    32:e8:7b:a4:01:42:f3:4f:79:68:8a:6b:ce:f7:b0:
                    45:47:6e:bd:15:2d:dd:d7:37:0e:f7:f1:4d:9c:f6:
                    ef:9e:bf:7f:63:ec:a8:c2:b8:ed:18:56:ad:fa:81:
                    e4:d4:91:5f:50:83:28:d6:12:63:13:35:c2:48:1e:
                    0a:a5:94:d9:30:7e:5c:70:72:48:c3:2c:5f:5f:de:
                    c7:e7:53:58:98:92:67:a0:a0:91:e2:1d:82:03:33:
                    c5:94:6b:49:3a:8c:d4:dd:0d:8a:eb:e2:fe:da:a4:
                    8c:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:CA:BB:DB:0C:CF:66:6F:48:9F:48:55:70:B3:FC:58:D6:97:98:BB
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/RMq72wzPZm9In0hVcLP8WNaXmLs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         76:79:b1:74:b1:9e:f7:2f:0d:01:85:82:00:99:37:b5:6f:a5:
         73:04:3a:c8:07:34:50:6a:6d:88:d9:7b:82:71:26:0a:48:cc:
         e0:e8:e9:d8:1e:ae:a1:94:37:d3:76:c3:e6:bc:ab:2f:a3:33:
         de:99:89:e4:a3:58:36:84:f5:14:5e:9f:07:67:10:18:8d:ff:
         2e:ce:f9:b7:ef:fc:39:9f:8a:30:64:1b:4f:8e:df:07:a4:85:
         65:cf:da:c0:d3:69:c3:69:24:62:84:54:a6:71:0c:fe:37:85:
         33:5f:01:6c:ec:ee:bf:f6:b2:17:a8:ce:17:04:4d:fd:de:89:
         c8:36:65:89:f1:2f:ee:56:7a:9c:a5:22:8d:76:66:4f:5a:02:
         47:c8:40:77:82:b9:ae:6f:87:22:55:bd:5e:32:49:62:80:ac:
         59:5b:c4:82:27:fd:00:1f:73:9e:81:c6:25:70:18:0c:af:11:
         3f:c0:0f:2c:43:aa:d2:e1:e2:e9:88:3d:56:9c:ed:c1:e8:10:
         f1:33:c8:6f:a5:20:84:6d:56:05:86:69:33:41:73:90:37:68:
         b9:60:6e:6a:a7:76:a8:c4:02:b0:5f:ed:e1:75:95:9c:1e:56:
         90:e7:da:28:32:1d:ac:26:b1:b8:04:82:10:b0:99:ed:6b:1f:
         5c:63:3e:68
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgRJwQc1HwS4OtIJC7GWLzsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTEyMTgwOTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGNhYmJkYjBjY2Y2NjZmNDg5ZjQ4NTU3MGIzZmM1OGQ2OTc5OGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk8OsL3mNOpN3uW4e4KkBpuB0U+bF
6l22CPUbhpGDJsDwXRziVqEWnk0rG4u7IFk7H0/67g5eSUJTC8LJR1Eq8L65H6qT
gvtf60dEnuhcae2PRxTrCSLyVDYJBkOnsobDwrUzvUSaQFGvwYxp/NFS2arHOyMN
5s8+yZKft6DLNX70UtckIho9+WNGUdA3Opf9MuWNooIy6HukAULzT3loimvO97BF
R269FS3d1zcO9/FNnPbvnr9/Y+yowrjtGFat+oHk1JFfUIMo1hJjEzXCSB4KpZTZ
MH5ccHJIwyxfX97H51NYmJJnoKCR4h2CAzPFlGtJOozU3Q2K6+L+2qSMqwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFETKu9sMz2ZvSJ9IVXCz/FjWl5i7MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUk1xNzJ3elBabTlJbjBoVmNMUDhXTmFYbUxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHZ5sXSxnvcvDQGFggCZ
N7VvpXMEOsgHNFBqbYjZe4JxJgpIzODo6dgerqGUN9N2w+a8qy+jM96ZieSjWDaE
9RRenwdnEBiN/y7O+bfv/DmfijBkG0+O3wekhWXP2sDTacNpJGKEVKZxDP43hTNf
AWzs7r/2sheozhcETf3eicg2ZYnxL+5WepylIo12Zk9aAkfIQHeCua5vhyJVvV4y
SWKArFlbxIIn/QAfc56BxiVwGAyvET/ADyxDqtLh4umIPVac7cHoEPEzyG+lIIRt
VgWGaTNBc5A3aLlgbmqndqjEArBf7eF1lZweVpDn2igyHawmsbgEghCwme1rH1xj
Pmg=
-----END CERTIFICATE-----