Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/RnSqsGS44yEefny296NwnOlSTwk.roa
File:                     RnSqsGS44yEefny296NwnOlSTwk.roa (raw, json)
Hash identifier:          xJrtDuC9nmYb4ZTQdqXndh3nZxe9k0WcZXz8yacXgYw=
Subject key identifier:   46:74:AA:B0:64:B8:E3:21:1E:7E:7C:B6:F7:A3:70:9C:E9:52:4F:09
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018751852B57187E751EE17E782E12BA343B
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/RnSqsGS44yEefny296NwnOlSTwk.roa
Signing time:             Wed 05 Apr 2023 13:04:54 +0000
ROA not before:           Wed 05 Apr 2023 13:04:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:187:5184:b6b6/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:51:85:2b:57:18:7e:75:1e:e1:7e:78:2e:12:ba:34:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  5 13:04:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4674aab064b8e3211e7e7cb6f7a3709ce9524f09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:9c:2a:7f:7e:b8:8c:d8:b8:e9:8b:e6:7f:1d:
                    fa:d9:d1:7e:e3:76:62:23:0e:8f:90:b4:31:c9:7f:
                    52:28:56:50:08:0a:da:b7:4d:90:94:b0:5c:f9:3c:
                    f5:99:97:31:97:98:08:3e:c5:68:28:91:32:66:2d:
                    8a:66:65:8f:af:98:23:41:75:27:a8:48:80:20:38:
                    61:aa:48:3b:f8:b2:99:f4:96:b8:d3:33:43:cd:fb:
                    df:69:59:bd:cb:19:f1:40:09:17:78:23:7f:3b:93:
                    c5:4e:2c:df:67:76:90:b7:95:de:cf:4d:40:ba:09:
                    ae:88:5b:c2:f0:e3:8d:10:a3:02:19:95:d7:f0:6c:
                    f2:37:dc:1f:67:db:ca:a2:c1:51:ae:c5:a2:ff:09:
                    1a:a7:30:e0:8e:6d:1b:11:be:f3:5b:b6:a2:5e:d4:
                    50:f9:14:43:6f:79:ab:5d:e5:29:41:54:a7:a0:b2:
                    55:24:bd:1e:e6:35:5d:4c:06:d0:3d:e1:36:7e:c4:
                    b9:52:e5:d1:94:3f:de:d4:f2:72:b6:5f:c0:30:7b:
                    36:85:f2:5a:eb:bc:b5:0c:d8:76:d9:94:a7:6f:73:
                    14:c5:f5:33:24:92:7a:01:0a:1d:28:59:a0:bb:f3:
                    e6:dd:93:c8:5c:f3:42:66:8c:68:a7:e1:c4:56:dc:
                    70:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:74:AA:B0:64:B8:E3:21:1E:7E:7C:B6:F7:A3:70:9C:E9:52:4F:09
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/RnSqsGS44yEefny296NwnOlSTwk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         00:81:24:48:c8:8e:9e:03:32:cf:4f:02:c1:00:67:54:d5:78:
         80:56:0a:c3:4f:d3:e4:f6:6f:fd:04:14:d6:1b:06:8b:0d:15:
         cf:89:b2:95:3f:b8:82:9b:cd:d9:60:ed:d8:95:fc:39:66:8c:
         5e:42:eb:a9:c0:e3:06:7b:4d:ad:0c:fd:13:df:7b:5f:5d:40:
         72:c6:bd:bd:54:82:bb:6b:49:ac:12:8d:3c:77:3c:f7:75:90:
         b5:fe:6a:ff:e4:92:d5:2a:82:6d:cd:98:c5:5f:db:16:3b:70:
         41:78:78:dc:c3:22:16:43:6f:3f:6e:a0:9d:d2:92:f4:c1:8a:
         95:4a:dc:b3:8b:80:52:39:e6:be:59:c3:67:96:ef:81:fe:b0:
         0d:4d:f4:6f:26:b0:9a:b8:8c:75:ba:02:21:22:45:53:6d:bb:
         43:f4:b9:1c:73:59:fd:c2:22:75:c6:7b:92:70:52:58:93:b3:
         38:d7:9f:1a:74:0d:d2:68:9b:c9:c4:5d:eb:d6:f0:bb:87:9f:
         22:0c:ec:c3:cb:82:13:04:8e:bb:0d:90:c6:ec:79:b6:61:05:
         77:2b:07:05:6e:76:94:d6:de:56:6c:1c:06:95:bd:2c:66:e7:
         e9:0f:50:91:f3:1a:5a:0a:92:ba:63:79:61:05:b8:d8:78:b0:
         50:8a:97:f2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdRhStXGH51HuF+eC4SujQ7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDA1MTMwNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Njc0YWFiMDY0YjhlMzIxMWU3ZTdjYjZmN2EzNzA5Y2U5NTI0ZjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhZwqf364jNi46Yvmfx362dF+43Zi
Iw6PkLQxyX9SKFZQCArat02QlLBc+Tz1mZcxl5gIPsVoKJEyZi2KZmWPr5gjQXUn
qEiAIDhhqkg7+LKZ9Ja40zNDzfvfaVm9yxnxQAkXeCN/O5PFTizfZ3aQt5Xez01A
ugmuiFvC8OONEKMCGZXX8GzyN9wfZ9vKosFRrsWi/wkapzDgjm0bEb7zW7aiXtRQ
+RRDb3mrXeUpQVSnoLJVJL0e5jVdTAbQPeE2fsS5UuXRlD/e1PJytl/AMHs2hfJa
67y1DNh22ZSnb3MUxfUzJJJ6AQodKFmgu/Pm3ZPIXPNCZoxop+HEVtxwIQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEZ0qrBkuOMhHn58tvejcJzpUk8JMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUm5TcXNHUzQ0eUVlZm55Mjk2TnduT2xTVHdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAACBJEjIjp4DMs9PAsEA
Z1TVeIBWCsNP0+T2b/0EFNYbBosNFc+JspU/uIKbzdlg7diV/DlmjF5C66nA4wZ7
Ta0M/RPfe19dQHLGvb1UgrtrSawSjTx3PPd1kLX+av/kktUqgm3NmMVf2xY7cEF4
eNzDIhZDbz9uoJ3SkvTBipVK3LOLgFI55r5Zw2eW74H+sA1N9G8msJq4jHW6AiEi
RVNtu0P0uRxzWf3CInXGe5JwUliTszjXnxp0DdJom8nEXevW8LuHnyIM7MPLghME
jrsNkMbsebZhBXcrBwVudpTW3lZsHAaVvSxm5+kPUJHzGloKkrpjeWEFuNh4sFCK
l/I=
-----END CERTIFICATE-----