Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/lQcjFG1VxmsWvgpZxccUf76VOUA.roa
File:                     lQcjFG1VxmsWvgpZxccUf76VOUA.roa (raw, json)
Hash identifier:          14NgYLozBMiFYPTIbTgciOoxra2CwX4lSmn9YwXBJ/E=
Subject key identifier:   95:07:23:14:6D:55:C6:6B:16:BE:0A:59:C5:C7:14:7F:BE:95:39:40
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187A6ED98D02DF16B6AEA1ED438567F7816
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/lQcjFG1VxmsWvgpZxccUf76VOUA.roa
Signing time:             Sat 22 Apr 2023 03:06:41 +0000
ROA not before:           Sat 22 Apr 2023 03:06:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:a6ec:f9bd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:a6:ed:98:d0:2d:f1:6b:6a:ea:1e:d4:38:56:7f:78:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 22 03:06:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=950723146d55c66b16be0a59c5c7147fbe953940
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:f4:e1:aa:e6:b6:bd:8c:b0:21:e3:56:d4:aa:
                    a2:cf:6e:32:7f:22:54:93:45:c0:ff:92:4d:05:9a:
                    85:3c:64:58:3b:57:b4:e7:8d:18:76:17:0f:bb:6d:
                    fc:a6:f0:fb:9c:52:a8:fd:1a:80:3b:a1:c7:aa:11:
                    ce:8b:22:08:d9:8a:cd:59:7d:30:5e:5d:45:50:38:
                    9b:8e:31:b6:70:77:f1:d9:a3:b3:73:3a:e5:1b:ec:
                    a3:22:ef:af:35:db:38:84:e1:96:28:61:12:dd:d9:
                    6d:31:43:52:b7:6b:92:66:ea:e5:e0:06:51:93:3e:
                    13:15:a8:91:81:a3:bb:3d:dd:80:b5:a5:21:e2:ac:
                    d0:27:63:21:b5:c3:7f:2e:46:f7:b6:4f:8f:cc:d6:
                    94:2a:88:31:7f:c8:ae:cc:ca:b2:35:82:94:09:20:
                    b7:05:bd:31:30:95:6c:e4:a2:d9:3c:2d:60:8e:50:
                    e4:12:ed:27:d1:57:67:a7:6f:c7:84:a2:33:9d:26:
                    41:68:9b:59:98:65:6e:d8:8d:f7:3e:ba:9d:45:ff:
                    90:05:e9:b1:3b:3b:be:1f:a1:fa:f8:ea:9a:93:44:
                    9a:e8:f7:51:7b:5e:53:fe:4a:eb:bf:23:ef:eb:55:
                    7b:63:6e:99:9b:11:33:34:54:06:52:2d:1e:e3:4c:
                    94:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:07:23:14:6D:55:C6:6B:16:BE:0A:59:C5:C7:14:7F:BE:95:39:40
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/lQcjFG1VxmsWvgpZxccUf76VOUA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:a0:9e:45:e2:bf:b8:76:36:31:0b:df:9c:ac:55:82:be:67:
         7b:3c:83:6e:aa:f2:c3:d0:e2:c2:48:1f:4c:96:ae:e9:33:4a:
         b0:be:96:bd:6b:c6:e9:ef:73:0c:48:6f:52:3e:4a:52:0c:50:
         cf:fa:05:b7:c4:79:93:5d:19:78:5c:c9:ea:ba:f2:37:80:05:
         b3:d0:c7:6a:46:b7:45:08:a3:7c:b0:0e:e6:76:34:f4:99:b3:
         54:08:f7:80:3d:2d:ae:5a:a9:b1:9e:07:15:e9:63:91:94:da:
         05:d2:63:ef:ad:4e:ef:85:fb:48:f4:b5:96:fc:3c:d2:12:1a:
         7e:c0:c9:b9:c6:09:25:5a:77:f2:fc:44:3d:81:c5:76:3e:8d:
         e4:b4:07:83:a3:b0:e9:59:07:b1:44:3c:fe:46:32:b3:58:9e:
         6e:2f:19:63:ca:0d:23:72:65:f8:df:a2:0a:a6:80:a6:ca:77:
         05:3f:d8:2a:36:e5:07:16:e3:30:b8:6b:a8:79:c4:35:d8:5f:
         41:e5:df:fe:dc:75:0b:9c:5a:9f:cc:f2:9a:e9:a9:74:e3:6c:
         9e:ca:5a:98:18:22:cf:7b:a1:52:9d:aa:f6:8f:f4:c2:17:51:
         ca:47:82:9a:b2:90:1f:c5:14:8f:28:06:ef:6e:32:5f:89:bf:
         b4:a6:d5:4e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYem7ZjQLfFrauoe1DhWf3gWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDIyMDMwNjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTA3MjMxNDZkNTVjNjZiMTZiZTBhNTljNWM3MTQ3ZmJlOTUzOTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApfThqua2vYywIeNW1Kqiz24yfyJU
k0XA/5JNBZqFPGRYO1e0540YdhcPu238pvD7nFKo/RqAO6HHqhHOiyII2YrNWX0w
Xl1FUDibjjG2cHfx2aOzczrlG+yjIu+vNds4hOGWKGES3dltMUNSt2uSZurl4AZR
kz4TFaiRgaO7Pd2AtaUh4qzQJ2MhtcN/Lkb3tk+PzNaUKogxf8iuzMqyNYKUCSC3
Bb0xMJVs5KLZPC1gjlDkEu0n0Vdnp2/HhKIznSZBaJtZmGVu2I33PrqdRf+QBemx
Ozu+H6H6+Oqak0Sa6PdRe15T/krrvyPv61V7Y26ZmxEzNFQGUi0e40yUlQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJUHIxRtVcZrFr4KWcXHFH++lTlAMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbFFjakZHMVZ4bXNXdmdwWnhjY1VmNzZWT1VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJ6gnkXiv7h2NjEL35ys
VYK+Z3s8g26q8sPQ4sJIH0yWrukzSrC+lr1rxunvcwxIb1I+SlIMUM/6BbfEeZNd
GXhcyeq68jeABbPQx2pGt0UIo3ywDuZ2NPSZs1QI94A9La5aqbGeBxXpY5GU2gXS
Y++tTu+F+0j0tZb8PNISGn7AybnGCSVad/L8RD2BxXY+jeS0B4OjsOlZB7FEPP5G
MrNYnm4vGWPKDSNyZfjfogqmgKbKdwU/2Co25QcW4zC4a6h5xDXYX0Hl3/7cdQuc
Wp/M8prpqXTjbJ7KWpgYIs97oVKdqvaP9MIXUcpHgpqykB/FFI8oBu9uMl+Jv7Sm
1U4=
-----END CERTIFICATE-----