Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/q2Lq_Vuo5xnNo8-fk2S1Ii5Gqpg.roa
File:                     q2Lq_Vuo5xnNo8-fk2S1Ii5Gqpg.roa (raw, json)
Hash identifier:          L0I6Ycm9885pcx7G962DVUhmF3QJjHTjJCI6t7jrI6I=
Subject key identifier:   AB:62:EA:FD:5B:A8:E7:19:CD:A3:CF:9F:93:64:B5:22:2E:46:AA:98
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186E37AE524347439A30E5D68652DD67E65
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/q2Lq_Vuo5xnNo8-fk2S1Ii5Gqpg.roa
Signing time:             Wed 15 Mar 2023 04:15:27 +0000
ROA not before:           Wed 15 Mar 2023 04:15:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:e3:7a:e5:24:34:74:39:a3:0e:5d:68:65:2d:d6:7e:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 15 04:15:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ab62eafd5ba8e719cda3cf9f9364b5222e46aa98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e1:f3:82:6f:08:9c:17:1c:d2:91:9b:5b:56:
                    b6:68:66:f5:a7:90:da:bd:3b:fc:8f:a7:ac:20:dc:
                    f4:f9:01:36:dd:be:64:f6:80:1d:a5:72:9f:52:e8:
                    31:dc:aa:d7:2f:e6:fa:b4:0d:ab:66:cf:22:46:5f:
                    7a:c0:e6:0c:64:7a:75:53:9e:7a:14:aa:9f:3a:84:
                    cb:0f:a9:f5:f8:b5:c0:70:c2:24:f5:af:b3:3b:dd:
                    a1:24:7c:55:c0:36:59:6c:cc:b5:4b:22:17:73:f6:
                    7e:18:1d:ff:bd:ba:f8:88:7b:bb:75:10:57:8e:0f:
                    9a:04:cc:3c:1b:84:a3:5c:89:1c:9f:09:fe:1c:4a:
                    51:b3:ed:11:2a:d7:35:49:67:34:36:79:d2:82:a0:
                    e2:a5:7a:59:ea:c3:36:90:1d:de:37:48:cb:7c:e0:
                    ab:26:2b:d0:83:5a:67:e1:48:d7:26:1a:05:8c:9c:
                    f6:11:58:93:fe:06:f8:90:0c:32:2d:c5:21:c7:69:
                    4a:9e:28:31:92:8d:78:9e:53:85:04:fa:6f:a0:01:
                    df:b5:9c:6d:09:6f:ef:f7:a7:2c:50:cd:0b:a3:87:
                    d2:26:93:bc:b8:4b:cf:64:da:5e:bf:f7:9b:c2:c4:
                    d1:c8:bf:5b:aa:ca:75:ab:5e:e2:e3:c7:28:4d:e3:
                    20:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:62:EA:FD:5B:A8:E7:19:CD:A3:CF:9F:93:64:B5:22:2E:46:AA:98
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/q2Lq_Vuo5xnNo8-fk2S1Ii5Gqpg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         63:91:31:0b:66:75:d3:dd:a2:1b:78:9a:9c:dd:f8:3a:54:18:
         d4:ff:26:9b:da:d4:3c:4f:b1:e4:97:b4:ed:5c:cb:fc:95:ec:
         e2:15:22:fb:f4:bc:21:f7:4b:26:6a:e2:62:d5:12:22:f2:ad:
         92:3e:d4:54:8c:9c:da:7a:ab:be:01:69:0f:5c:eb:51:ff:7f:
         2b:90:a2:d0:e0:18:89:3e:7f:86:ad:e0:74:74:09:66:11:d9:
         35:3f:2b:c7:b3:16:4b:a9:20:b2:6c:49:92:e2:25:73:be:78:
         83:1f:d9:c0:f3:7b:db:c6:23:0e:2c:7b:5c:d4:a3:85:d5:a1:
         35:0c:5a:63:11:e9:8d:d0:6d:1d:9f:8e:59:73:58:27:6b:ca:
         df:46:e9:57:f2:b8:31:17:ae:85:fb:49:2d:d3:2e:fa:b0:2f:
         e6:93:ae:e7:03:bb:2f:e6:ef:69:97:80:f1:e2:bd:9e:b3:a9:
         d3:8c:27:d4:40:32:a0:88:8d:c1:08:fb:de:7c:93:27:b5:42:
         05:28:d8:d6:e3:96:3a:b1:81:da:46:45:16:e5:b4:b5:48:e7:
         2e:7f:d5:a9:0a:fe:98:51:33:98:16:2e:cb:ca:fa:3d:d8:38:
         cb:3a:96:60:c4:a4:7c:94:3c:83:7e:e0:2c:cf:5e:d5:75:95:
         39:7e:18:2d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbjeuUkNHQ5ow5daGUt1n5lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzE1MDQxNTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjYyZWFmZDViYThlNzE5Y2RhM2NmOWY5MzY0YjUyMjJlNDZhYTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOHzgm8InBcc0pGbW1a2aGb1p5Da
vTv8j6esINz0+QE23b5k9oAdpXKfUugx3KrXL+b6tA2rZs8iRl96wOYMZHp1U556
FKqfOoTLD6n1+LXAcMIk9a+zO92hJHxVwDZZbMy1SyIXc/Z+GB3/vbr4iHu7dRBX
jg+aBMw8G4SjXIkcnwn+HEpRs+0RKtc1SWc0NnnSgqDipXpZ6sM2kB3eN0jLfOCr
JivQg1pn4UjXJhoFjJz2EViT/gb4kAwyLcUhx2lKnigxko14nlOFBPpvoAHftZxt
CW/v96csUM0Lo4fSJpO8uEvPZNpev/ebwsTRyL9bqsp1q17i48coTeMgxQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKti6v1bqOcZzaPPn5NktSIuRqqYMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcTJMcV9WdW81eG5ObzgtZmsyUzFJaTVHcXBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGORMQtmddPdoht4mpzd
+DpUGNT/Jpva1DxPseSXtO1cy/yV7OIVIvv0vCH3SyZq4mLVEiLyrZI+1FSMnNp6
q74BaQ9c61H/fyuQotDgGIk+f4at4HR0CWYR2TU/K8ezFkupILJsSZLiJXO+eIMf
2cDze9vGIw4se1zUo4XVoTUMWmMR6Y3QbR2fjllzWCdryt9G6VfyuDEXroX7SS3T
LvqwL+aTrucDuy/m72mXgPHivZ6zqdOMJ9RAMqCIjcEI+958kye1QgUo2Nbjljqx
gdpGRRbltLVI5y5/1akK/phRM5gWLsvK+j3YOMs6lmDEpHyUPIN+4CzPXtV1lTl+
GC0=
-----END CERTIFICATE-----