Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/RRQXiDSIA4EnT7E4S_xzJh7nu0Q.roa
File:                     RRQXiDSIA4EnT7E4S_xzJh7nu0Q.roa (raw, json)
Hash identifier:          YUt5phZ1d01Rrt2z3PfdpjUIG8h64j60uyRch3shU8Q=
Subject key identifier:   45:14:17:88:34:88:03:81:27:4F:B1:38:4B:FC:73:26:1E:E7:BB:44
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018986F4F21A9B929CB845529EF41D484C28
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/RRQXiDSIA4EnT7E4S_xzJh7nu0Q.roa
Signing time:             Mon 24 Jul 2023 08:12:26 +0000
ROA not before:           Mon 24 Jul 2023 08:12:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:86:f4:f2:1a:9b:92:9c:b8:45:52:9e:f4:1d:48:4c:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 24 08:12:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4514178834880381274fb1384bfc73261ee7bb44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:5e:ba:a2:fc:96:8c:c9:65:37:8d:c9:86:c2:
                    57:0d:36:20:31:0f:27:57:b4:d0:37:07:4b:24:89:
                    74:11:cc:c1:56:5f:e8:41:5f:4e:6f:93:67:23:c7:
                    1e:50:44:d1:f2:d9:aa:24:01:96:61:04:95:0c:cc:
                    1f:8c:9f:20:07:3f:67:64:b3:a4:67:25:0f:5d:5a:
                    1c:87:7b:81:8c:d2:33:c6:d1:4b:ad:94:56:12:4e:
                    6d:18:ef:22:1e:01:f7:b0:c8:65:7c:61:55:ec:22:
                    ed:b0:e0:87:c9:d8:e7:68:92:d1:e7:68:4d:e7:23:
                    59:ad:4d:d4:fe:01:76:e2:13:ad:e5:e8:41:a7:02:
                    bc:08:e2:23:95:3c:d5:e5:4c:1a:2f:5d:8c:ec:8c:
                    6c:f8:aa:b9:97:7a:61:0d:8f:dc:b1:3e:33:e8:58:
                    d2:3a:5c:29:42:2c:fb:97:0c:52:51:77:7a:85:34:
                    c3:13:28:06:5d:48:c3:d9:8f:d1:00:6d:08:cf:4f:
                    83:bb:fe:9d:15:dc:d3:96:42:26:95:ae:0d:ec:48:
                    30:c9:c9:9e:83:5e:98:47:5e:e6:c2:f0:f3:2e:7f:
                    0a:2c:80:97:2b:9f:8b:db:6a:cc:f1:14:ce:28:56:
                    e0:34:df:a4:12:43:19:57:65:fb:dc:d7:89:de:b9:
                    9f:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:14:17:88:34:88:03:81:27:4F:B1:38:4B:FC:73:26:1E:E7:BB:44
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/RRQXiDSIA4EnT7E4S_xzJh7nu0Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a2:30:4d:ff:2c:0e:a5:a2:88:d0:22:e6:50:a3:2c:d6:f8:98:
         9c:d5:b9:70:fc:cf:75:43:34:14:0b:55:aa:5c:04:93:64:15:
         d2:46:1a:bb:e1:ea:4c:e9:0e:23:d5:07:67:e8:11:45:79:90:
         41:29:84:86:93:ff:c0:9b:72:0a:6e:d3:8b:8b:5a:15:f7:f5:
         d4:09:64:9d:a2:d7:ec:69:9c:84:b4:24:0f:06:2d:9b:8a:bd:
         f1:98:1c:fd:41:b0:b1:6b:45:d8:2a:4a:93:14:db:fe:de:f7:
         9e:c7:e0:47:69:f7:d8:52:c7:7a:d0:87:6b:36:52:bd:5c:3c:
         30:11:e2:73:42:b8:ae:5c:23:57:84:1e:4d:fd:4e:dc:10:08:
         70:6c:c6:d5:88:9a:87:33:f5:b1:db:01:2c:d1:8f:59:58:a7:
         4a:f4:60:8b:23:3e:56:64:48:6b:a6:28:09:ec:cd:15:39:e9:
         50:3f:68:01:82:f0:d1:9b:3f:cc:2e:07:ef:ba:88:d6:6c:bf:
         6e:e2:3d:e9:69:fe:ff:0f:47:4b:5f:cc:01:d4:b0:42:45:c2:
         fc:c2:90:51:b4:11:4d:b7:e7:bd:ef:63:ce:55:70:13:d0:1d:
         7f:c8:29:7d:8c:20:07:0f:27:0b:19:0a:e6:42:d3:34:e0:5a:
         2e:88:db:cd
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYmG9PIam5KcuEVSnvQdSEwoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzI0MDgxMjI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTE0MTc4ODM0ODgwMzgxMjc0ZmIxMzg0YmZjNzMyNjFlZTdiYjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4F66ovyWjMllN43JhsJXDTYgMQ8n
V7TQNwdLJIl0EczBVl/oQV9Ob5NnI8ceUETR8tmqJAGWYQSVDMwfjJ8gBz9nZLOk
ZyUPXVoch3uBjNIzxtFLrZRWEk5tGO8iHgH3sMhlfGFV7CLtsOCHydjnaJLR52hN
5yNZrU3U/gF24hOt5ehBpwK8COIjlTzV5UwaL12M7Ixs+Kq5l3phDY/csT4z6FjS
OlwpQiz7lwxSUXd6hTTDEygGXUjD2Y/RAG0Iz0+Du/6dFdzTlkImla4N7Egwycme
g16YR17mwvDzLn8KLICXK5+L22rM8RTOKFbgNN+kEkMZV2X73NeJ3rmfcwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEUUF4g0iAOBJ0+xOEv8cyYe57tEMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUlJRWGlEU0lBNEVuVDdFNFNfeHpKaDdudTBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKIwTf8sDqWiiNAi5lCj
LNb4mJzVuXD8z3VDNBQLVapcBJNkFdJGGrvh6kzpDiPVB2foEUV5kEEphIaT/8Cb
cgpu04uLWhX39dQJZJ2i1+xpnIS0JA8GLZuKvfGYHP1BsLFrRdgqSpMU2/7e957H
4Edp99hSx3rQh2s2Ur1cPDAR4nNCuK5cI1eEHk39TtwQCHBsxtWImocz9bHbASzR
j1lYp0r0YIsjPlZkSGumKAnszRU56VA/aAGC8NGbP8wuB++6iNZsv27iPelp/v8P
R0tfzAHUsEJFwvzCkFG0EU23573vY85VcBPQHX/IKX2MIAcPJwsZCuZC0zTgWi6I
280=
-----END CERTIFICATE-----