Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/bsQ7TQMOd9UndEvPM4a9_NbQHiA.roa
File:                     bsQ7TQMOd9UndEvPM4a9_NbQHiA.roa (raw, json)
Hash identifier:          CGxtoJyOZtligWaEc6Gqf2x1IvYFzflnj0MsbJwkNY0=
Subject key identifier:   6E:C4:3B:4D:03:0E:77:D5:27:74:4B:CF:33:86:BD:FC:D6:D0:1E:20
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187B3994FC3CBECD37CDAFBADF3277B2487
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/bsQ7TQMOd9UndEvPM4a9_NbQHiA.roa
Signing time:             Mon 24 Apr 2023 14:09:41 +0000
ROA not before:           Mon 24 Apr 2023 14:09:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:b3:99:4f:c3:cb:ec:d3:7c:da:fb:ad:f3:27:7b:24:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 24 14:09:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6ec43b4d030e77d527744bcf3386bdfcd6d01e20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:c3:ba:79:e1:a3:88:45:44:ba:7d:f9:2e:ec:
                    ad:64:48:d4:86:7e:7f:c9:8c:cb:c4:bf:2d:0d:e8:
                    98:04:aa:83:c9:ed:90:bc:b3:9d:64:b8:c6:b5:94:
                    7f:bf:78:ae:3a:0a:5f:bf:f7:2c:8f:e0:a4:3f:c6:
                    5c:dd:54:11:d1:c3:ab:ac:63:54:65:f8:05:47:ae:
                    7a:92:e2:52:7f:d1:f5:6b:c2:72:77:85:36:b1:e9:
                    23:fc:58:9f:1f:82:7a:66:28:3e:e2:24:42:91:52:
                    9b:e4:70:93:c8:fe:be:af:15:c1:83:5f:12:cb:b6:
                    3e:df:3a:07:b9:8e:32:f9:95:bc:37:71:10:7c:8e:
                    b5:41:09:a6:cc:1c:72:76:34:ee:0b:0b:f6:99:df:
                    3d:75:bb:d9:5e:06:bd:7c:a8:c4:db:27:f6:85:e1:
                    2f:6f:96:a1:d7:d0:60:b7:db:9a:b1:72:e1:78:c1:
                    3e:2d:62:ae:76:15:22:e3:10:89:82:c9:e0:a6:38:
                    cb:04:fc:b7:ec:1d:a8:2e:4e:bd:4f:02:d4:30:94:
                    99:81:2e:58:9f:a8:60:7d:f0:c7:68:a5:fd:3b:04:
                    d6:9c:54:da:8a:de:43:90:19:8a:23:35:b0:8c:b6:
                    54:d4:ec:c7:78:37:b3:11:4e:7e:1a:27:b6:c4:6d:
                    ab:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:C4:3B:4D:03:0E:77:D5:27:74:4B:CF:33:86:BD:FC:D6:D0:1E:20
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/bsQ7TQMOd9UndEvPM4a9_NbQHiA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         7e:bc:f5:ef:fb:57:50:d4:b8:38:ea:07:2b:d1:35:fa:56:cc:
         89:79:17:d7:38:2f:94:61:b3:8f:f8:72:a1:80:a5:11:9b:bc:
         8c:d0:2d:45:bd:eb:ef:49:22:8e:67:1d:6f:aa:31:de:de:63:
         ba:44:81:1b:0a:2d:6d:61:e7:b0:17:c5:d1:7c:ff:ae:88:4c:
         88:d0:77:e2:2f:9f:79:99:ca:f9:5b:91:dc:01:4c:30:af:eb:
         70:bf:80:6c:35:ba:23:d8:0a:a3:68:9f:c9:dc:08:ef:c1:79:
         7f:ee:bf:11:7a:aa:93:47:84:ca:e5:80:11:ee:05:65:2d:37:
         d0:cd:78:7a:ed:76:f7:1d:31:37:7c:ca:a1:01:b4:30:b5:e9:
         87:8b:e5:3b:c5:9e:48:00:6b:64:8f:4f:34:12:a1:c6:4f:8c:
         29:bb:1f:18:3c:f9:d5:72:73:37:89:20:f7:ee:53:17:b9:9f:
         ac:e4:00:36:2d:0c:b5:f6:be:ba:d7:64:7d:cd:2b:c5:eb:59:
         fe:97:7f:68:69:81:b5:33:08:36:6b:6e:0a:d4:d8:0e:d1:93:
         6d:cf:08:54:a7:6e:49:b0:cd:87:33:e0:cd:c8:99:3d:5f:6e:
         e9:94:c2:e9:15:66:94:f1:43:7a:7d:89:0d:52:d8:a1:d5:a1:
         bc:b2:6f:97
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYezmU/Dy+zTfNr7rfMneySHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDI0MTQwOTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWM0M2I0ZDAzMGU3N2Q1Mjc3NDRiY2YzMzg2YmRmY2Q2ZDAxZTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj8O6eeGjiEVEun35LuytZEjUhn5/
yYzLxL8tDeiYBKqDye2QvLOdZLjGtZR/v3iuOgpfv/csj+CkP8Zc3VQR0cOrrGNU
ZfgFR656kuJSf9H1a8Jyd4U2sekj/FifH4J6Zig+4iRCkVKb5HCTyP6+rxXBg18S
y7Y+3zoHuY4y+ZW8N3EQfI61QQmmzBxydjTuCwv2md89dbvZXga9fKjE2yf2heEv
b5ah19Bgt9uasXLheME+LWKudhUi4xCJgsngpjjLBPy37B2oLk69TwLUMJSZgS5Y
n6hgffDHaKX9OwTWnFTait5DkBmKIzWwjLZU1OzHeDezEU5+Gie2xG2rkQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFG7EO00DDnfVJ3RLzzOGvfzW0B4gMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvYnNRN1RRTU9kOVVuZEV2UE00YTlfTmJRSGlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAH689e/7V1DUuDjqByvR
NfpWzIl5F9c4L5Rhs4/4cqGApRGbvIzQLUW96+9JIo5nHW+qMd7eY7pEgRsKLW1h
57AXxdF8/66ITIjQd+Ivn3mZyvlbkdwBTDCv63C/gGw1uiPYCqNon8ncCO/BeX/u
vxF6qpNHhMrlgBHuBWUtN9DNeHrtdvcdMTd8yqEBtDC16YeL5TvFnkgAa2SPTzQS
ocZPjCm7Hxg8+dVyczeJIPfuUxe5n6zkADYtDLX2vrrXZH3NK8XrWf6Xf2hpgbUz
CDZrbgrU2A7Rk23PCFSnbkmwzYcz4M3ImT1fbumUwukVZpTxQ3p9iQ1S2KHVobyy
b5c=
-----END CERTIFICATE-----