Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/fq6y2ljdsE2PE87JaJLHJ8PgD8g.roa
File:                     fq6y2ljdsE2PE87JaJLHJ8PgD8g.roa (raw, json)
Hash identifier:          1Fqnb+U+rUwNvtb5V/Zf+JR3c/T/g5Ljp1ziCO+ouDg=
Subject key identifier:   7E:AE:B2:DA:58:DD:B0:4D:8F:13:CE:C9:68:92:C7:27:C3:E0:0F:C8
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187307B240C13B6FFEE819272845262AB4E
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/fq6y2ljdsE2PE87JaJLHJ8PgD8g.roa
Signing time:             Thu 30 Mar 2023 03:06:29 +0000
ROA not before:           Thu 30 Mar 2023 03:06:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:187:307b:7bb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:30:7b:24:0c:13:b6:ff:ee:81:92:72:84:52:62:ab:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 30 03:06:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7eaeb2da58ddb04d8f13cec96892c727c3e00fc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:c4:53:2d:0c:3b:0c:54:44:af:5c:d8:8d:98:
                    3e:06:51:e2:f0:ed:c0:02:b5:d2:e9:29:dc:fb:52:
                    0a:3f:f5:cb:68:11:c2:9d:d9:74:68:4c:3c:7b:29:
                    57:f8:e8:91:d5:18:bc:c9:62:fe:76:09:40:aa:75:
                    07:db:8b:af:be:de:75:eb:72:d5:26:31:fa:85:9c:
                    12:77:56:3a:36:40:16:24:5a:f7:14:98:03:4a:ba:
                    41:5c:26:77:b8:76:fe:a7:43:7b:d0:e8:2f:c8:4c:
                    3f:cb:a7:b7:aa:52:d4:df:7e:7d:3e:c3:01:9f:c6:
                    80:f9:a4:dd:72:ad:bd:98:1b:9c:a9:51:16:6a:4c:
                    e6:c3:fa:31:b5:c0:4e:8a:87:f7:65:61:d3:d7:50:
                    9b:de:25:15:5c:e2:77:e0:bc:8e:df:fa:db:b9:e0:
                    2a:ca:14:d1:43:4b:63:b5:b5:89:17:96:67:5c:d4:
                    27:bc:b5:a2:dc:c5:24:a3:30:ce:75:03:1c:e9:5f:
                    a9:0f:e6:98:70:47:91:a2:6f:4b:d1:e3:d6:8e:19:
                    8b:79:e8:49:4a:54:ff:1b:38:91:a8:0d:43:82:19:
                    26:4b:34:7b:39:c3:1c:0f:5c:2f:3d:5c:0e:47:57:
                    15:ab:57:d9:5f:a6:bf:dc:61:d7:b1:b2:46:1d:7f:
                    10:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:AE:B2:DA:58:DD:B0:4D:8F:13:CE:C9:68:92:C7:27:C3:E0:0F:C8
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/fq6y2ljdsE2PE87JaJLHJ8PgD8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         62:19:a3:c2:c8:bb:2b:44:ca:ff:49:d0:4d:f0:7a:8b:29:df:
         ab:bf:69:14:46:dd:b5:ff:17:3f:26:52:12:91:12:33:9d:6f:
         b6:5c:e8:f0:6b:d1:23:19:f4:33:06:82:da:be:52:53:cd:4e:
         c6:7b:01:f1:15:0b:f5:ba:12:df:a9:4b:6c:29:37:d8:30:3a:
         45:f8:83:72:e3:cb:d5:f5:3b:5e:67:e2:ca:db:13:d3:13:b9:
         37:5e:65:97:b4:53:9a:85:d4:df:d3:2a:bc:39:f5:48:84:61:
         05:a7:b1:52:0e:b0:47:00:c4:81:bb:19:37:be:5b:7d:23:c4:
         b9:95:13:88:3f:72:ed:55:d4:ab:c5:83:ea:a8:04:21:3b:13:
         e6:9b:86:9e:fd:c2:13:0d:88:ff:f3:32:a1:18:8d:2b:cb:de:
         3e:0f:64:de:03:23:26:5c:da:a4:43:80:4c:7a:ce:26:7b:4c:
         8b:74:a9:ea:6b:97:94:86:46:e9:30:cf:d0:64:c8:b2:7d:4a:
         02:ac:a3:af:2e:04:40:fd:46:09:24:04:86:61:d1:21:52:28:
         52:9b:7d:b7:9e:7c:1b:31:63:2d:5b:98:25:72:df:ff:7f:bf:
         1b:cc:ab:03:9b:81:34:68:31:d5:02:a8:f5:f5:ca:6f:c8:b5:
         63:4f:b8:f4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcweyQME7b/7oGScoRSYqtOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzMwMDMwNjI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWFlYjJkYTU4ZGRiMDRkOGYxM2NlYzk2ODkyYzcyN2MzZTAwZmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiMRTLQw7DFREr1zYjZg+BlHi8O3A
ArXS6Snc+1IKP/XLaBHCndl0aEw8eylX+OiR1Ri8yWL+dglAqnUH24uvvt5163LV
JjH6hZwSd1Y6NkAWJFr3FJgDSrpBXCZ3uHb+p0N70OgvyEw/y6e3qlLU3359PsMB
n8aA+aTdcq29mBucqVEWakzmw/oxtcBOiof3ZWHT11Cb3iUVXOJ34LyO3/rbueAq
yhTRQ0tjtbWJF5ZnXNQnvLWi3MUkozDOdQMc6V+pD+aYcEeRom9L0ePWjhmLeehJ
SlT/GziRqA1DghkmSzR7OcMcD1wvPVwOR1cVq1fZX6a/3GHXsbJGHX8QvQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFH6ustpY3bBNjxPOyWiSxyfD4A/IMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvZnE2eTJsamRzRTJQRTg3SmFKTEhKOFBnRDhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGIZo8LIuytEyv9J0E3w
eosp36u/aRRG3bX/Fz8mUhKREjOdb7Zc6PBr0SMZ9DMGgtq+UlPNTsZ7AfEVC/W6
Et+pS2wpN9gwOkX4g3Ljy9X1O15n4srbE9MTuTdeZZe0U5qF1N/TKrw59UiEYQWn
sVIOsEcAxIG7GTe+W30jxLmVE4g/cu1V1KvFg+qoBCE7E+abhp79whMNiP/zMqEY
jSvL3j4PZN4DIyZc2qRDgEx6ziZ7TIt0qeprl5SGRukwz9BkyLJ9SgKso68uBED9
RgkkBIZh0SFSKFKbfbeefBsxYy1bmCVy3/9/vxvMqwObgTRoMdUCqPX1ym/ItWNP
uPQ=
-----END CERTIFICATE-----