Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/TQoUOoAdBqxyqxlW8I0ExFpmgVw.roa
File:                     TQoUOoAdBqxyqxlW8I0ExFpmgVw.roa (raw, json)
Hash identifier:          ZAgKzUSSEQDjXnOhAy3chWyccdkc48lcGxL7YieNBXE=
Subject key identifier:   4D:0A:14:3A:80:1D:06:AC:72:AB:19:56:F0:8D:04:C4:5A:66:81:5C
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01884A76936A55F689E4A21CCBEF60416B60
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/TQoUOoAdBqxyqxlW8I0ExFpmgVw.roa
Signing time:             Tue 23 May 2023 21:14:24 +0000
ROA not before:           Tue 23 May 2023 21:14:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:4a:76:93:6a:55:f6:89:e4:a2:1c:cb:ef:60:41:6b:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 23 21:14:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4d0a143a801d06ac72ab1956f08d04c45a66815c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:9f:2f:f7:43:8a:d5:14:b1:08:af:84:65:38:
                    50:ff:3b:ce:d8:fc:87:73:fa:cb:b9:f6:a0:c4:b0:
                    2d:2f:7d:24:69:a2:0d:23:fa:e2:65:d8:f2:cf:b3:
                    36:36:30:4e:21:4f:0d:33:78:13:66:21:db:7a:32:
                    c6:ed:5c:13:e0:ad:7e:8f:7c:53:1a:7b:3c:aa:10:
                    f5:2a:88:66:4c:f4:8d:18:cf:e6:b7:e0:51:1c:4d:
                    5e:35:28:9a:05:9c:a8:b2:e1:9f:71:90:5c:d8:a4:
                    ae:df:35:b2:68:67:95:70:e1:78:7a:38:45:11:49:
                    4c:c0:9a:3d:a9:02:0c:69:4f:22:72:e5:35:58:ac:
                    d6:26:14:9a:72:cd:b0:97:19:7b:44:4b:95:cf:91:
                    b6:14:b2:8c:37:7f:c6:68:0d:ba:25:bf:9d:4b:be:
                    2c:b7:0b:91:bb:5b:4e:74:1b:39:1b:49:ca:a9:39:
                    a6:14:20:8f:0d:ee:fb:d8:05:55:72:90:59:f4:bd:
                    57:ab:b9:6a:fe:3d:8f:28:4e:d9:2a:9c:7a:15:45:
                    0c:ae:42:a0:bc:91:4e:d4:05:79:c9:9c:76:0b:ab:
                    b0:7a:1d:aa:d9:09:ba:e3:2d:da:02:05:fa:3d:db:
                    46:db:cd:3a:b0:bd:69:d9:79:6b:fa:77:02:5f:7f:
                    b5:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:0A:14:3A:80:1D:06:AC:72:AB:19:56:F0:8D:04:C4:5A:66:81:5C
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/TQoUOoAdBqxyqxlW8I0ExFpmgVw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:ba:21:4a:f9:94:f8:be:38:f3:a5:6d:c4:f8:a8:a5:64:a5:
         78:cc:ce:ee:00:41:6d:ed:36:7a:a8:5d:35:b3:84:b2:18:b4:
         80:63:65:82:64:ac:fc:d8:7b:20:72:ba:fc:6e:d7:b6:79:08:
         09:d0:1f:e1:36:26:35:ae:08:46:b7:99:69:0f:d1:90:76:69:
         21:08:64:2e:5d:ff:4f:6c:88:57:32:92:be:af:52:1b:c4:8c:
         14:82:80:7d:b1:a1:76:f2:a2:e2:b3:a3:c0:2e:62:0d:24:15:
         34:78:4c:88:af:73:e8:66:20:06:0d:49:0c:57:d6:08:06:a1:
         15:68:58:6b:97:b9:12:4e:e6:1a:14:27:7c:92:64:75:4e:36:
         6c:6d:d3:6d:ad:f5:9b:90:4a:02:83:a5:00:bc:a0:1e:39:c4:
         e1:a9:2f:5c:45:5b:32:de:78:05:a0:3a:6f:ec:b2:89:f0:1c:
         e1:ee:06:8d:d0:20:39:ec:b3:13:1f:68:50:6d:4f:76:61:5a:
         17:95:b2:f9:ce:10:bc:97:f1:a3:bd:c2:38:a7:5f:08:3d:08:
         32:97:72:10:06:d7:b7:69:aa:53:36:c6:a8:fc:2c:66:96:8a:
         78:cd:bc:ea:fd:ee:64:fa:a8:5d:75:5f:3c:54:12:21:6d:ee:
         85:9c:4a:dd
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhKdpNqVfaJ5KIcy+9gQWtgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTIzMjExNDI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDBhMTQzYTgwMWQwNmFjNzJhYjE5NTZmMDhkMDRjNDVhNjY4MTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxJ8v90OK1RSxCK+EZThQ/zvO2PyH
c/rLufagxLAtL30kaaINI/riZdjyz7M2NjBOIU8NM3gTZiHbejLG7VwT4K1+j3xT
Gns8qhD1KohmTPSNGM/mt+BRHE1eNSiaBZyosuGfcZBc2KSu3zWyaGeVcOF4ejhF
EUlMwJo9qQIMaU8icuU1WKzWJhSacs2wlxl7REuVz5G2FLKMN3/GaA26Jb+dS74s
twuRu1tOdBs5G0nKqTmmFCCPDe772AVVcpBZ9L1Xq7lq/j2PKE7ZKpx6FUUMrkKg
vJFO1AV5yZx2C6uweh2q2Qm64y3aAgX6PdtG2806sL1p2Xlr+ncCX3+1/wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFE0KFDqAHQascqsZVvCNBMRaZoFcMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvVFFvVU9vQWRCcXh5cXhsVzhJMEV4RnBtZ1Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABq6IUr5lPi+OPOlbcT4
qKVkpXjMzu4AQW3tNnqoXTWzhLIYtIBjZYJkrPzYeyByuvxu17Z5CAnQH+E2JjWu
CEa3mWkP0ZB2aSEIZC5d/09siFcykr6vUhvEjBSCgH2xoXbyouKzo8AuYg0kFTR4
TIivc+hmIAYNSQxX1ggGoRVoWGuXuRJO5hoUJ3ySZHVONmxt022t9ZuQSgKDpQC8
oB45xOGpL1xFWzLeeAWgOm/ssonwHOHuBo3QIDnssxMfaFBtT3ZhWheVsvnOELyX
8aO9wjinXwg9CDKXchAG17dpqlM2xqj8LGaWinjNvOr97mT6qF11XzxUEiFt7oWc
St0=
-----END CERTIFICATE-----