Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cq9vFu2f5FieWjX40YWpDoQAdIc.roa
File:                     cq9vFu2f5FieWjX40YWpDoQAdIc.roa (raw, json)
Hash identifier:          wPdD6SHHZN46fwkxGdVcPB0n5d4mabNlAWniRbNVcNc=
Subject key identifier:   72:AF:6F:16:ED:9F:E4:58:9E:5A:35:F8:D1:85:A9:0E:84:00:74:87
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187FCC482ACD317C788E94796C00A5665E1
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cq9vFu2f5FieWjX40YWpDoQAdIc.roa
Signing time:             Mon 08 May 2023 19:09:09 +0000
ROA not before:           Mon 08 May 2023 19:09:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:fc:c4:82:ac:d3:17:c7:88:e9:47:96:c0:0a:56:65:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  8 19:09:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=72af6f16ed9fe4589e5a35f8d185a90e84007487
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:f2:4e:95:b5:41:5b:4c:97:d2:97:e7:56:78:
                    3f:b5:e3:bf:2e:b1:c4:89:4f:91:b0:20:5c:fb:17:
                    8d:ec:9b:d5:0f:3d:6b:6e:78:92:0d:41:35:ef:91:
                    da:5c:40:cb:ca:cc:1e:d8:51:87:77:65:3d:f7:33:
                    0c:67:9b:a2:6e:91:12:c3:50:44:69:96:f7:8b:24:
                    a4:ab:ba:94:a0:fe:56:ac:17:f6:40:a6:11:5d:7b:
                    25:43:50:f3:aa:f9:6a:f4:2e:f4:1f:94:76:34:a8:
                    b6:fa:ee:82:a3:82:5f:d9:0f:9f:13:f3:27:b6:c8:
                    2a:6a:2d:e0:f5:52:aa:4b:da:7d:e3:cf:41:f0:38:
                    18:e9:07:9b:63:22:2c:f2:e8:d1:7a:db:23:6e:42:
                    68:56:1d:9e:d3:49:16:54:31:20:0e:a1:18:f6:d1:
                    7e:e9:31:ac:b2:07:59:4e:1e:9d:fa:fc:1b:0d:f9:
                    58:cb:48:e7:7a:14:05:ea:41:c6:53:14:f5:e5:22:
                    22:27:78:d8:b1:21:48:75:ad:47:54:a5:ce:a8:84:
                    85:45:17:13:e5:87:eb:7c:42:62:7a:2a:7e:88:34:
                    24:4f:dd:6d:47:cd:6c:58:e9:03:7c:9f:5b:d4:76:
                    60:4a:b2:ca:15:82:1c:e4:13:b1:e2:31:77:ec:65:
                    7b:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:AF:6F:16:ED:9F:E4:58:9E:5A:35:F8:D1:85:A9:0E:84:00:74:87
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cq9vFu2f5FieWjX40YWpDoQAdIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         13:00:8e:e3:42:8c:73:0e:ab:37:43:69:5b:9a:cb:50:7a:8b:
         5c:b7:86:a5:8f:72:b1:7b:ce:e7:e7:ff:bf:94:f2:7c:23:d1:
         a2:e0:aa:14:d6:eb:a1:84:f6:76:b8:ca:8a:54:eb:20:48:1d:
         de:01:45:3b:e3:46:3a:2d:3c:32:da:95:b3:6c:65:ac:f1:bc:
         d7:e9:b2:29:15:d6:6a:8c:6d:1a:73:dd:af:ed:1b:30:05:28:
         f0:8f:be:8a:6c:ad:83:48:d9:fc:7c:69:48:e2:6f:4e:9d:b0:
         2d:c2:30:94:2b:1f:f1:a3:a9:d1:47:19:c5:7a:8f:19:b3:c1:
         c8:7f:6f:21:c8:09:a8:80:25:79:24:9e:4b:fb:2c:d3:d2:9b:
         8a:e5:c3:42:23:8d:d6:6f:89:6a:f7:bf:4c:ca:b6:40:9c:dc:
         7c:1d:2f:03:23:27:ac:eb:bd:3a:d5:94:4d:e2:0e:78:30:2b:
         0f:f5:74:b8:cd:eb:77:2b:f7:16:bb:bd:6e:32:5c:ec:e1:ee:
         18:45:68:4e:aa:49:68:c1:ea:84:9f:ca:f4:dd:82:e5:82:da:
         42:65:3f:da:7a:29:85:15:b1:66:89:aa:94:a7:86:b2:cb:24:
         68:2f:ed:21:9e:65:e0:24:2f:9f:a4:ae:e1:c1:bb:97:26:13:
         94:30:5f:a5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYf8xIKs0xfHiOlHlsAKVmXhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA4MTkwOTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmFmNmYxNmVkOWZlNDU4OWU1YTM1ZjhkMTg1YTkwZTg0MDA3NDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAufJOlbVBW0yX0pfnVng/teO/LrHE
iU+RsCBc+xeN7JvVDz1rbniSDUE175HaXEDLyswe2FGHd2U99zMMZ5uibpESw1BE
aZb3iySkq7qUoP5WrBf2QKYRXXslQ1Dzqvlq9C70H5R2NKi2+u6Co4Jf2Q+fE/Mn
tsgqai3g9VKqS9p9489B8DgY6QebYyIs8ujRetsjbkJoVh2e00kWVDEgDqEY9tF+
6TGssgdZTh6d+vwbDflYy0jnehQF6kHGUxT15SIiJ3jYsSFIda1HVKXOqISFRRcT
5YfrfEJieip+iDQkT91tR81sWOkDfJ9b1HZgSrLKFYIc5BOx4jF37GV7aQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHKvbxbtn+RYnlo1+NGFqQ6EAHSHMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvY3E5dkZ1MmY1RmllV2pYNDBZV3BEb1FBZEljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABMAjuNCjHMOqzdDaVua
y1B6i1y3hqWPcrF7zufn/7+U8nwj0aLgqhTW66GE9na4yopU6yBIHd4BRTvjRjot
PDLalbNsZazxvNfpsikV1mqMbRpz3a/tGzAFKPCPvopsrYNI2fx8aUjib06dsC3C
MJQrH/GjqdFHGcV6jxmzwch/byHICaiAJXkknkv7LNPSm4rlw0IjjdZviWr3v0zK
tkCc3HwdLwMjJ6zrvTrVlE3iDngwKw/1dLjN63cr9xa7vW4yXOzh7hhFaE6qSWjB
6oSfyvTdguWC2kJlP9p6KYUVsWaJqpSnhrLLJGgv7SGeZeAkL5+kruHBu5cmE5Qw
X6U=
-----END CERTIFICATE-----