Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/VqN3t8aGyvDhTrTh8YUWxzKZK5A.roa
File:                     VqN3t8aGyvDhTrTh8YUWxzKZK5A.roa (raw, json)
Hash identifier:          AZqlgs22RGP2RyuxDS9QVGXh0rKWxK2JFa0P8ko0P10=
Subject key identifier:   56:A3:77:B7:C6:86:CA:F0:E1:4E:B4:E1:F1:85:16:C7:32:99:2B:90
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01885ED395AFE866C1B2DFC1B641889C9248
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/VqN3t8aGyvDhTrTh8YUWxzKZK5A.roa
Signing time:             Sat 27 May 2023 20:08:24 +0000
ROA not before:           Sat 27 May 2023 20:08:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:5e:d3:95:af:e8:66:c1:b2:df:c1:b6:41:88:9c:92:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 27 20:08:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=56a377b7c686caf0e14eb4e1f18516c732992b90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:ac:d6:39:f0:3f:7c:5a:ee:1f:ae:9d:14:d8:
                    d6:51:a3:7e:e4:f5:42:88:6b:67:64:5b:b5:77:df:
                    84:01:77:7a:1e:96:eb:68:2c:f6:5c:0c:8c:a8:33:
                    a9:ab:67:6f:cf:f3:3c:b2:28:29:42:3f:77:56:12:
                    35:57:af:b3:61:04:42:6b:14:6b:22:46:63:a3:f4:
                    2c:3c:3b:69:9b:34:10:17:6f:44:2c:a0:b3:cf:6c:
                    52:82:3f:61:90:73:e7:7f:b1:f5:a7:db:fe:b5:62:
                    2e:05:1c:4a:2e:b0:4d:4f:16:62:5f:8b:a3:d1:b8:
                    69:a5:3f:78:c3:74:a4:fb:bc:ac:76:6a:9d:f8:8f:
                    91:5c:5a:8f:0b:63:a6:4b:83:e8:86:f9:3e:77:c3:
                    39:7d:40:48:d2:91:50:fc:8b:e8:ca:93:a9:87:03:
                    93:f6:b8:84:32:f7:e6:b4:dd:1c:81:6e:e2:55:1a:
                    71:9e:8a:e9:4a:ef:9c:fc:6f:6c:b8:b5:57:27:c2:
                    d1:2f:b3:f4:97:03:91:83:4b:ff:ad:a5:7b:72:75:
                    0b:7c:03:8f:e1:71:44:5b:05:3e:49:62:41:48:26:
                    30:37:60:e2:56:3d:28:05:53:5c:65:7f:75:e5:24:
                    48:7e:d7:b8:cf:ea:fc:25:f8:c3:aa:f8:c9:75:23:
                    5a:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:A3:77:B7:C6:86:CA:F0:E1:4E:B4:E1:F1:85:16:C7:32:99:2B:90
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/VqN3t8aGyvDhTrTh8YUWxzKZK5A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         6c:83:73:d1:13:c5:70:a6:e2:fc:19:24:16:96:aa:e0:08:dc:
         05:60:31:c3:c4:c0:d6:9d:26:35:58:6b:47:64:46:4d:a0:7c:
         3c:ee:15:89:4c:fc:26:73:7b:c8:5c:ab:4b:53:88:de:04:7d:
         99:d4:29:bb:15:83:a3:48:54:a2:b0:a3:6f:55:b9:ac:75:ee:
         87:15:5e:3b:11:1f:17:b1:2f:7e:0c:90:04:94:29:c3:8b:b5:
         1c:2d:dd:90:51:16:39:6f:72:ff:78:60:74:eb:5b:d0:db:0b:
         f5:bd:fb:8b:f0:ac:36:9f:6f:bf:76:fa:ea:a3:ec:6c:aa:91:
         ef:d5:e9:05:fa:4a:a1:d2:1b:4f:1c:88:9c:9b:c0:0a:15:de:
         8c:fb:61:b6:86:2b:62:b0:01:46:a0:f2:86:fe:5b:f3:04:be:
         95:bc:0f:f2:9e:05:6a:f1:1f:86:38:56:24:e8:6d:bb:34:eb:
         a0:4d:8c:d1:71:ca:6a:48:b9:1f:29:80:bc:96:f2:7f:d4:33:
         e3:8b:f3:f2:63:4f:41:c4:19:6b:38:ec:72:32:66:65:ac:55:
         86:db:db:6f:4d:bb:a5:08:c8:ce:43:a3:e5:d5:f2:04:fd:2a:
         2a:00:30:1d:49:4d:d3:28:ba:ac:77:36:9e:4f:fc:7c:c5:46:
         d8:7e:e6:2d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhe05Wv6GbBst/BtkGInJJIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTI3MjAwODI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmEzNzdiN2M2ODZjYWYwZTE0ZWI0ZTFmMTg1MTZjNzMyOTkyYjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhKzWOfA/fFruH66dFNjWUaN+5PVC
iGtnZFu1d9+EAXd6HpbraCz2XAyMqDOpq2dvz/M8sigpQj93VhI1V6+zYQRCaxRr
IkZjo/QsPDtpmzQQF29ELKCzz2xSgj9hkHPnf7H1p9v+tWIuBRxKLrBNTxZiX4uj
0bhppT94w3Sk+7ysdmqd+I+RXFqPC2OmS4Pohvk+d8M5fUBI0pFQ/IvoypOphwOT
9riEMvfmtN0cgW7iVRpxnorpSu+c/G9suLVXJ8LRL7P0lwORg0v/raV7cnULfAOP
4XFEWwU+SWJBSCYwN2DiVj0oBVNcZX915SRIfte4z+r8JfjDqvjJdSNagQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFajd7fGhsrw4U604fGFFscymSuQMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvVnFOM3Q4YUd5dkRoVHJUaDhZVVd4ektaSzVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGyDc9ETxXCm4vwZJBaW
quAI3AVgMcPEwNadJjVYa0dkRk2gfDzuFYlM/CZze8hcq0tTiN4EfZnUKbsVg6NI
VKKwo29Vuax17ocVXjsRHxexL34MkASUKcOLtRwt3ZBRFjlvcv94YHTrW9DbC/W9
+4vwrDafb792+uqj7Gyqke/V6QX6SqHSG08ciJybwAoV3oz7YbaGK2KwAUag8ob+
W/MEvpW8D/KeBWrxH4Y4ViTobbs066BNjNFxympIuR8pgLyW8n/UM+OL8/JjT0HE
GWs47HIyZmWsVYbb229Nu6UIyM5Do+XV8gT9KioAMB1JTdMouqx3Np5P/HzFRth+
5i0=
-----END CERTIFICATE-----